Posted by Kirin_Lin@drupa... on September 29, 2007 at 3:40pm
| Project: | Secure Site |
| Version: | 5.x-1.x-dev |
| Component: | Code |
| Category: | bug report |
| Priority: | critical |
| Assigned: | Unassigned |
| Status: | closed (fixed) |
Issue Summary
Because function request_uri() doesn't return the protocol and host like http://www.example.com/cron.php.
If we set$base_url = 'http://www.example.com';
, the by pass will be failed.
So, the old method is better.
if (!$securesite_enabled || strstr(request_uri(),'cron.php')) {
return;
}
Comments
#1
I think this issue again, maybe this one can be used:
// bypass cron.php
$corn_uri = preg_replace('/^(http|https):\/\/[\d\w.:]*/i','',$base_url .'/cron.php');
if (!$securesite_enabled || request_uri() == $corn_uri) {
return;
}
#2
the pattern should be
/^(http|https):\/\/[\d\w.-:]*/i
I forgot the hyphen(-).
#3
I think this check is completely faulty. request_uri() does not contain the domain, so the $base_url should not be looked for in it as far as I see. The cron is only able to run with this modification our my site.
// Gabor: $base_url removed as our request_uri() does not contain that.if (!$securesite_enabled || request_uri() == /*$base_url .*/'/cron.php') {
Look at http://api.drupal.org/api/function/request_uri/5 and see for yourself. Although I am a fresh user of this module, this kind of error does not give that good an impression. This is a quite basic functionality which should not be broken.
#4
Patch with a simple fix, using
$base_path.#5
Committed to dev.
#6
Automatically closed -- issue fixed for two weeks with no activity.