Home » Download » Modules » Secure Pages » Issues

URL aliases are ignored

pheinrich - January 19, 2008 - 08:59
Project:Secure Pages
Version:5.x-1.7
Component:Code
Category:bug report
Priority:normal
Assigned:Unassigned
Status:reviewed & tested by the community
Description

Nodes with URL aliases are never matched (whether set manually or via Pathauto). Only a node's original URL may be specified for inclusion or exclusion. For example, if node #50 has a url alias of 'test', the following inclusion list will not protect it:

test
node/add*
node/*/edit
user/*
admin*
user

However, changing the first entry to the original path works:

node/50
node/add*
node/*/edit
user/*
admin*
user

This is not the case for views, whose paths seem to work fine.

» Login or register to post comments

#1

pheinrich - January 25, 2008 - 23:33

This was a relatively easy fix (assuming I'm not missing something obvious). I've seen others request this functionality; here's my change, in case it helps someone else:

271c271,278
< return !($secure xor preg_match($regexp, $path)) ? 1 : 0;
---
>
> $result = preg_match($regexp, $path);
> if (function_exists('drupal_get_path_alias')) {
> $path_alias = drupal_get_path_alias($_GET['q']);
> $result |= preg_match($regexp, $path_alias);
> }
>
> return ($secure xor $result) ? 0 : 1;

Login or register to post comments

#2

ashtonium - April 15, 2008 - 17:10
Version:5.x-1.6» 5.x-1.x-dev
Status:active» needs review

Here's a patch file (against the latest 5.x-1.x-dev) with some changes:

  1. drupal_get_path_alias should test the passed value of $path instead of $_GET['q'] because the securepages_match function is used for more than just the current browser URL
  2. I've change the logic on the return statement back to defaulting to 0 as it was before. I don't think that change pertains to this issue and so should be submitted as a separate issue if you feel that it needs to be modified.
AttachmentSize
securepages.module.check-path-alias-0.patch 761 bytes
Login or register to post comments

#3

DanielTheViking - October 31, 2008 - 11:28

See also: "Securepages does not work with Clean URLs enabled"
http://drupal.org/node/206864

Login or register to post comments

#4

PaulWood - November 22, 2008 - 00:02

pheinrich,

Do you plan to incorporate this logic into a future revision of Secure Pages?

Login or register to post comments

#5

vivianspencer - December 11, 2008 - 18:58

This patch works beautifully for me, a lot pages on my site weren't being secured until I installed this patch

many thanks

Login or register to post comments

#6

easp - December 30, 2008 - 21:35

The patch also worked for me. I applied the patch to securepages-6.x-1.7-beta2 and it fixed my alias problems. Many thanks!

Login or register to post comments

#7

mrfelton - March 18, 2009 - 15:15

patch at #2 also works for me on drupal 6. Can we get this committed in both version please?

Login or register to post comments

#8

sgriffin - April 7, 2009 - 16:34

Bump, this patch is still not committed to 5 head.

Login or register to post comments

#9

jschrab - April 9, 2009 - 21:14
Version:5.x-1.x-dev» 6.x-1.7

I too have had need to apply this patch to 6.x-1.7 (release, not beta) to make Secure Pages work like I expect.

Login or register to post comments

#10

amariotti - April 30, 2009 - 15:18

Please apply this patch to the latest versions. It worked perfectly and allows the functionality that should be there. Thanks a bunch!

Login or register to post comments

#11

gordon - May 3, 2009 - 23:00
Status:needs review» fixed

Thanks I have committed this to dev

Login or register to post comments

#12

ashtonium - May 4, 2009 - 15:17
Version:6.x-1.7» 5.x-1.7
Status:fixed» reviewed & tested by the community

Thanks for committing this to the 6.x branch. Can we get it committed to 5.x as well?

The patch was actually written against the 5.x branch. I just tested and it still applies cleanly with some line offset.

Login or register to post comments
 
 

Drupal is a registered trademark of Dries Buytaert.