Download & Extend
Secure Pages » Issues

URL aliases are ignored

Posted by pheinrich on January 19, 2008 at 8:59am
Project:Secure Pages
Version:5.x-1.7
Component:Code
Category:bug report
Priority:normal
Assigned:Unassigned
Status:closed (won't fix)

Issue Summary

Nodes with URL aliases are never matched (whether set manually or via Pathauto). Only a node's original URL may be specified for inclusion or exclusion. For example, if node #50 has a url alias of 'test', the following inclusion list will not protect it:

test
node/add*
node/*/edit
user/*
admin*
user

However, changing the first entry to the original path works:

node/50
node/add*
node/*/edit
user/*
admin*
user

This is not the case for views, whose paths seem to work fine.

Login or register to post comments

Comments

#1

Posted by pheinrich on January 25, 2008 at 11:33pm

This was a relatively easy fix (assuming I'm not missing something obvious). I've seen others request this functionality; here's my change, in case it helps someone else:

271c271,278
< return !($secure xor preg_match($regexp, $path)) ? 1 : 0;
---
>
> $result = preg_match($regexp, $path);
> if (function_exists('drupal_get_path_alias')) {
> $path_alias = drupal_get_path_alias($_GET['q']);
> $result |= preg_match($regexp, $path_alias);
> }
>
> return ($secure xor $result) ? 0 : 1;

#2

Posted by ashtonium on April 15, 2008 at 5:10pm
Version:5.x-1.6» 5.x-1.x-dev
Status:active» needs review

Here's a patch file (against the latest 5.x-1.x-dev) with some changes:

  1. drupal_get_path_alias should test the passed value of $path instead of $_GET['q'] because the securepages_match function is used for more than just the current browser URL
  2. I've change the logic on the return statement back to defaulting to 0 as it was before. I don't think that change pertains to this issue and so should be submitted as a separate issue if you feel that it needs to be modified.
AttachmentSize
securepages.module.check-path-alias-0.patch 761 bytes

#3

Posted by Leeteq on October 31, 2008 at 11:28am

See also: "Securepages does not work with Clean URLs enabled"
http://drupal.org/node/206864

#4

Posted by PaulWood on November 22, 2008 at 12:02am

pheinrich,

Do you plan to incorporate this logic into a future revision of Secure Pages?

#5

Posted by vivianspencer on December 11, 2008 at 6:58pm

This patch works beautifully for me, a lot pages on my site weren't being secured until I installed this patch

many thanks

#6

Posted by easp on December 30, 2008 at 9:35pm

The patch also worked for me. I applied the patch to securepages-6.x-1.7-beta2 and it fixed my alias problems. Many thanks!

#7

Posted by mrfelton on March 18, 2009 at 3:15pm

patch at #2 also works for me on drupal 6. Can we get this committed in both version please?

#8

Posted by sgriffin on April 7, 2009 at 4:34pm

Bump, this patch is still not committed to 5 head.

#9

Posted by jschrab on April 9, 2009 at 9:14pm
Version:5.x-1.x-dev» 6.x-1.7

I too have had need to apply this patch to 6.x-1.7 (release, not beta) to make Secure Pages work like I expect.

#10

Posted by amariotti on April 30, 2009 at 3:18pm

Please apply this patch to the latest versions. It worked perfectly and allows the functionality that should be there. Thanks a bunch!

#11

Posted by gordon on May 3, 2009 at 11:00pm
Status:needs review» fixed

Thanks I have committed this to dev

#12

Posted by ashtonium on May 4, 2009 at 3:17pm
Version:6.x-1.7» 5.x-1.7
Status:fixed» reviewed & tested by the community

Thanks for committing this to the 6.x branch. Can we get it committed to 5.x as well?

The patch was actually written against the 5.x branch. I just tested and it still applies cleanly with some line offset.

#13

Posted by mrfelton on February 26, 2010 at 11:44am
Status:reviewed & tested by the community» patch (to be ported)

For reference: I think http://drupal.org/node/206864#comment-2649468 is related to the the change that was made in this patch.

#14

Posted by grendzy on August 22, 2011 at 9:17pm
Status:patch (to be ported)» closed (won't fix)

The 5.x branch is no longer supported. If this issue is still present in a current version of Secure Pages, please update the issue summary, change the version field, and re-open the issue.

nobody click here