Download & Extend
Secure Pages » Issues

Blank line in securepages_secure textarea causes Homepage redirection

Posted by faction on July 23, 2008 at 4:24pm
Project:Secure Pages
Version:5.x-1.6
Component:Code
Category:bug report
Priority:normal
Assigned:Unassigned
Status:closed (duplicate)

Issue Summary

If an admin concludes his list of pages to secure with a blank line (e.g. by hitting enter after the last page on the securepages_secure list), the site's root page (e.g. /) will be identified as needing to be secure. This occurs because the path variable will be set to null, which will match up against the blank line in the securepages_secure list. The Secure Pages module will redirect to https, and append the site_frontpage drupal variable to the path. Chances are, this path will not be included in the securepages_secure list, so the site will redirect back down to http, leaving the site_frontpage path appended on.

This is problematic for several reasons: it causes problems with SEO, it slows the loading of the site's homepage, and it adds unnecessary load on the server.

It can be corrected by adding a trim() function call when retrieving the securepages_page variable (and probably the securepages_ignore variable) in the securepages_match function:

$pages = trim(variable_get('securepages_pages', "node/add*\nnode/*/edit\nuser/*\nadmin*"));
$ignore = trim(variable_get('securepages_ignore', "*/autocomplete/*\n*/ajax/*"));

Other modules require the <front> string to reference the frontpage, so removing any blank lines should not eliminate the ability to secure the frontpage, assuming you are providing that option.

Login or register to post comments

Comments

#1

Posted by DigitalFrontier... on December 28, 2008 at 2:48pm

I was experiencing an issue where it seemed that all site pages would seem to redirect to https. Upon further testing, it then appeared that it did so somewhat randomly--redirecting sometimes and sometimes not. Came across this posting and checked and sure enough I had an extra blank line at the end of my list of secure pages. Removing it seems to have cured the issues.

Thanks so much for posting this! I thought I was just losing my mind.

#2

Posted by royerd on May 19, 2009 at 3:57am

Indeed. that was the problem for me too. Remove that return at the end of the line.

#3

Posted by sanduhrs on May 30, 2009 at 11:00am
Status:active» closed (duplicate)

Marking this issue as a duplicate of #420712: Front page toggles between HTTP and HTTPS, as the other issue has a patch attached.