Closed (fixed)
Project:
Secure Pages Hijack Prevention
Version:
6.x-1.1
Component:
Code
Priority:
Critical
Category:
Bug report
Assigned:
Unassigned
Reporter:
Created:
12 Feb 2009 at 17:09 UTC
Updated:
2 Mar 2009 at 17:40 UTC
The module will not install correctly, nor will it allow you to login because of the following logic errors:
function securepages_prevent_hijack_enable() {
if (variable_get('securepages_enable', FALSE) && variable_get('securepages_prevent_hijack', FALSE)) {
_securepages_prevent_hijack_cookie();
}
}
Setting the variable default to FALSE here means the cookie is never set, causing the admin to be immediately logged out.
/**
* Implementation of hook_user().
*/
function securepages_prevent_hijack_user($op, &$edit, &$user, $category = NULL) {
switch ($op) {
case 'login':
if (variable_get('securepages_prevent_hijack', FALSE)) {
if (! isset($_SERVER['HTTPS'])) {
Same here.
Now, I realize while typing that I can correct this behavior by adding:
$conf['securepages_prevent_hijack'] = TRUE;
To settings.php, except that the documentation NEVER mentions this little fact.
Comments
Comment #1
grendzy commentedoof. That is bad. The variable_get was leftover from a previous version.
Can you try the latest dev release and report back?
Thanks!
Comment #2
agentrickardJust changing that should be fine. When I hardcode the change into $conf, it works as expected.
Comment #3
grendzy commented