Securepages does not do any checks in the function securepages_form_alter for , it just makes changes.
Now, I will admit I am new at this, so there probably is a better fix for this, but it seems to fix my immediate needs. I'll try to describe the problem, and then I'll supply the diff fix that I did. I have securepages and securelogin installed. When I have securepages disabled everything does fine. However, when securepages is enabled, I have the problem.
With either the login block or the /user page there is the same problem.
View the form action for the login form at http://
...Which is correct.
Now, have a failure with the login. Because you were going to an https page, the new url is now https://... This is also expected.
However, looking at the form action it now points to
FYI, if you fail again, you are back at an http:// page and the form action is https://
Again, if securepages is OFF, this does just fine. I did some testing, and found the problem was with securepages in the function "securepages_form_alter".
Now, I have a few patches loaded - securepages.module_0.patch and securepages-284132-5.patch, so I don't know if my line number are right. (This is also my first patch submittal, so go easy on me. :) )
Basically, what I did was go to the function securepages_form_alter and go after the $path, $query, and $page_match variables are defined and before the beginning of the if's that actually change the form['#action']. There I added lines that
- set an empty array $securepages_ignore;
- get the list of securepages_ignore with the variable_get function and split it on spaces and assign those to my $securepages_ignore array.
- If the current $path is the needle inthe @securepages_ignore haystack, then drop out of the function.
--- securepages.module.orig 2009-03-03 09:56:16.876129200 -0500
+++ securepages.module 2009-03-04 19:49:48.730668600 -0500
@@ -196,6 +207,11 @@ function securepages_form_alter($form_id
$path = drupal_get_normal_path($path);
$query = drupal_query_string_encode($query);
$page_match = securepages_match($path);
+
+ $securepages_ignore=array();
+ $securepages_ignore=preg_split('/\s+/',variable_get('securepages
_ignore'));
+ if (in_array($path,$securepages_ignore)) { return; }
+
if ($page_match && !securepages_is_secure()) {
$form['#action'] = securepages_url($path, $query, NULL, TRUE);
}
Comments
Comment #1
dsp6855 commentedOops, apparently I can't do 3 lines of code right. Forgot preg_split needs another parameter - null will work - so change the line
from:
$securepages_ignore=preg_split('/\s+/',variable_get('securepages_ignore'));To:
$securepages_ignore=preg_split('/\s+/',variable_get('securepages_ignore'),’’);Comment #2
grendzy commentedThe 5.x branch is no longer supported. If this issue is still present in a current version of Secure Pages, please update the issue summary, change the version field, and re-open the issue.