Securepages does not do any checks in the function securepages_form_alter for , it just makes changes.

Now, I will admit I am new at this, so there probably is a better fix for this, but it seems to fix my immediate needs. I'll try to describe the problem, and then I'll supply the diff fix that I did. I have securepages and securelogin installed. When I have securepages disabled everything does fine. However, when securepages is enabled, I have the problem.

With either the login block or the /user page there is the same problem.

View the form action for the login form at http://

...

Which is correct.

Now, have a failure with the login. Because you were going to an https page, the new url is now https://... This is also expected.

However, looking at the form action it now points to

FYI, if you fail again, you are back at an http:// page and the form action is https://

Again, if securepages is OFF, this does just fine. I did some testing, and found the problem was with securepages in the function "securepages_form_alter".

Now, I have a few patches loaded - securepages.module_0.patch and securepages-284132-5.patch, so I don't know if my line number are right. (This is also my first patch submittal, so go easy on me. :) )

Basically, what I did was go to the function securepages_form_alter and go after the $path, $query, and $page_match variables are defined and before the beginning of the if's that actually change the form['#action']. There I added lines that

  1. set an empty array $securepages_ignore;
  2. get the list of securepages_ignore with the variable_get function and split it on spaces and assign those to my $securepages_ignore array.
  3. If the current $path is the needle inthe @securepages_ignore haystack, then drop out of the function.
--- securepages.module.orig     2009-03-03 09:56:16.876129200 -0500
+++ securepages.module  2009-03-04 19:49:48.730668600 -0500
@@ -196,6 +207,11 @@ function securepages_form_alter($form_id
     $path = drupal_get_normal_path($path);
     $query = drupal_query_string_encode($query);
     $page_match = securepages_match($path);
+
+               $securepages_ignore=array();
+               $securepages_ignore=preg_split('/\s+/',variable_get('securepages
_ignore'));
+               if (in_array($path,$securepages_ignore)) { return; }
+
     if ($page_match && !securepages_is_secure()) {
       $form['#action'] = securepages_url($path, $query, NULL, TRUE);
     }

Comments

dsp6855’s picture

Oops, apparently I can't do 3 lines of code right. Forgot preg_split needs another parameter - null will work - so change the line

from: $securepages_ignore=preg_split('/\s+/',variable_get('securepages_ignore'));

To: $securepages_ignore=preg_split('/\s+/',variable_get('securepages_ignore'),’’);

grendzy’s picture

Status: Needs review » Closed (won't fix)

The 5.x branch is no longer supported. If this issue is still present in a current version of Secure Pages, please update the issue summary, change the version field, and re-open the issue.