Posted by mikestefff on September 2, 2009 at 6:59pm
| Project: | Secure Pages |
| Version: | 7.x-1.x-dev |
| Component: | Code |
| Category: | bug report |
| Priority: | normal |
| Assigned: | grendzy |
| Status: | needs review |
Issue Summary
I want every page secure. So I checked "Make secure every page except the listed pages." and left the listed pages blank. Logically, that should do it. But it doesn't. So to achieve what I want, I had to check "Make secure only the listed pages." and leave a * in the listed below. It works that way but obviously there is something wrong in the module. I haven't looked at the source yet to determine the issue.
Comments
#1
My guess at first glance..
function securepages_match($path) {
/**
* Check to see if the page matches the current settings
*/
$secure = variable_get('securepages_secure', 1);
$pages = variable_get('securepages_pages', "node/add*\nnode/*/edit\nuser/*\nadmin*");
$ignore = variable_get('securepages_ignore', "*/autocomplete/*\n*/ajax/*");
if ($ignore) {
$regexp = '/^('. preg_replace(array('/(\r\n?|\n)/', '/\\\\\*/', '/(^|\|)\\\\<front\\\\>($|\|)/'), array('|', '.*', '\1'. preg_quote(variable_get('site_frontpage', 'node'), '/') .'\2'), preg_quote($ignore, '/')) .')$/';
if (preg_match($regexp, $path)) {
return securepages_is_secure() ? 1 : 0;
}
}
/********
*** THIS IF STATEMENT BELOW ***
********/
if ($pages) {
$regexp = '/^('. preg_replace(array('/(\r\n?|\n)/', '/\\\\\*/', '/(^|\|)\\\\<front\\\\>($|\|)/'), array('|', '.*', '\1'. preg_quote(variable_get('site_frontpage', 'node'), '/') .'\2'), preg_quote($pages, '/')) .')$/';
$result = preg_match($regexp, $path);
if (function_exists('drupal_get_path_alias')) {
$path_alias = drupal_get_path_alias($path);
$result |= preg_match($regexp, $path_alias);
}
return !($secure xor $result) ? 1 : 0;
}
else {
return;
}
}
#2
I just want some pages secure, but I found out that my Securepages only works when there is just one page on the box. I tried with \n, same line, different line... but nothing... Any clue?
#3
Getting the same issue, fixed it by putting in a non existing page into the show all apart from box.
#4
Yeah I did the same thing too but felt it still should be address in the module.
#5
Same problem here. subscribing.
#6
Couldn't reproduce this problem.
Please reopen if your still experiencing problems and i'll see if i can help.
Best,
Paul Booker
#7
I ran into the same issue as the original poster. I have a site that I want to be delivered entirely, and exclusively, through encrypted (secure) pages, including the front page. I am unable to use a regular server redirect or other server control to force this via the server, so secure_pages is the next best solution.
I used the following base URL settings (with my actual domain, of course):
Non-secure Base URL: http://subdomain.example.com
Secure Base URL: https://subdomain.example.com
Then selected "Make secure every page except the listed pages." And listed nothing in the remaining boxes.
But pages were not redirected or forced to https versions. I tried just inserting
<front>into the list of exceptions, but that also did not fix the issue. As with the OP, I solved the issue by checking "Make secure only the listed pages." and leave a * in the list of pages. Then it works as designed.Notes on my config:
- IIS 7
- PHP 5.2x
- firewall in use
- also using the following modules that could potentially be affecting things:
Path redirect:
http://drupal.org/project/path_redirect
PathAuto:
http://drupal.org/project/pathauto
CustomError:
http://drupal.org/project/customerror
I'm happy with the solution offered by the OP as it stands now, and am not in a position to investigate the code myself, but wanted to re-open this as a bug report in case other newcomers run into the same issue.
Phil.
#8
I ran across this bug today. Here's a patch for Drupal 7 (with tests).
Since the buggy part of the code is the only part of the securepages_match() function that ever returns NULL (and as far as I can tell, it never should), this patch removes that from the allowed list of return values as well.
#9
#10
Wow! With Tests! ♥♥♥
I thought there was a reason for the tri-state return value (0,1,null). I'll check it out.