Posted by pbosmans on October 14, 2009 at 9:16pm
| Project: | Secure Pages |
| Version: | 6.x-1.8 |
| Component: | Code |
| Category: | bug report |
| Priority: | critical |
| Assigned: | paulbooker |
| Status: | needs review |
Issue Summary
When i disable the secure page and goto the next URL , the underlaying og-forum with web file manager worked well with this URL
http://www.mysite.com/cms/?q=node/add/forum/28&gids[]=33
Then is enable the secure page, then de URL will be reformed to.
https://www.mysite.com/cms/node/add/forum/28?gids=gids%255B0%255D%3D33
Here i get a warning in the og-forum with web file manager and the web file manager isn't working right.
Comments
#1
Confirmed... and marking as critical since any module that needs a query string passed between http and https pages is broken by this bug. See this includes Organic Groups as per #705788: Create page/Create story from og page throws "Passed variable not array" warning.
Essentially, the Secure Pages module is mashing the querystring by escaping when it shouldn't across the change in security context.
Had to disable Secure Pages on node add/edit pages to allow OG to work for group members posting content.
#2
Interesting , i'll take a look at this tomorrow Jim
#3
I am experiencing the same problem. I have enabled Secure Pages 6.x-1.8 and had initially set the following pages to be secure:
node/add/*
node/*/edit
When users went to add content to a group (via organic groups) the links would break and the content would not be related to the group it was meant to be created in.
In the related issue http://drupal.org/node/705788, pgillis suggests "You set the security level the same on both sides of the link. Meaning the view page is secure along with the add page or neither of them are secure." Has anyone else implemented this on their site? I would assume I would need to secure every group (group/*) and every type of content (blog/* wiki/* etc) and also every view for each content (group/*/blogs).
I haven't tried that yet (the problem with playing with the Secure Pages module is that it's all on your live site!) - I'm hoping that someone might be working on a solution to this.
Thanks,
Kristin
#4
A patch is attached to fix the query string handling in 6.x-1.8. It looks like a fix was committed to CVS as well, but I really don't trust that one either.