[LOW:FIXED 6439:1.0.11] 1.0.9: https switchover broken

[Anonymous]

In Joomla! 1.0.0 and a few other versions, there was an elegant function to be able to access a site via http://... or via https://...

...meaning if you have $mosConfig_live_site = "http://...", and type-in the url https://... on your web-browser (and your https server is configured to serve the same directory), all links and images were also with https://...

A nice and smooth way to get into the secure part of the site on some occasions, as needed.

This doesn't work anymore in 1.0.9 (and also 1.0., but works fine in 1.0.0.

Tried to find the code doing that without luck yet. 

[pointri]

I encountered the same problem after upgrading.  Made temporary redirects in htaccess to external links on https for the time being in one site.  Probably has to do with the SEF include or the SEF mambot?

[user deleted]

Hi Beat,

Can you tell me if this is still an issue for 1.0.11?

Trying to clean up the Q&T 1.0 forum a bit 

Thanks, Robin

[Beat]

Hi Beat,

Can you tell me if this is still an issue for 1.0.11?

Trying to clean up the Q&T 1.0 forum a bit 

Thanks, Robin

Hi Robin,

Yes, this is still an issue in 1.0.11.

Actually, this is an issue in frontend and in backend. Given the new snooping hacks, it's a security issue for backend.

Best Regards,

[user deleted]

Hi Beat,

Do you think it can be considered a bug, so in other words it could also be fixed? Or would this mean some of the security work would have to be undone and new features added? Asking this, since 1.0 is closed for any new features, so I can determine if I can close this topic or not (as known issue).

[Beat]

Confirming this as a bug. It was a new feature working in Mambo 4.5.2.3 and also in early Joomla versions, and works again also in Joomla 1.5 beta.

Created artifact on forge with solution proposal and backlink to this thread.

http://forge.joomla.org/sf/go/artf6439?nav=1

[facedancer]

on it

[Beat]

on it

Cool, thanks. Nice to see so good news comming back from a few days vacation

In addition to my suggested implementation (for front-end and back-end index.php + index2.php + index3.php fiiles just after including configuration.php), you may want to take a look at joomla! 1.5 's implementation, as it would make sense to keep them similar.

[facedancer]

In Joomla! 1.0.0 and a few other versions, there was an elegant function to be able to access a site via http://... or via https://...

...meaning if you have $mosConfig_live_site = "http://...", and type-in the url https://... on your web-browser (and your https server is configured to serve the same directory), all links and images were also with https://...

A nice and smooth way to get into the secure part of the site on some occasions, as needed.

This doesn't work anymore in 1.0.9 (and also 1.0., but works fine in 1.0.0.

Tried to find the code doing that without luck yet. 

It seems... not true :P
The thing you're requesting become future request which is prohibited for 1.0.x

Let me explain.
sefRelToAbs() allows to use https (or anything else like data:, javascript: and more) if and only if Search Engine Friendly URLs is disabled. It works both in 1.0.11, 1.0.x SVN and 1.0.0. When you enable SEFU 1.0.11 uses liveSite global var, exactly the same as in 1.0.0.

I can put that under discussion but I already know the answer: no new features in 1.0.x (but there's lil light of hope)

cheers
mat

P.S.
The place to apply the hack is line 506 in includes/sef.php
Good idea will be using code from lines 516 - 544 with just a slightly change.

[Saka]

...meaning if you have $mosConfig_live_site = "http://...", and type-in the url https://... on your web-browser (and your https server is configured to serve the same directory), all links and images were also with https://...

Hi,

Are you talking about the case SEF is ON or OFF? In the case it's ON it's a feature request I think...

If you could point me how to setup my https server is to serve the http directory I'll be happy to test it.

[user deleted]

Fixed for next release