[LOW:FIXED 6439:1.0.11] 1.0.9: https switchover broken
- Beat
- Joomla! Guru
- Posts: 844
- Joined: Thu Aug 18, 2005 8:53 am
- Location: Switzerland
- Contact:
[LOW:FIXED 6439:1.0.11] 1.0.9: https switchover broken
In Joomla! 1.0.0 and a few other versions, there was an elegant function to be able to access a site via http://... or via https://...
...meaning if you have $mosConfig_live_site = "http://...", and type-in the url https://... on your web-browser (and your https server is configured to serve the same directory), all links and images were also with https://...
A nice and smooth way to get into the secure part of the site on some occasions, as needed.
This doesn't work anymore in 1.0.9 (and also 1.0., but works fine in 1.0.0.
Tried to find the code doing that without luck yet.
...meaning if you have $mosConfig_live_site = "http://...", and type-in the url https://... on your web-browser (and your https server is configured to serve the same directory), all links and images were also with https://...
A nice and smooth way to get into the secure part of the site on some occasions, as needed.
This doesn't work anymore in 1.0.9 (and also 1.0., but works fine in 1.0.0.
Tried to find the code doing that without luck yet.
Last edited by Anonymous on Thu Dec 07, 2006 9:32 am, edited 1 time in total.
Beat
www.joomlapolis.com <= Community Builder + CBSubs Joomla membership payment system - team
hosting.joomlapolis.com <= Joomla! Hosting, by the CB Team
www.joomlapolis.com <= Community Builder + CBSubs Joomla membership payment system - team
hosting.joomlapolis.com <= Joomla! Hosting, by the CB Team
- pointri
- Joomla! Explorer
- Posts: 283
- Joined: Wed Aug 24, 2005 2:02 pm
- Location: Rhode Island, USA
Re: 1.0.9: https switchover broken
I encountered the same problem after upgrading. Made temporary redirects in htaccess to external links on https for the time being in one site. Probably has to do with the SEF include or the SEF mambot?
Re: 1.0.9: https switchover broken
Hi Beat,
Can you tell me if this is still an issue for 1.0.11?
Trying to clean up the Q&T 1.0 forum a bit
Thanks, Robin
Can you tell me if this is still an issue for 1.0.11?
Trying to clean up the Q&T 1.0 forum a bit
Thanks, Robin
- Beat
- Joomla! Guru
- Posts: 844
- Joined: Thu Aug 18, 2005 8:53 am
- Location: Switzerland
- Contact:
Re: 1.0.9: https switchover broken
Hi Robin,RobInk wrote: Hi Beat,
Can you tell me if this is still an issue for 1.0.11?
Trying to clean up the Q&T 1.0 forum a bit
Thanks, Robin
Yes, this is still an issue in 1.0.11.
Actually, this is an issue in frontend and in backend. Given the new snooping hacks, it's a security issue for backend.
Best Regards,
Beat
www.joomlapolis.com <= Community Builder + CBSubs Joomla membership payment system - team
hosting.joomlapolis.com <= Joomla! Hosting, by the CB Team
www.joomlapolis.com <= Community Builder + CBSubs Joomla membership payment system - team
hosting.joomlapolis.com <= Joomla! Hosting, by the CB Team
Re: 1.0.9: https switchover broken
Hi Beat,
Do you think it can be considered a bug, so in other words it could also be fixed? Or would this mean some of the security work would have to be undone and new features added? Asking this, since 1.0 is closed for any new features, so I can determine if I can close this topic or not (as known issue).
Do you think it can be considered a bug, so in other words it could also be fixed? Or would this mean some of the security work would have to be undone and new features added? Asking this, since 1.0 is closed for any new features, so I can determine if I can close this topic or not (as known issue).
- Beat
- Joomla! Guru
- Posts: 844
- Joined: Thu Aug 18, 2005 8:53 am
- Location: Switzerland
- Contact:
Re: 1.0.9: https switchover broken
Confirming this as a bug. It was a new feature working in Mambo 4.5.2.3 and also in early Joomla versions, and works again also in Joomla 1.5 beta.
Created artifact on forge with solution proposal and backlink to this thread.
http://forge.joomla.org/sf/go/artf6439?nav=1
Created artifact on forge with solution proposal and backlink to this thread.
http://forge.joomla.org/sf/go/artf6439?nav=1
Beat
www.joomlapolis.com <= Community Builder + CBSubs Joomla membership payment system - team
hosting.joomlapolis.com <= Joomla! Hosting, by the CB Team
www.joomlapolis.com <= Community Builder + CBSubs Joomla membership payment system - team
hosting.joomlapolis.com <= Joomla! Hosting, by the CB Team
- facedancer
- Joomla! Enthusiast
- Posts: 172
- Joined: Thu Aug 18, 2005 6:13 am
- Location: Antibes, France
- Contact:
- Beat
- Joomla! Guru
- Posts: 844
- Joined: Thu Aug 18, 2005 8:53 am
- Location: Switzerland
- Contact:
Re: [LOW:TRACKER 6439:1.0.11] 1.0.9: https switchover broken
Cool, thanks. Nice to see so good news comming back from a few days vacationfacedancer wrote: on it
In addition to my suggested implementation (for front-end and back-end index.php + index2.php + index3.php fiiles just after including configuration.php), you may want to take a look at joomla! 1.5 's implementation, as it would make sense to keep them similar.
Beat
www.joomlapolis.com <= Community Builder + CBSubs Joomla membership payment system - team
hosting.joomlapolis.com <= Joomla! Hosting, by the CB Team
www.joomlapolis.com <= Community Builder + CBSubs Joomla membership payment system - team
hosting.joomlapolis.com <= Joomla! Hosting, by the CB Team
- facedancer
- Joomla! Enthusiast
- Posts: 172
- Joined: Thu Aug 18, 2005 6:13 am
- Location: Antibes, France
- Contact:
Re: [LOW:TRACKER 6439:1.0.11] 1.0.9: https switchover broken
It seems... not true :PBeat wrote: In Joomla! 1.0.0 and a few other versions, there was an elegant function to be able to access a site via http://... or via https://...
...meaning if you have $mosConfig_live_site = "http://...", and type-in the url https://... on your web-browser (and your https server is configured to serve the same directory), all links and images were also with https://...
A nice and smooth way to get into the secure part of the site on some occasions, as needed.
This doesn't work anymore in 1.0.9 (and also 1.0., but works fine in 1.0.0.
Tried to find the code doing that without luck yet.
The thing you're requesting become future request which is prohibited for 1.0.x
Let me explain.
sefRelToAbs() allows to use https (or anything else like data:, javascript: and more) if and only if Search Engine Friendly URLs is disabled. It works both in 1.0.11, 1.0.x SVN and 1.0.0. When you enable SEFU 1.0.11 uses liveSite global var, exactly the same as in 1.0.0.
I can put that under discussion but I already know the answer: no new features in 1.0.x (but there's lil light of hope)
cheers
mat
P.S.
The place to apply the hack is line 506 in includes/sef.php
Good idea will be using code from lines 516 - 544 with just a slightly change.
- Saka
- Joomla! Explorer
- Posts: 263
- Joined: Sat Aug 13, 2005 2:13 am
- Location: Sweden
- Contact:
Re: [LOW:TRACKER 6439:1.0.11] 1.0.9: https switchover broken
Hi,Beat wrote: ...meaning if you have $mosConfig_live_site = "http://...", and type-in the url https://... on your web-browser (and your https server is configured to serve the same directory), all links and images were also with https://...
Are you talking about the case SEF is ON or OFF? In the case it's ON it's a feature request I think...
If you could point me how to setup my https server is to serve the http directory I'll be happy to test it.
Emir Sakic
http://www.sakic.net
http://www.sakic.net