Page 1 of 1

[LOW:FIXED 6439:1.0.11] 1.0.9: https switchover broken

Posted: Mon Jun 12, 2006 10:04 pm
by Beat
In Joomla! 1.0.0 and a few other versions, there was an elegant function to be able to access a site via http://... or via https://...

...meaning if you have $mosConfig_live_site = "http://...", and type-in the url https://... on your web-browser (and your https server is configured to serve the same directory), all links and images were also with https://...

A nice and smooth way to get into the secure part of the site on some occasions, as needed.

This doesn't work anymore in 1.0.9 (and also 1.0.8), but works fine in 1.0.0.

Tried to find the code doing that without luck yet.  :-\

Re: 1.0.9: https switchover broken

Posted: Mon Jun 12, 2006 10:44 pm
by pointri
I encountered the same problem after upgrading.  Made temporary redirects in htaccess to external links on https for the time being in one site.  Probably has to do with the SEF include or the SEF mambot?

Re: 1.0.9: https switchover broken

Posted: Sat Oct 07, 2006 6:51 pm
by Robin
Hi Beat,

Can you tell me if this is still an issue for 1.0.11?

Trying to clean up the Q&T 1.0 forum a bit  ;)

Thanks, Robin

Re: 1.0.9: https switchover broken

Posted: Sat Oct 07, 2006 8:24 pm
by Beat
RobInk wrote: Hi Beat,

Can you tell me if this is still an issue for 1.0.11?

Trying to clean up the Q&T 1.0 forum a bit  ;)

Thanks, Robin
Hi Robin,

Yes, this is still an issue in 1.0.11.

Actually, this is an issue in frontend and in backend. Given the new snooping hacks, it's a security issue for backend.

Best Regards,

Re: 1.0.9: https switchover broken

Posted: Sun Oct 08, 2006 5:59 am
by Robin
Hi Beat,

Do you think it can be considered a bug, so in other words it could also be fixed? Or would this mean some of the security work would have to be undone and new features added? Asking this, since 1.0 is closed for any new features, so I can determine if I can close this topic or not (as known issue).

Re: 1.0.9: https switchover broken

Posted: Mon Oct 16, 2006 11:05 am
by Beat
Confirming this as a bug. It was a new feature working in Mambo 4.5.2.3 and also in early Joomla versions, and works again also in Joomla 1.5 beta.

Created artifact on forge with solution proposal and backlink to this thread.

http://forge.joomla.org/sf/go/artf6439?nav=1

Re: [LOW:TRACKER 6439:1.0.11] 1.0.9: https switchover broken

Posted: Sun Oct 22, 2006 8:21 pm
by facedancer
on it :)

Re: [LOW:TRACKER 6439:1.0.11] 1.0.9: https switchover broken

Posted: Sun Oct 22, 2006 8:28 pm
by Beat
facedancer wrote: on it :)
Cool, thanks. Nice to see so good news comming back from a few days vacation :)

In addition to my suggested implementation (for front-end and back-end index.php + index2.php + index3.php fiiles just after including configuration.php), you may want to take a look at joomla! 1.5 's implementation, as it would make sense to keep them similar. ;)

Re: [LOW:TRACKER 6439:1.0.11] 1.0.9: https switchover broken

Posted: Sun Oct 29, 2006 10:22 am
by facedancer
Beat wrote: In Joomla! 1.0.0 and a few other versions, there was an elegant function to be able to access a site via http://... or via https://...

...meaning if you have $mosConfig_live_site = "http://...", and type-in the url https://... on your web-browser (and your https server is configured to serve the same directory), all links and images were also with https://...

A nice and smooth way to get into the secure part of the site on some occasions, as needed.

This doesn't work anymore in 1.0.9 (and also 1.0.8), but works fine in 1.0.0.

Tried to find the code doing that without luck yet.  :-\
It seems... not true :P
The thing you're requesting become future request which is prohibited for 1.0.x :)

Let me explain.
sefRelToAbs() allows to use https (or anything else like data:, javascript: and more) if and only if Search Engine Friendly URLs is disabled. It works both in 1.0.11, 1.0.x SVN and 1.0.0. When you enable SEFU 1.0.11 uses liveSite global var, exactly the same as in 1.0.0.

I can put that under discussion but I already know the answer: no new features in 1.0.x (but there's lil light of hope) :D

cheers
mat

P.S.
The place to apply the hack is line 506 in includes/sef.php
Good idea will be using code from lines 516 - 544 with just a slightly change.

Re: [LOW:TRACKER 6439:1.0.11] 1.0.9: https switchover broken

Posted: Wed Nov 22, 2006 12:41 am
by Saka
Beat wrote: ...meaning if you have $mosConfig_live_site = "http://...", and type-in the url https://... on your web-browser (and your https server is configured to serve the same directory), all links and images were also with https://...
Hi,

Are you talking about the case SEF is ON or OFF? In the case it's ON it's a feature request I think...

If you could point me how to setup my https server is to serve the http directory I'll be happy to test it.

Re: [LOW:FIXED 6439:1.0.11] 1.0.9: https switchover broken

Posted: Thu Dec 07, 2006 9:32 am
by Robin
Fixed for next release