Bug #1251

Secure link for the Site URL

Added by Munra almost 2 years ago. Updated 3 months ago.

Status:Rejected Start date:08/15/2010
Priority:Normal Due date:
Assignee:psychonic % Done:

0%
Category:Web
Target version:-
Affected Version: Blocking Target Version:No

Description

A player in IRC had an issue when adding a secure link(https://) as the site URL.

What happens is instead of ignoring the https:// it appends it to http://>

so

site URL = https://iambetterthenbpnatfof.com

the actual link URL = http://https//iambetterthenbpnatfof.com

Related issues

related to HLstatsX: CE - Task #1491: Remove all http:// references in code (all URLs should be... Assigned 02/18/2012

History

#1 Updated by psychonic over 1 year ago

  • Category set to Web
  • Status changed from New to Rejected
  • Assignee set to psychonic

WORKSFORME

https://stats.wmdgaming.com

If you can get more details, feel free to add another comment and reopen.

#2 Updated by Munra over 1 year ago

yes that does work fine. Let me be more clear.

To reproduce this you need to set your site url in general settings to https://stats.wmdgaming.com

once you refresh the link to your site in the top left of the breadcrumb is http://https://stats.wmdgaming.com

#3 Updated by Packhead over 1 year ago

  • Status changed from Rejected to Assigned

Munra wrote:

yes that does work fine. Let me be more clear.

To reproduce this you need to set your site url in general settings to https://stats.wmdgaming.com

once you refresh the link to your site in the top left of the breadcrumb is http://https://stats.wmdgaming.com

I have a ticket (#382) to add SSL support to the administration center, which is really the only place I could imagine needing SSL (maybe any future login pages we end up adding). Seems silly to SSL the entire site.

That being said, perhaps we'll add three options in the future:

  1. Use HTTP for all pages (and supply the port, default to 80)
  2. Use HTTPS for Administration Center and Login Pages (and supply the port, default to 443)
  3. Use HTTPS for all paages (and supply the port, default to 443)

Then users just need to provide the server address (yur.notcool.com), and we'll handle putting the right protocol on the front end.

I wonder if we have a regex checking the input and it's not matching, and thus pre-pending the http://. We could probably fix it easily by just removing that check. I don't know if we hard code http:// anywhere (I don't think so).

#4 Updated by Thor over 1 year ago

Packhead wrote:

I wonder if we have a regex checking the input and it's not matching, and thus pre-pending the http://. We could probably fix it easily by just removing that check. I don't know if we hard code http:// anywhere (I don't think so).

Check header.php line 219.

1  echo '<li><a href="http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] . '">HLstatsX</a>';

The http is hardcoded in there.

temp fix that seems to work for anyone that needs it(not the best way to do it i am sure)

 1
 2if(isset($_SERVER['SSL']) || (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on"))
 3{
 4  echo '<li><a href="https://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] . '">HLstatsX</a>';
 5}
 6else
 7{
 8  echo '<li><a href="http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] . '">HLstatsX</a>';
 9}

Also, from my search, there does seem to be several instances where a 'http://' is hardcoded.

#5 Updated by Packhead 3 months ago

  • Status changed from Assigned to Rejected
  • Blocking Target Version set to No

The correct way to fix this is to remove the hard links to http://. I've got a new tracker issue open (#1491) to handle this in the future web interface.

Also available in: Atom PDF