Uploaded image for project: 'CiviCRM'
  1. CiviCRM
  2. CRM-9836

Secure URL check doesn't consider 302 redirect

    Details

    • Type: Bug
    • Status: Done/Fixed
    • Priority: Minor
    • Resolution: Fixed/Completed
    • Affects Version/s: 4.1.1
    • Fix Version/s: Unscheduled
    • Component/s: Core CiviCRM
    • Labels:
      None
    • Documentation Required?:
      None
    • Funding Source:
      Core Team Funds

      Description

      This is perhaps a corner case, but if you have Force Secure URLs enabled, and you have links directly to Event Registration pages, then the user will get an erroneous warning "HTTPS is not enabled on this server" if the event is full or closed. This happens because Civi issues a 302 to redirect you to the event info page if you hit the registration page and the event is full or closed, and checkURL() in CRM/Utils/System.php considers only 200 as a valid response code.

      I've attached a patch that changes checkURL() to consider any response code < 302 as valid, but perhaps it would be better to check for a handful of specific codes instead.

        Attachments

          Activity

            People

            • Assignee:
              kurund Kurund Jalmi
              Reporter:
              jcm55 Jim Meehan
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: