CMS MADE SIMPLE FORGE

CMS Made Simple Core

 
Back Back to List

[#11955] admin panel output Mixed Content (HTTP and HTTPS) with custom variables in config.php file

avatar
Created By: Philippe Thomas (filto)
Date Submitted: Wed Jan 23 23:20:55 -0500 2019

Assigned To: Robert Campbell (calguy1000)
Version: 2.2.9
CMSMS Version: 2.2.9
Severity: Minor
Resolution: Fixed
State: Open
Summary:
admin panel output Mixed Content (HTTP and HTTPS) with custom variables in config.php file
Detailed Description:
admin panel output Mixed Content (HTTP and HTTPS) with custom variables in
config.php file.

if you customize in config.php file :

customize $config['root_url'] (even if $config['ssl_url'] is customized)
then connect you to admin with secure 'https' request.
Result : 2 css, 2 js and all icon links in header are Mixed Content http
(insecure) request.

For the same reason, for front-end and admin request, all customizable 'URL'
variable in config.php file, NEED customizable 'SSL_URL' variable.

And in lib/classes/class.cms_config.php : all these url variable NEED a smart
url function.

$config['ssl_admin_url']
$config['ssl_public_cache_url']
$config['ssl_assets_url']

or maybe define as constants 
CMS_SSL_ROOT_URl
CMS _SMART_ROOT_URL
 to avoid smart functions called so many time


History

Comments
avatar 
Date: 2019-02-01 15:26
Posted By: Robert Campbell (calguy1000)

This is fixed for the CMSMS 2.3 series.  All of the ssl_url config entries etc.
are removed so there is no possibility of mixed content
Updates

Updated: 2019-02-01 15:26
resolution_id: 5 => 7

Updated: 2019-01-25 22:21
description: admin panel output Mixed Content (HTTP and HTTPS) with custom variables in config.php file. if you customize in config.php file : customize $config['root_url'] (even if $config['ssl_url'] is customized) then connect you to admin with secure 'https' => admin panel output Mixed Content (HTTP and HTTPS) with custom variables in config.php file. if you customize in config.php file : customize $config['root_url'] (even if $config['ssl_url'] is customized) then connect you to admin with secure 'https'
resolution_id: => 5