CMS MADE SIMPLE FORGE

TinyMCE

 

[#8692] Problems when accessed via admin+SSL

avatar
Created By: Fred Polizo (fredp)
Date Submitted: Thu Nov 29 22:41:35 -0500 2012

Assigned To:
Version: 2.9.11
CMSMS Version: None
Severity: Major
Resolution: None
State: Closed
Summary:
Problems when accessed via admin+SSL
Detailed Description:
Yesterday I reported admin UI problems in the CMSMS 1.11.3 Core when the admin
is accessed via SSL.

Today I found similar problems in TinyMCE 2.9.11 when it is used with CMSMS
1.11.3 admin+SSL. These problems result from using insecure URLs to load assets
over SSL. As with the above bug, how the problem manifests itself depends on how
the user's browser handles insecure asset requests over SSL. Chrome
(v23.0.1271.64) reports errors to the javascript console and fails to load
TinyMCE at all--no wysiwyg. Firefox (16.0.2), while also reporting errors, loads
the wysiwyg window, although some functions don't work. For example, I clicked
the "Insert/Edit Image" button and an blank popup appears with still more errors
reported on the javascript console.

Please see this forum article for complete details and configuration info:
     http://forum.cmsmadesimple.org/viewtopic.php?f=7&t=64177



Edit: fixed cut/paste error in forum URL


History

Comments
avatar
Date: 2012-12-11 07:10
Posted By: ncode gmbh (ncode)

Seems like this is an issue all over the place with cmsms..

The quick and dirty fix in config.php:


if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']=='on')
{
   $config['root_url'] = str_replace('http','https',$config['root_url']);
}

      
avatar
Date: 2012-12-13 00:54
Posted By: Fred Polizo (fredp)

The CMSMS upgrade procedure does not preserve such code in config.php; so, one
must remember to reinsert this hack after each and every upgrade.  Less than
optimal.  ;-(

Also, this particular workaround won't work with shared-SSL certificates where
the $config['admin_url'] is unlike $config['root_url']. For example, on
hostgator:
  $config['admin_url']="http://secure99.hostgator.com/~username/admin";
  $config['root_url']="http://example.org";

I tried this workaround over a year ago and found it didn't work with some
shared-SSL environments.  This variant worked better for me:

    if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']=='on')
    {
      $config['root_url'] = $config['ssl_url'];
    }

I'm not sure how well supported, by browsers and search engines, they are now,
but perhaps relative reference (aka schemeless) URIs would resolve the issue:
http://tools.ietf.org/html/rfc3986#section-4.2?  Might be worth some
investigation.
      
avatar
Date: 2016-02-12 13:29
Posted By: Rolf (rolf1)

TinyMCE version 3.x is released, the module is a complete rewrite of all code.

Because of this, bug reports related to the old version are not relevant anymore
and will be closed. Please use the latest and finest release at your CMSMS 2.x
website and test again. If you feel like your issue still isn't fixed create a
new report. Thanks.
      
Updates

Updated: 2016-02-12 13:29
cmsms_version_id: 29850 => -1
state: Open => Closed

Updated: 2012-12-04 21:29
description: Yesterday I reported admin UI problems in the CMSMS 1.11.3 Core when the admin is accessed via SSL. Today I found similar problems in TinyMCE 2.9.11 when it is used with CMSMS 1.11.3 admin+SSL. These problems result from using insecure URLs to load ass => Yesterday I reported admin UI problems in the CMSMS 1.11.3 Core when the admin is accessed via SSL. Today I found similar problems in TinyMCE 2.9.11 when it is used with CMSMS 1.11.3 admin+SSL. These problems result from using insecure URLs to load ass
resolution_id: => 5