MDL-12561: Regression fix: banish insecure items warning in IE7 in HT…

…TPS sites. blank.html now loaded with a https: URL in sites/pages using SSL. Author: Jonathan Harker <jonathan@catalyst.net.nz>
moodle · Jun 9, 2009 · b5ebbaa · b5ebbaa
1 parent f9fad87
commit b5ebbaa
Show file tree

Hide file tree

Showing 4 changed files with 26 additions and 11 deletions.
diff --git a/lib/editor/htmlarea/coursefiles.php b/lib/editor/htmlarea/coursefiles.php
@@ -25,7 +25,6 @@
     $text    = optional_param('text', '', PARAM_RAW);
     $confirm = optional_param('confirm', 0, PARAM_BOOL);
 
-
     if (! $course = get_record("course", "id", $id) ) {
         error("That's an invalid course id");
     }
@@ -40,6 +39,11 @@ function html_footer() {
     function html_header($course, $wdir, $formfield=""){
 
         global $CFG;
+        if (!empty($_SERVER['HTTPS']) and $_SERVER['HTTPS'] != 'off') {
+            $url = preg_replace('|https?://[^/]+|', '', $CFG->wwwroot).'/lib/editor/htmlarea/';
+        } else {
+            $url = $CFG->wwwroot.'/lib/editor/htmlarea/';
+        }
 
         ?>
         <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
@@ -142,7 +146,7 @@ function reset_value() {
 
             var prev = window.parent.ipreview;
             if(prev != null) {
-                prev.location.replace('<?php echo $CFG->wwwroot ?>/lib/editor/htmlarea/blank.html');
+                prev.location.replace('<?php echo $url ?>blank.html');
             }
             var uploader = window.parent.document.forms['uploader'];
             if(uploader != null) {

diff --git a/lib/editor/htmlarea/htmlarea.php b/lib/editor/htmlarea/htmlarea.php
@@ -29,9 +29,7 @@
         $lang = "en";
     }
 
-    if ($httpsrequired) {
+    if ($httpsrequired or (!empty($_SERVER['HTTPS']) and $_SERVER['HTTPS'] != 'off')) {
-        // this is an ugly hack to allow partial operation of editor on pages that require https when loginhttps enabled
-        // please note that some popups still show nonsecurre items and fullscreen may not function properly in IE
         $url = preg_replace('|https?://[^/]+|', '', $CFG->wwwroot).'/lib/editor/htmlarea/';
     } else {
         $url = $CFG->wwwroot.'/lib/editor/htmlarea/';
@@ -721,7 +719,7 @@ function createButton(txt) {
     // create the IFRAME
     var iframe = document.createElement("iframe");
 
-    iframe.src = "<?php echo $CFG->wwwroot ?>/lib/editor/htmlarea/blank.html";
+    iframe.src = "<?php echo $url ?>blank.html";
 
     iframe.className = "iframe";
 

diff --git a/lib/editor/htmlarea/popups/insert_image.php b/lib/editor/htmlarea/popups/insert_image.php
@@ -11,6 +11,12 @@
 
     $upload_max_filesize = get_max_upload_file_size($CFG->maxbytes);
 
+    if ($httpsrequired or (!empty($_SERVER['HTTPS']) and $_SERVER['HTTPS'] != 'off')) {
+        $url = preg_replace('|https?://[^/]+|', '', $CFG->wwwroot).'/lib/editor/htmlarea/';
+    } else {
+        $url = $CFG->wwwroot.'/lib/editor/htmlarea/';
+    }
+
 ?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
     "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
@@ -90,9 +96,9 @@ function onPreview() {
   img.src = url;
   var win = null;
   if (!document.all) {
-    win = window.open("<?php echo $CFG->wwwroot ?>/lib/editor/htmlarea/blank.html", "ha_imgpreview", "toolbar=no,menubar=no,personalbar=no,innerWidth=100,innerHeight=100,scrollbars=no,resizable=yes");
+    win = window.open("<?php echo $url ?>blank.html", "ha_imgpreview", "toolbar=no,menubar=no,personalbar=no,innerWidth=100,innerHeight=100,scrollbars=no,resizable=yes");
   } else {
-    win = window.open("<?php echo $CFG->wwwroot ?>/lib/editor/htmlarea/blank.html", "ha_imgpreview", "channelmode=no,directories=no,height=100,width=100,location=no,menubar=no,resizable=yes,scrollbars=no,toolbar=no");
+    win = window.open("<?php echo $url ?>blank.html", "ha_imgpreview", "channelmode=no,directories=no,height=100,width=100,location=no,menubar=no,resizable=yes,scrollbars=no,toolbar=no");
   }
   preview_window = win;
   var doc = win.document;
@@ -269,7 +275,7 @@ function submit_form(dothis) {
       ?>
       </td>
       <td width="45%" valign="top"><?php print_string("preview","editor");?>:<br />
-      <iframe id="ipreview" name="ipreview" src="<?php echo $CFG->wwwroot ?>/lib/editor/htmlarea/blank.html" style="width: 100%; height: 200px;"></iframe>
+      <iframe id="ipreview" name="ipreview" src="<?php echo $url ?>blank.html" style="width: 100%; height: 200px;"></iframe>
       </td>
     </tr>
   </table>

diff --git a/lib/editor/htmlarea/popups/insert_image_std.php b/lib/editor/htmlarea/popups/insert_image_std.php
@@ -5,6 +5,13 @@
 
     require_course_login($id);
     @header('Content-Type: text/html; charset=utf-8');
+
+    if ($httpsrequired or (!empty($_SERVER['HTTPS']) and $_SERVER['HTTPS'] != 'off')) {
+        $url = preg_replace('|https?://[^/]+|', '', $CFG->wwwroot).'/lib/editor/htmlarea/';
+    } else {
+        $url = $CFG->wwwroot.'/lib/editor/htmlarea/';
+    }
+
 ?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
     "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
@@ -82,9 +89,9 @@ function onPreview() {
   img.src = url;
   var win = null;
   if (!document.all) {
-    win = window.open("<?php echo $CFG->wwwroot ?>/lib/editor/htmlarea/blank.html", "ha_imgpreview", "toolbar=no,menubar=no,personalbar=no,innerWidth=100,innerHeight=100,scrollbars=no,resizable=yes");
+    win = window.open("<?php echo $url ?>blank.html", "ha_imgpreview", "toolbar=no,menubar=no,personalbar=no,innerWidth=100,innerHeight=100,scrollbars=no,resizable=yes");
   } else {
-    win = window.open("<?php echo $CFG->wwwroot ?>/lib/editor/htmlarea/blank.html", "ha_imgpreview", "channelmode=no,directories=no,height=100,width=100,location=no,menubar=no,resizable=yes,scrollbars=no,toolbar=no");
+    win = window.open("<?php echo $url ?>blank.html", "ha_imgpreview", "channelmode=no,directories=no,height=100,width=100,location=no,menubar=no,resizable=yes,scrollbars=no,toolbar=no");
   }
   preview_window = win;
   var doc = win.document;