[Systems] [SOLVED] Wiki Cpatcha Mixed Content

[Bernie Innocenti]

On 12/08/2015 04:50 AM, Sam P. wrote:
> Hi All,
> 
> I've seen 2 reports today from different people.  Both said that the
> they were editing pages and tried to save.  Then it asked them for a
> capacha. The capacha did not show.
> 
> It resulted in a mixed content warning, from irc "Mixed Content: The
> page at
> 'https://wiki.sugarlabs.org/index.php?title=User:Vipulroxx&action=submit' was
> loaded over HTTPS, but requested an insecure script
> 'http://www.google.com/recaptcha/api/challenge?k=6LdovO0SAAAAAPupz6Uw8oyFXOlPdql0hTMTVhxP'.
> This request has been blocked; the content must be served over HTTPS.
> load.php?debug=false&lang=en&modules=jquery%2Cmediawiki&only=scripts&skin=vector&version=20151208T0…:156
> Uncaught"
> 
> I didn't test over http, because the wiki now forces https (good thing!).
> 
> I edited extensions/ConfirmEdit/ReCaptcha.class.php.  It has a $useHttps
> variable which I just forced to be true.  There is probably a better
> fix, but I can't think right now sorry.  I'll have a look again later.


Thanks for the fix. I checked the code, and it seems odd that the check
didn't work on its own:

 $useHttps = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on');

We're running ancient versions of Apache (2.2.14) and php (5.3.2).
Extension developers probably don't test their code against these any more.

We should look into moving the wiki to a container and / or upgrade
ubuntu on sunjammer. I could do the upgrade over the christmas / new
year holidays if an FSF sysadmin pledges to be around in case the
machine becomes unbootable. We probably have console access to
sunjammer, but I don't remember how to get to it.

-- 
 _ // Bernie Innocenti
 \X/  http://codewiz.org