[Systems] [SOLVED] Wiki Cpatcha Mixed Content
bernie at codewiz.org
Tue Dec 8 11:12:46 EST 2015
On 12/08/2015 04:50 AM, Sam P. wrote:
> Hi All,
> I've seen 2 reports today from different people. Both said that the
> they were editing pages and tried to save. Then it asked them for a
> capacha. The capacha did not show.
> It resulted in a mixed content warning, from irc "Mixed Content: The
> page at
> 'https://wiki.sugarlabs.org/index.php?title=User:Vipulroxx&action=submit' was
> loaded over HTTPS, but requested an insecure script
> This request has been blocked; the content must be served over HTTPS.
> I didn't test over http, because the wiki now forces https (good thing!).
> I edited extensions/ConfirmEdit/ReCaptcha.class.php. It has a $useHttps
> variable which I just forced to be true. There is probably a better
> fix, but I can't think right now sorry. I'll have a look again later.
Thanks for the fix. I checked the code, and it seems odd that the check
didn't work on its own:
$useHttps = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on');
We're running ancient versions of Apache (2.2.14) and php (5.3.2).
Extension developers probably don't test their code against these any more.
We should look into moving the wiki to a container and / or upgrade
ubuntu on sunjammer. I could do the upgrade over the christmas / new
year holidays if an FSF sysadmin pledges to be around in case the
machine becomes unbootable. We probably have console access to
sunjammer, but I don't remember how to get to it.
_ // Bernie Innocenti
More information about the Systems