[Systems] [SOLVED] Wiki Cpatcha Mixed Content

Samuel Cantero scanterog at gmail.com
Tue Dec 8 17:46:59 EST 2015


Great Sam P! Good Job! Thanks!

On Tue, Dec 8, 2015 at 1:12 PM, Bernie Innocenti <bernie at codewiz.org> wrote:

> On 12/08/2015 04:50 AM, Sam P. wrote:
> > Hi All,
> >
> > I've seen 2 reports today from different people.  Both said that the
> > they were editing pages and tried to save.  Then it asked them for a
> > capacha. The capacha did not show.
> >
> > It resulted in a mixed content warning, from irc "Mixed Content: The
> > page at
> > 'https://wiki.sugarlabs.org/index.php?title=User:Vipulroxx&action=submit'
> was
> > loaded over HTTPS, but requested an insecure script
> > '
> http://www.google.com/recaptcha/api/challenge?k=6LdovO0SAAAAAPupz6Uw8oyFXOlPdql0hTMTVhxP
> '.
> > This request has been blocked; the content must be served over HTTPS.
> >
> load.php?debug=false&lang=en&modules=jquery%2Cmediawiki&only=scripts&skin=vector&version=20151208T0…:156
> > Uncaught"
> >
> > I didn't test over http, because the wiki now forces https (good thing!).
> >
> > I edited extensions/ConfirmEdit/ReCaptcha.class.php.  It has a $useHttps
> > variable which I just forced to be true.  There is probably a better
> > fix, but I can't think right now sorry.  I'll have a look again later.
>
>
> Thanks for the fix. I checked the code, and it seems odd that the check
> didn't work on its own:
>
>  $useHttps = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on');
>
> We're running ancient versions of Apache (2.2.14) and php (5.3.2).
> Extension developers probably don't test their code against these any more.
>
> We should look into moving the wiki to a container and / or upgrade
> ubuntu on sunjammer. I could do the upgrade over the christmas / new
> year holidays if an FSF sysadmin pledges to be around in case the
> machine becomes unbootable. We probably have console access to
> sunjammer, but I don't remember how to get to it.
>
> --
>  _ // Bernie Innocenti
>  \X/  http://codewiz.org
> _______________________________________________
> Systems mailing list
> Systems at lists.sugarlabs.org
> http://lists.sugarlabs.org/listinfo/systems
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sugarlabs.org/archive/systems/attachments/20151208/445827cf/attachment.html>


More information about the Systems mailing list