[Bug 40541] New: $wgSecureLogin does not redirect to http if wpStickHTTPS is unchecked

bugzilla-daemon Wed, 26 Sep 2012 18:30:21 -0700

https://bugzilla.wikimedia.org/show_bug.cgi?id=40541


       Web browser: ---
             Bug #: 40541
           Summary: $wgSecureLogin does not redirect to http if
                    wpStickHTTPS is unchecked
           Product: MediaWiki
           Version: 1.20-git
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: Unprioritized
         Component: User login
        AssignedTo: [email protected]
        ReportedBy: [email protected]
    Classification: Unclassified
   Mobile Platform: ---


When using $wgSecureLogin, if a user leaves wpStickHTTPS unchecked, they are
stil redirected to an https page after login.

I think it's because getFullURL returns a protocol relative url by default now,
so preg_replace( '/^https:/', 'http:', $redirectUrl ) has no effect.

(NB: fixing this seems to prevent a user from logging in without wpStickHTTPS
checked, because their session cookies are set with the secure attribute, but
they are immediately redirected to an insecure page, so their session cookie no
longer exists in the request.)

-- 
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are on the CC list for the bug.

_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 40541] New: $wgSecureLogin does not redirect to http if wpStickHTTPS is unchecked

Reply via email to