Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

seo_redirect returns "Tried to redirect to potentially insecure url" if forum uses https / SSL #99

Open
hbcafe opened this issue Jul 20, 2015 · 1 comment
Open

seo_redirect returns "Tried to redirect to potentially insecure url" if forum uses https / SSL #99

hbcafe opened this issue Jul 20, 2015 · 1 comment

Comments

@hbcafe
Copy link

hbcafe commented Jul 20, 2015

See http://www.phpbb-seo.com/en/phpbb2-advanced/article36376.html

I haven't debugged it yet, but I would look at this code in seo_redirect:

    // Now, also check the protocol and for a valid url the last time...
    $allowed_protocols = array('http', 'https'/*, 'ftp', 'ftps'*/);
    $url_parts = parse_url($url);
    if ($url_parts === false || empty($url_parts['scheme']) || !in_array($url_parts['scheme'], $allowed_protocols))
    {
        send_status_line(400, 'Bad Request');
        trigger_error('INSECURE_REDIRECT', E_USER_ERROR);
    }

It assumes a fully qualified URL, but it may be getting a relative one.
@hbcafe
Copy link
Author

hbcafe commented Jul 21, 2015

Jared reports:

I figured it out over the weekend. Turns out it's a cookie issue, if you're running SSL you just have to be sure to enable transfer cookies over SSL. That cleared it up for me. It's running flawlessly now in phpBB 3.1.5.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@hbcafe