In the file securepages_prevent_hijack.module, in securepages_prevent_hijack_form_alter(), is a call to securepages_url(), a function that does not appear to exist. This caused a complete White Screen of Death on the web site, preventing me from even logging in to disable the module. I was only able to recover by renaming the module directory on the server.

CommentFileSizeAuthor
#3 securepages_prevent_hijack-securepages_url-wsod-1508642-2.patch1.02 KBpsynaptic
#1 securepages_prevent_hijack-securepages_url-wsod-1508642-1.patch818 bytesjoe-b

Comments

joe-b’s picture

joe-b commented
StatusFileSize
new securepages_prevent_hijack-securepages_url-wsod-1508642-1.patch818 bytes

The problem I suspect is that you're using 6.x-2.x-dev version of Secure Pages, which no longer contains the securepages_url() function.

Instead you'd want rewrite the tail end of securepages_prevent_hijack_form_alter() to look something like this …

…
    $options = array('secure' => TRUE, 'absolute' => TRUE, 'base_url' => securepages_baseurl(TRUE));
    if (isset($url['query'])) {
      $options['query'] = $url['query'];
    }
    $form['#action'] = url($path, $options);
…

Diff attached.

With Secure Pages 6.x-2.x-dev I found a gotcha with Locale and path prefixes in URLs dropping double language prefixes into paths, in which case something like http://drupal.org/node/420386#comment-3587618 works, though I tidied up that code for use here into …

    switch (variable_get('language_negotiation', LANGUAGE_NEGOTIATION_NONE)) {
      case LANGUAGE_NEGOTIATION_PATH:
        global $language;
        $prefix = $language->language . '/';
        $language_prefix = substr($path, 0, 3);
        if ($prefix == $language_prefix) {
          $path = ltrim($path, $language_prefix);
        }
        break;
    }

That's a bit fugly, really, and I'm pretty sure there's a better way of cleaning locale paths of language prefixes - just can't put my finger on any good example code to work from at the moment.

izmeez’s picture

izmeez commented

There appear to be several issues regarding securepages_prevent_hijack-6.x-1.x incompatibility with securepages-6.x-2.x but this issue seems to be the the key towards solving it.

Maybe #2129783: Not working with Secure pages 6.x-2.0 should be marked as duplicate and link to this issue.

Also #2129779: Secure Pages Prevent Hijack failed to set secure cookie which seems to also relate to another issue which is now fixed could be closed or also marked as a duplicate and link to this issue.

And #2132363: user page is white after secure pages 6.x-2.0 update could be marked as a duplicate and link to this issue.

This might help to cleanup the issue queue.

psynaptic’s picture

psynaptic commented
Title: Missing function securepages_url() causes WSoD » Undefined function securepages_url()
Version: 6.x-1.6 » 6.x-1.x-dev
Issue summary: View changes
Status: Active » Needs review
StatusFileSize
new securepages_prevent_hijack-securepages_url-wsod-1508642-2.patch1.02 KB

@joe-b: I think your patch deals with this in the correct way. There are some extra blank lines and "secure" option is now redundant (that was a feature of the old securepages_url() function). I have attached a patch to resolve these (very minor) issues. Please create a separate issue to deal with the language negotiation URLs.

@izmeez: Thanks for listing those out. I have closed 2 issues that are exact duplicates of this and linked them here. I see the cookie problem as a separate issue to the undefined function and will close the duplicate cookie-related ones.

grendzy’s picture

grendzy commented
Status: Needs review » Fixed

Thanks! This has been committed to a new 6.x-2.x branch, which should be published momentarily.

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.