If a form is delivered to a user then she must already be on HTTPS if she has one of the HTTPS secured roles (forced redirect in hook_init()). So it does not make sense to check that again in hook_form_alter(). Patch attached.

This also solves an incompatibility with the overlay module for me, as the overlay javascript considers a form action beginning with "https" to be an external URL. So it changes the form target to "_new" which opens a new window on form submission, which is really confusing.

CommentFileSizeAuthor
#9 securepages-form-role-1402608-9.patch882 bytesklausi
#8 securepages-form-role-1402608-8.patch1.05 KBklausi
#5 1402608-securepages-form-role.patch812 bytesklausi
securepages-remove-role-check.patch776 bytesklausi
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

grendzy’s picture

grendzy CreditAttribution: grendzy commented
Title: Remove the role check on forms » don't alter form action unless required
Version: 7.x-1.x-dev » 6.x-2.x-dev
Status: Needs review » Patch (to be ported)

Instead, I added a check for $is_https so the action isn't changed unless needed.

Commit fcfbf84 on master

grendzy’s picture

grendzy CreditAttribution: grendzy commented
Status: Patch (to be ported) » Fixed

Thanks. The overlay thing was driving me nuts too.

Commit 5098b1f on 6.x-2.x

klausi’s picture

klausi
he/him||they/them
Primary language German
Location 🇦🇹 Vienna
CreditAttribution: klausi commented
Status: Fixed » Active

But why don't you just remove the role check all together as I suggested? This is useless code in hook_form_alter(), no?

grendzy’s picture

grendzy CreditAttribution: grendzy commented
Version: 6.x-2.x-dev » 7.x-1.x-dev
Status: Active » Needs work

Yes, now I understand what you mean. This is indeed dead code.

klausi’s picture

klausi
he/him||they/them
Primary language German
Location 🇦🇹 Vienna
CreditAttribution: klausi commented
Status: Needs work » Needs review
FileSize
1402608-securepages-form-role.patch812 bytes

Rerolled.

David4514’s picture

David4514 CreditAttribution: David4514 commented

I too was having issues with overlays. I had included 'admin/people' as one of the pages to be secured.

With the 7.x-1.x branch of securepages (as of 04/20/12), the overlay was hanging when I clicked on the People tab. Until I browsed to a url without an overlay, it remains in a hung state.

I switched to the "master" branch of securepages and applied the patch in #5 (the patch does not apply to the 7.1-1.x branch ???).

Now, when I click on the "People" tab, it opens up, but with the overlay disabled. Is that the intended result? It is better than a hang, but not what I was expecting. I was expecting the People tab to act like the other administrative tabs, but forcing https.

David4514’s picture

David4514 CreditAttribution: David4514 commented

I may have answered my own question. As described in the #952820: Drupal 7 port, overlays are incompatible with mixed http/https mode (i.e. you cannot overlay https on top of http).

Ok... now that I understand, I can live with that. I was only having the issue in the administrative area anyway.

klausi’s picture

klausi
he/him||they/them
Primary language German
Location 🇦🇹 Vienna
CreditAttribution: klausi commented
Issue summary: View changes
FileSize
securepages-form-role-1402608-8.patch1.05 KB

Patch does not apply anymore, rerolled.

klausi’s picture

klausi
he/him||they/them
Primary language German
Location 🇦🇹 Vienna
CreditAttribution: klausi commented
FileSize
securepages-form-role-1402608-9.patch882 bytes

Better not fix the white space at the end of the file to avoid clashes with my other securepages patches in my drush make file.