Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Nodes with URL aliases are never matched (whether set manually or via Pathauto). Only a node's original URL may be specified for inclusion or exclusion. For example, if node #50 has a url alias of 'test', the following inclusion list will not protect it:
test
node/add*
node/*/edit
user/*
admin*
user
However, changing the first entry to the original path works:
node/50
node/add*
node/*/edit
user/*
admin*
user
This is not the case for views, whose paths seem to work fine.
Comment | File | Size | Author |
---|---|---|---|
#2 | securepages.module.check-path-alias-0.patch | 761 bytes | ashtonium |
Comments
Comment #1
pheinrich CreditAttribution: pheinrich commentedThis was a relatively easy fix (assuming I'm not missing something obvious). I've seen others request this functionality; here's my change, in case it helps someone else:
271c271,278
< return !($secure xor preg_match($regexp, $path)) ? 1 : 0;
---
>
> $result = preg_match($regexp, $path);
> if (function_exists('drupal_get_path_alias')) {
> $path_alias = drupal_get_path_alias($_GET['q']);
> $result |= preg_match($regexp, $path_alias);
> }
>
> return ($secure xor $result) ? 0 : 1;
Comment #2
ashtonium CreditAttribution: ashtonium commentedHere's a patch file (against the latest 5.x-1.x-dev) with some changes:
drupal_get_path_alias
should test the passed value of$path
instead of$_GET['q']
because thesecurepages_match
function is used for more than just the current browser URLComment #3
Leeteq CreditAttribution: Leeteq commentedSee also: "Securepages does not work with Clean URLs enabled"
http://drupal.org/node/206864
Comment #4
PaulWood CreditAttribution: PaulWood commentedpheinrich,
Do you plan to incorporate this logic into a future revision of Secure Pages?
Comment #5
vivianspencer CreditAttribution: vivianspencer commentedThis patch works beautifully for me, a lot pages on my site weren't being secured until I installed this patch
many thanks
Comment #6
easp CreditAttribution: easp commentedThe patch also worked for me. I applied the patch to securepages-6.x-1.7-beta2 and it fixed my alias problems. Many thanks!
Comment #7
mrfelton CreditAttribution: mrfelton commentedpatch at #2 also works for me on drupal 6. Can we get this committed in both version please?
Comment #8
sgriffin CreditAttribution: sgriffin commentedBump, this patch is still not committed to 5 head.
Comment #9
jschrab CreditAttribution: jschrab commentedI too have had need to apply this patch to 6.x-1.7 (release, not beta) to make Secure Pages work like I expect.
Comment #10
amariotti CreditAttribution: amariotti commentedPlease apply this patch to the latest versions. It worked perfectly and allows the functionality that should be there. Thanks a bunch!
Comment #11
gordon CreditAttribution: gordon commentedThanks I have committed this to dev
Comment #12
ashtonium CreditAttribution: ashtonium commentedThanks for committing this to the 6.x branch. Can we get it committed to 5.x as well?
The patch was actually written against the 5.x branch. I just tested and it still applies cleanly with some line offset.
Comment #13
mrfelton CreditAttribution: mrfelton commentedFor reference: I think http://drupal.org/node/206864#comment-2649468 is related to the the change that was made in this patch.
Comment #14
grendzy CreditAttribution: grendzy commentedThe 5.x branch is no longer supported. If this issue is still present in a current version of Secure Pages, please update the issue summary, change the version field, and re-open the issue.