COMMUNITY FORUM

Keyword
  1. Forum
  3. K2 Community Forum
  5. English K2 Community
  7. k2 is breaking secure pages

k2 is breaking secure pages

More
15 years 21 hours ago #73662 by isos
k2 is breaking secure pages was created by isos
Running Joomla 1.5.14 and k2 2.1

I have a site using Virtuemart, and some of the shopping cart pages are secure. K2 is breaking the security because there are multiple calls for http:// rather than https://

Example 1:
script type="text/javascript" src="www.mydomain.com/components/com_k2/js/k2.js">;

Example 2:
var K2RatingURL = 'www.mydomain.com/';


Anyone have an idea on whether this is a k2 or a joomla bug, and how to fix it? I saw another blog post about something similar, but it seemed to be about admin pages, not secure front end pages.

Please Log in or Create an account to join the conversation.

More
15 years 9 hours ago #73663 by Lefteris
Replied by Lefteris on topic k2 is breaking secure pages
Hi. K2 uses the Joomla! API for loading javascript and CSS files as i have explained on the other post. This is a Joomla! bug so we need to find another way for doing this. Thanks for reporting this issue to us.
JoomlaWorks Support Team
---
Please search the forum before posting a new topic :)

Please Log in or Create an account to join the conversation.

More
14 years 11 months ago #73664 by isos
Replied by isos on topic k2 is breaking secure pages
Thanks for responding. Any idea on when this might be fixed? I would like to avoid hacking the core Joomla files, but I have several Virtuemart users eager to start using k2 for blogging.

Lefteris Kavadas said:Hi. K2 uses the Joomla! API for loading javascript and CSS files as i have explained on the other post. This is a Joomla! bug so we need to find another way for doing this. Thanks for reporting this issue to us.

Please Log in or Create an account to join the conversation.

More
14 years 2 weeks ago #73665 by Andrew Patton
Replied by Andrew Patton on topic k2 is breaking secure pages
Lefteris Kavadas said:Hi. K2 uses the Joomla! API for loading javascript and CSS files as i have explained on the other post. This is a Joomla! bug so we need to find another way for doing this. Thanks for reporting this issue to us.


I responded in more detail on the other post Lefteris refers to (if you want more details and a better understanding, please visit that post), but long story short, I came up with a solution that can be used in your template to ensure that no components (K2 or otherwise) include non-secure dependencies on pages that you want to be secure. Here's the code:
// SSL fix to resolve issues with K2
if ( substr($this->base, 0, 5) == 'https' ) {
$head = $this->getHeadData();
// first, the stylesheets:
foreach($head['styleSheets'] as $link => $props) {
if (strpos($link, 'http:') !== false) {
$fixedLink = str_replace('http:', 'https:', $link);
$head['styleSheets'][$fixedLink] = $props;
unset($head['styleSheets'][$link]);
}
}
// then, the js:
foreach($head['scripts'] as $link => $props) {
if (strpos($link, 'http:') !== false) {
$fixedLink = str_replace('http:', 'https:', $link);
$head['scripts'][$fixedLink] = $props;
unset($head['scripts'][$link]);
}
}
$this->setHeadData($head);
}

Just put that snippet in your template (it shouldn't matter where you put it, but I find it helpful to put all php logic at the top of my templates, before the actual html markup; though regardless of where you put the code snippet, make sure it's in a <?php ?> block), and your secure pages will become secure once more.

Please Log in or Create an account to join the conversation.

More
13 years 9 months ago #73666 by natecovington
Replied by natecovington on topic k2 is breaking secure pages
Yes, there is another thread with some code that you insert into your template's index.php file to fix the SSL/HTTPS issue you mention. (I've got K2 with SSL working on my site just fine with this hack)

Also, I've used "ReReplacer" to fix some other SSL / HTTPS issues... you could look into this as well.

Please Log in or Create an account to join the conversation.

More
13 years 5 months ago #73667 by Mark Schultz
Replied by Mark Schultz on topic k2 is breaking secure pages
I found this did not work but changing the first line from:

if ( substr($this->base, 0, 5) == 'https' ) {

to:

if ( substr(JURI::current(), 0, 5) == 'https' ) {

does work. (with J! 1.5.22 anyway)

 

Andrew Patton said:

Lefteris Kavadas said:Hi. K2 uses the Joomla! API for loading javascript and CSS files as i have explained on the other post. This is a Joomla! bug so we need to find another way for doing this. Thanks for reporting this issue to us.


I responded in more detail on the other post Lefteris refers to (if you want more details and a better understanding, please visit that post), but long story short, I came up with a solution that can be used in your template to ensure that no components (K2 or otherwise) include non-secure dependencies on pages that you want to be secure. Here's the code:
// SSL fix to resolve issues with K2<br/>
if ( substr($this-&gt;base, 0, 5) == 'https' ) {<br/>
$head = $this-&gt;getHeadData();<br/>
// first, the stylesheets:<br/>
foreach($head['styleSheets'] as $link =&gt; $props) {<br/>
if (strpos($link, 'http:') !== false) {<br/>
$fixedLink = str_replace('http:', 'https:', $link);<br/>
$head['styleSheets'][$fixedLink] = $props;<br/>
unset($head['styleSheets'][$link]);<br/>
}<br/>
}<br/>
// then, the js:<br/>
foreach($head['scripts'] as $link =&gt; $props) {<br/>
if (strpos($link, 'http:') !== false) {<br/>
$fixedLink = str_replace('http:', 'https:', $link);<br/>
$head['scripts'][$fixedLink] = $props;<br/>
unset($head['scripts'][$link]);<br/>
}<br/>
}<br/>
$this-&gt;setHeadData($head);<br/>
}

Just put that snippet in your template (it shouldn't matter where you put it, but I find it helpful to put all php logic at the top of my templates, before the actual html markup; though regardless of where you put the code snippet, make sure it's in a &lt;?php ?&gt; block), and your secure pages will become secure once more.

Please Log in or Create an account to join the conversation.

More
12 years 11 months ago #73668 by James Anderson
Replied by James Anderson on topic k2 is breaking secure pages
Hey mate, this looks promising! I tried your code but everytime I try to use it still returns fixed http:// urls for K2 cache files and other JS files + CSS?

Any ideas? site is www.nzgeographic.co.nz

 

Please Log in or Create an account to join the conversation.

More
12 years 11 months ago #73669 by Andrew Patton
Replied by Andrew Patton on topic k2 is breaking secure pages
I’m not sure how to deal with cached content in general (like in modules). That would require a different kind of fix then the one I suggest.

 

However, based on looking at your checkout page, I can see some things you could do.

 

First, in the right-side modules, you could make the image sources begin with a forward slash (e.g., /images/stories/ad_agency/2/1310420706.jpg instead of www.nzgeographic.co.nz/images/stories/ad_agency/2/1310420706.jpg)

 

You will also need to make sure com_adagency’s JS include and the swfobject.js include from googleapis both get https.

 

The K2 includes (CSS and JS), as far as I could see, were fine. No problems with missing https.

Please Log in or Create an account to join the conversation.

More
12 years 11 months ago #73670 by James Anderson
Replied by James Anderson on topic k2 is breaking secure pages
Hi, yeah I have contacted iJoomla about Ad Agency fixes, was trying to get the K2 stuff fixed. And I am still trying to find what is calling the googleapi..

Andrew Patton said:
I’m not sure how to deal with cached content in general (like in modules). That would require a different kind of fix then the one I suggest.

 

However, based on looking at your checkout page, I can see some things you could do.

 

First, in the right-side modules, you could make the image sources begin with a forward slash (e.g., /images/stories/ad_agency/2/1310420706.jpg instead of www.nzgeographic.co.nz/images/stories/ad_agency/2/1310420706...)

 

You will also need to make sure com_adagency’s JS include and the swfobject.js include from googleapis both get https.

 

The K2 includes (CSS and JS), as far as I could see, were fine. No problems with missing https.

Please Log in or Create an account to join the conversation.

  1. Forum
  3. K2 Community Forum
  5. English K2 Community
  7. k2 is breaking secure pages

Powered by Kunena Forum