[ic] ExtraSecure and special_pages/violation - PATCH
Angus Rogerson
arogerso at uwaterloo.ca
Fri Oct 25 18:29:26 UTC 2013
In an email exchange ending with http://www.icdevgroup.org/pipermail/interchange-users/2009-December/051506.html,
Jon and Tom described a solution for better behaviour for the ExtraSecure feature.
In an email http://www.icdevgroup.org/pipermail/interchange-users/2013-May/054042.html, Paul hints at the need for similar functionality.
The patch below implements this feature in 5.8.0. Sorry, I don't have git.
With this patch, the user gets a 301 redirect to the secure version of the page instead of the violation page. The logGlobal uses some non-standard CGI values which would need to be added to @Map in Vend::Server.
Angus
> *** interchange/lib/Vend/Page.pm 24 Aug 2013 23:46:49 -0000 1.1.1.1
> --- interchange/lib/Vend/Page.pm 25 Oct 2013 17:56:19 -0000
> ***************
> *** 105,111 ****
> if($Vend::Cfg->{ExtraSecure} and
> $Vend::Cfg->{AlwaysSecure}->{$name}
> and !$CGI::secure) {
> ! $name = find_special_page('violation');
> }
>
> $page = $Vend::VirtualPage || readin($name);
> --- 105,149 ----
> if($Vend::Cfg->{ExtraSecure} and
> $Vend::Cfg->{AlwaysSecure}->{$name}
> and !$CGI::secure) {
> ! # 2013-10-25 AxR - When ExtraSecure page is requested
> ! # using non-secure mode, send 301 referral to use
> ! # the secure mode. Code taken from BounceReferrals code
> ! # in Vend::Dispatch as suggested by Tom Burton and
> ! # Jon Jensen interchange-users December 2009 051506
> ! ::logGlobal(
> ! "ExtraSecure page '%s' called as '%s' by '%s'",
> ! $name,
> ! $CGI::script_uri,
> ! $CGI::referer,
> ! );
> ! my $path = $CGI::path_info;
> ! $path =~ s:^/::;
> ! my $form =
> ! join '',
> ! map { "$_=$CGI::values{$_}\n" }
> ! grep { !$Vend::Cfg->{BounceReferrals_hide}->{$_} }
> ! sort keys %CGI::values;
> ! my $url = secure_vendUrl(
> ! $path eq '' ? $Vend::Cfg->{DirectoryIndex} : $path,
> ! undef,
> ! undef,
> ! { form => $form, match_security => 1 }
> ! );
> ! $url = header_data_scrub($url);
> ! my $msg = ::get_locale_message(
> ! 301,
> ! "Redirected to %s.",
> ! $url,
> ! );
> ! $Vend::StatusLine = <<EOF;
> ! Status: 301 Moved
> ! Location: $url
> ! Content-Type: text/plain
> !
> ! Redirecting to $url
> ! EOF
> ! ::response($msg);
> ! return;
> }
>
> $page = $Vend::VirtualPage || readin($name);
---
Angus Rogerson, BMath, BScN, RN
Duct Tape Programmer
University of Waterloo | Retail Services | Information Systems
Visit Us Online & Right On Campus www.retailservices.uwaterloo.ca
More information about the interchange-users
mailing list