Last modified: 2011-09-29 21:41:27 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T33252, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 31252 - ConfirmEdit: reCAPTCHA HTTPS support
ConfirmEdit: reCAPTCHA HTTPS support
Status: RESOLVED FIXED
Product: MediaWiki extensions
Classification: Unclassified
ConfirmEdit (CAPTCHA extension) (Other open bugs)
unspecified
All All
: Unprioritized enhancement (vote)
: ---
Assigned To: Brion Vibber
: patch, patch-need-review
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2011-09-29 16:51 UTC by Alex Legler
Modified: 2011-09-29 21:41 UTC (History)
1 user (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Updates recaptchalib.php to the most recent version provided by Google (7.79 KB, patch)
2011-09-29 16:52 UTC, Alex Legler 		Details
Enables HTTPS support when requesting the CAPTCHA (499 bytes, patch)
2011-09-29 16:52 UTC, Alex Legler 		Details
Add an attachment (proposed patch, testcase, etc.)

Description Alex Legler 2011-09-29 16:51:27 UTC 
The current reCAPTCHA module in ConfirmEdit does not support loading the CAPTCHA  via HTTPS. This will cause "insecure content loaded" warnings when browsing on an HTTPS-enabled wiki.

To get support for this, two changes are needed:
* Update recaptchalib.php to the current version as provided by Google. The bundled version in ConfirmEdit still has the old host names, while Google uses google.com, especially for the HTTPS service. There are redirects in place, but they might cause certificate warnings.

* Use a HTTPS url when the wiki request itself was made via HTTPS as well.

I'll attach patches for both.
Comment 1 Alex Legler 2011-09-29 16:52:02 UTC 
Created attachment 9124 [details]
Updates recaptchalib.php to the most recent version provided by Google
Comment 2 Alex Legler 2011-09-29 16:52:26 UTC 
Created attachment 9125 [details]
Enables HTTPS support when requesting the CAPTCHA
Comment 3 Brion Vibber 2011-09-29 21:41:27 UTC 
Nice catch, thanks!

Applied on trunk in r98461, REL1_18 in r98465. I don't think we have it enabled on our own production wikis, so not worrying about 1.18wmf1 tweaks atm.

ReCaptcha isn't in the 1.17 version of ConfirmEdit, but in case the 1.18 or trunk versions get used on 1.17 and are otherwise compatible I've replaced the WebRequest::detectProtocol() call with a direct check on $_SERVER['HTTPS'].

Confirmed that this resolves mixed-content security errors on captcha display on one of my sites when run over https. Yay!
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links