20 March 2011, 18:17

Hi John,

We are hoping to be able to address this in 1.4:

  https://bugs.launchpad.net/mahara/+bug/646713

  https://bugs.launchpad.net/mahara/+bug/650931

Cheers,

Francois

20 August 2013, 18:03

Dear All,

Since Firefox updated to version 23, we are facing a problem and message is shown
"Firefox has blocked content that isn't secure".

This was not a problem before.

We can "Disable Protection on This Page" manually and everything will work fine temporarily.

We are using the default theme, and version 1.6.5.

Please advise.

Best regards,
Anis

20 August 2013, 21:34

Hello Anis,

We've seen this also with the external media block when a video or so uses http:// as protocol but the site runs under https. We are working on a fix for that for the next minor release.

As far as your theme goes, I guess you'll have to ensure that all images are also hosted under https. Do you link to images that are not sitting in the theme folder? Or is it not really a theme issue? On what pages do you see the problem? On every page or just pages that have external content embedded?

Cheers

Kristina

28 May 2014, 21:19

Hi,

I came across this when we moved Mahara (1.6.3test) to https and found that YouTube embedded videos don't display. If the url for the video is edited to read https it works fine (for YouTube) - but if you have hundreds of embedded videos throughout a site it's a major update manually, and if students are individually using this method in their portfolios it snowballs.

Is there a way to find & replace http://www.youtube with https://www.youtube directly in the database? Our server team had a look at doing that but none of the artefacts within pages/groups were updated by the script.

Any advice?

Thanks, Gordon.

28 May 2014, 22:40

It turns out that (unfortunately) the links to YouTube are stored in serialised data fields in the database. This would require some scripting to unserialise, ammend and re-serialise. 

For a one-off, it's probably quicker to fix them manually. 

28 May 2014, 23:32

Hi Howard,

I guess it depends what a 1-off is. If it affects hundreds of links (potentially thousands of users) it has significant impact on both users and time to manually update. In my own school Mahara is the sole conduit to our self-help practical videos which had over 7000 views in the past month. Not to mention any content (eg student submitted work) that people might not have rights to access to update.

If anyone has found a good (repeatable) script or other solution to this I'd love to hear about it.

Regards, Gordon.

29 May 2014, 11:46

While it was in some ways a regrettable shortcut to store the block config data as a big PHP-serialized blob, it actually doesn't affect the difficulty of this particular task much. You should be able to fix it using a single find/replace SQL query to turn all "http://" into "https://" in the configdata of externalvideo blocks:

update block_instance set configdata=replace(configdata, 'http://', 'https://') where blocktype='externalvideo';

Conveniently the replace() function is the same in Postgres and MySQL. I think this should be pretty unlikely to have any unwanted side effects... if a user has a block with "http://" in its title they'll notice it changed to "https://", but that's about it.

Cheers,

Aaron

29 May 2014, 13:05

Except that simple fix of updating the db to change http:// to https:// will not work due to the serialized string length will also need to be updated to be X chars longer depending on how many 's' were added to the string, otherwise the it will not unserialize properly.

Eg if we have s:100:"html containing http://" it will need to change to s:101:"html containing https://"

So there doesn't look to be an easy way to do this without using a php script.

Though writing the script shouldn't be hard, we just need:

1) PHP script to read the id field from database where configdata matches http://

2) Foreach result unserialize the configdata by going $blockinstance = new Blockinstance($id); where the id is fetched from db.

3) Then go $configdata = $blockinstance->get('configdata'); so configdata should now be an array we can loop thru.

3) search/replace any http:// in the $configdata loop

4) save it back to the block with  $blockinstance->set('configdata', $configdata); and $blockinstance->commit();

29 May 2014, 14:14

Oh, good point. I should have tested that more thoroughly. That's the reason the serialized data is so annoying. You can't just do a simple find/replace because you also have to update the string length.

Okay, running this PHP script should do it:

<?php
define('INTERNAL', 1);
require_once('init.php');

$records = get_records_array('block_instance', 'blocktype', 'externalvideo', 'id', 'id, configdata');
foreach ($records as $r) {
    $data = unserialize($r->configdata);
    $data['html'] = str_replace('http://', 'https://', $data['html']);
    $data['videoid'] = str_replace('http://', 'https://', $data['videoid']);
    $serdata = serialize($data);
    set_field('block_instance', 'configdata', $serdata, 'id', $r->id);
}

29 May 2014, 19:45

Hi,

Thanks for the feedback. I'll pass this to our IT guys to see if they can implement the script.

Much appreciated, Gordon.