[ic] ExtraSecure and special_pages/violation - PATCH

Angus Rogerson arogerso at uwaterloo.ca
Fri Oct 25 18:29:26 UTC 2013 

In an email exchange ending with http://www.icdevgroup.org/pipermail/interchange-users/2009-December/051506.html,
Jon and Tom described a solution for better behaviour for the ExtraSecure feature.

In an email http://www.icdevgroup.org/pipermail/interchange-users/2013-May/054042.html, Paul hints at the need for similar functionality.

The patch below implements this feature in 5.8.0. Sorry, I don't have git.

With this patch, the user gets a 301 redirect to the secure version of the page instead of the violation page. The logGlobal uses some non-standard CGI values which would need to be added to @Map in Vend::Server.

Angus


> *** interchange/lib/Vend/Page.pm	24 Aug 2013 23:46:49 -0000	1.1.1.1
> --- interchange/lib/Vend/Page.pm	25 Oct 2013 17:56:19 -0000
> ***************
> *** 105,111 ****
>   	if($Vend::Cfg->{ExtraSecure} and
>   		$Vend::Cfg->{AlwaysSecure}->{$name}
>   		and !$CGI::secure) {
> ! 		$name = find_special_page('violation');
>   	}
>   
>   	$page = $Vend::VirtualPage || readin($name);
> --- 105,149 ----
>   	if($Vend::Cfg->{ExtraSecure} and
>   		$Vend::Cfg->{AlwaysSecure}->{$name}
>   		and !$CGI::secure) {
> ! 		# 2013-10-25 AxR - When ExtraSecure page is requested
> ! 		# using non-secure mode, send 301 referral to use
> ! 		# the secure mode. Code taken from BounceReferrals code
> ! 		# in Vend::Dispatch as suggested by Tom Burton and
> ! 		# Jon Jensen interchange-users December 2009 051506
> ! 		::logGlobal(
> ! 		    "ExtraSecure page '%s' called as '%s' by '%s'",
> ! 		    $name,
> ! 		    $CGI::script_uri,
> ! 		    $CGI::referer,
> ! 		);
> ! 		my $path = $CGI::path_info;
> ! 		$path =~ s:^/::;
> ! 		my $form =
> ! 		    join '',
> ! 			map { "$_=$CGI::values{$_}\n" }
> ! 			    grep { !$Vend::Cfg->{BounceReferrals_hide}->{$_} }
> ! 				sort keys %CGI::values;
> ! 		my $url = secure_vendUrl(
> ! 		    $path eq '' ? $Vend::Cfg->{DirectoryIndex} : $path,
> ! 		    undef,
> ! 		    undef,
> ! 		    { form => $form, match_security => 1 }
> ! 		);
> ! 		$url = header_data_scrub($url);
> ! 		my $msg = ::get_locale_message(
> ! 		    301,
> ! 		    "Redirected to %s.",
> ! 		    $url,
> ! 		);
> ! 		$Vend::StatusLine = <<EOF;
> ! Status: 301 Moved
> ! Location: $url
> ! Content-Type: text/plain
> ! 
> ! Redirecting to $url
> ! EOF
> ! 		::response($msg);
> ! 		return;
>   	}
>   
>   	$page = $Vend::VirtualPage || readin($name);


---
Angus Rogerson, BMath, BScN, RN

Duct Tape Programmer
University of Waterloo | Retail Services | Information Systems

Visit Us Online & Right On Campus www.retailservices.uwaterloo.ca

More information about the interchange-users mailing list