phplist

NOTE:: Before reporting an issue, make sure you are running the latest version, currently 3.3.1


View Issue Details Jump to Notes ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0016611phplist applicationClick Trackingpublic04-05-12 10:2022-05-12 23:03
ReporterPaulD 
PrioritynormalSeverityminorReproducibilityalways
StatusresolvedResolutionfixed 
PlatformWindows Server 2008 R2OSWindows Server 2008 R2OS VersionWindows Server 2
Product Version2.10.17 
Target Version4.0.xFixed in Version2.11.7 
Summary0016611: Click Tracking changed URL Protocol HTTPS
DescriptionLogin to the admin part of PHPlist was forced to HTTPS. On sending a mail to the mailing list with click tracking activated the protcol part of all the URLS was changed from "http" to "https". The result was that all the links were "dead" as HTTPS external to our network was blocked by the firewall. Preferably the protocol used for link tracking should be set in the configuration and not assummed to be the same as the login by the admin.
Steps To Reproduce1. Setup PHPList so that the login to the admin goes over HTTPS.
2. Activate link tracking
3. Send a message
=> all links are changed to be "https" instead of "http"
Additional InformationThe global variable "scheme" ist set in admin\init.php at line 34:
---
31: ## @@ would be nice to move this to the config file at some point
32: # http://mantis.phplist.com/view.php?id=15521 [^]
33: ## set it on the fly, although that will probably only work with Apache
34: $GLOBALS['scheme'] = (isset($_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS']) == 'on')) ? 'https' : 'http';
---

"scheme" is used in admin\sendmaillib.php to set "$clicktrack_root":
---
436: $clicktrack_root = sprintf('%s://%s/lt.php',$GLOBALS["scheme"],$website.$GLOBALS["pageroot"]);
---
TagsNo tags attached.
Attached Files

- Relationships Relation Graph ] Dependency Graph ]

-  Notes
(0051561)
PaulD (reporter)
04-05-12 10:22

Workaround
----------
1: Open access to HTTPS in the company firewall to the server hosting PHPList to allow links in already send mails to be accessed
2: Remove the access via HTTPS to the PHPlist admin interface for future mailings
(0051562)
michiel (manager)
04-05-12 12:55


ah, yes, very true. Will be good to have two configs for that, one backend and one frontend.
(0051585)
michiel (manager)
22-05-12 23:03

new config PUBLIC_PROTOCOL

http://phplist.svn.sourceforge.net/phplist/?rev=3237&view=rev [^]


Copyright © 2000 - 2017 MantisBT Team
Powered by Mantis Bugtracker