View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0016611 | phpList 3 application | Statistics | public | 04-05-12 09:20 | 22-05-12 22:03 |
| Reporter | PaulD | Assigned To | |||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | resolved | Resolution | fixed | ||
| Platform | Windows Server 2008 R2 | OS | Windows Server 2008 R2 | OS Version | Windows Server 2 |
| Product Version | 2.10.17 | ||||
| Fixed in Version | 2.11.7 | ||||
| Summary | 0016611: Click Tracking changed URL Protocol HTTPS | ||||
| Description | Login to the admin part of PHPlist was forced to HTTPS. On sending a mail to the mailing list with click tracking activated the protcol part of all the URLS was changed from "http" to "https". The result was that all the links were "dead" as HTTPS external to our network was blocked by the firewall. Preferably the protocol used for link tracking should be set in the configuration and not assummed to be the same as the login by the admin. | ||||
| Steps To Reproduce | 1. Setup PHPList so that the login to the admin goes over HTTPS. 2. Activate link tracking 3. Send a message => all links are changed to be "https" instead of "http" | ||||
| Additional Information | The global variable "scheme" ist set in admin\init.php at line 34: --- 31: ## @@ would be nice to move this to the config file at some point 32: # http://mantis.phplist.com/view.php?id=15521 33: ## set it on the fly, although that will probably only work with Apache 34: $GLOBALS['scheme'] = (isset($_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS']) == 'on')) ? 'https' : 'http'; --- "scheme" is used in admin\sendmaillib.php to set "$clicktrack_root": --- 436: $clicktrack_root = sprintf('%s://%s/lt.php',$GLOBALS["scheme"],$website.$GLOBALS["pageroot"]); --- | ||||
| Tags | No tags attached. | ||||
|
|
Workaround ---------- 1: Open access to HTTPS in the company firewall to the server hosting PHPList to allow links in already send mails to be accessed 2: Remove the access via HTTPS to the PHPlist admin interface for future mailings |
|
|
ah, yes, very true. Will be good to have two configs for that, one backend and one frontend. |
|
|
new config PUBLIC_PROTOCOL http://phplist.svn.sourceforge.net/phplist/?rev=3237&view=rev |
