1
Vote

Ticket URL is incorrect for secure site

description

In a secure https website, the URL of the ticket in the email notification has http instead of https . Clicking on the link will cause error if the website is configured to require https. This issue was found in AdefHelpDesk version 2.11.00 and DNN 5.5.1.

comments

adefwebserver wrote Apr 17, 2011 at 1:40 AM

I agonized over this one. The issues are:

We could easily make this work if we allowed the url to be configured in settings. The problem is that if you configured it one way and then changed your DNN or IIS settings ADefHelpDesk would stop working due to a configuration that was made. As you know the point of ADefHelpDesk is that there are no configuration settings that you can do that will cause it not to work.

I have deployed ADefHelpDesk on a site that only allows https, and it works, the user is simply redirected to the https url (I think it is a DotNetNuke host settings that does this). Because I was able to deploy adefhelpdesk on a https site I chose not to implementanythig but http in the emails.

mcsenow wrote Apr 20, 2011 at 4:05 AM

The bug happened in Utility.FixURLLink routine. This bug can be re-produced in secure website and dnn is configured as a virtual app.

For example, the dnn portal is running in virtual app dnn544. The portal can be brought with URL https://localhost/dnn544. The ticket URL has virtual app folder repeat twice.

When debug is turned on, the following variables were passed to Utility.FixURLLink

strURL = "/dnn544/Util/tabid/62/ctl/EditTask/mid/555/TaskID/1/TP/1NPLMMGB3U876NEKH1A31/Default.aspx"
strHTTPAlias = "localhost/dnn544"

The strFixedURL = "http://localhost/dnn544/dnn544/Util/tabid/62/ctl/EditTask/mid/555/TaskID/1/TP/1NPLMMGB3U876NEKH1A31/Default.aspx"

In the above example, the virtual app dnn544 are repeated twice.

mcsenow wrote Apr 20, 2011 at 4:22 AM

To fix the bug, we made a slight modification in the Utility.FixURLLink. Below is the code:
    #region FixURLLink
    public static string FixURLLink(string strURL, string strHTTPAlias)
    {
        string strFixedURL = strURL;

        // If http is not present add it
        if ((!strFixedURL.Contains("http://")) & (!strFixedURL.Contains("https://")))
        {
            strFixedURL = strHTTPAlias + strFixedURL; // InDyne Customization - add domainserverurl
        }

        return strFixedURL;
    }
    #endregion
When calling Utility.FixURLLink, pass in the dnn root URL instead of PortalSettings.PortalAlias.HTTPAlias. The dnn core DotNetNuke.Common.Globals.AddHTTP is used to dynamically append https if the site is in secure mode. See example code below
        string strDomainServerUrl = DotNetNuke.Common.Globals.AddHTTP(Request.Url.Host);  // InDyne Customization - get DomainServerUrl for use in Utility.FixURLLink
        string strPasswordLinkUrl = Utility.FixURLLink(DotNetNuke.Common.Globals.NavigateURL(PortalSettings.ActiveTab.TabID, "EditTask", "mid=" + ModuleId.ToString(), String.Format(@"&TaskID={0}&TP={1}", TaskID, objADefHelpDesk_Tasks.TicketPassword)), strDomainServerUrl);

adefwebserver wrote Apr 20, 2011 at 1:14 PM

Thank you for this. I will need to test this in DNN 4 and then schedule it for the next release.

wrote Apr 20, 2011 at 1:18 PM

wrote Feb 14, 2013 at 6:27 PM