Jump to content

[SOLVED] Quick Search Block module provokes unsecure SSL


Recommended Posts

Hello!

 

I run a Prestashop 1.5.4.1 installation. When accessing any SSL secured page, I get a notice that says that there are unsecured links.

 

With inspector function in Chrome I found this:

 

"The page at 'https://www.mysite.com/en/authentication?back=my-account' was loaded over HTTPS, but is submitting data to an insecure location at 'http://www.mysite.com/en/search': this content should also be submitted over HTTPS."

 

I found that uninstalling the Quick Search Block module solves the issue, but I don't have any way to let my customers search in my website.

 

Is there any way to sumbit data to /search over https?

 

Thanks

Edited by spanishcivilwarstamps (see edit history)
Link to comment
Share on other sites

I've partially solved it through Positions, setting exceptions for all the pages that run under https:

 

pdforderreturn, parentorder, pdfinvoice, orderreturn, orderopc, orderfollow, identity, address, addresses, orderslip, cart, history, myaccount, auth, discount, order, orderconfirmation, orderdetail, pdforderslip, mywishlist, account

 

But is there a way to secure with SSL /search to avoid placing exception for the search bar in all the pages that require SSL?

Link to comment
Share on other sites

I've just started to get this error message in Chrome also.  I wonder if this is due to a change in the way Google is assessing a pages' security as the problem has suddenly appeared despite making no changes to block search.

 

The call comes from block search-top.tpl (in PS 1.5.6.2):

<!-- Block search module TOP -->
<div id="search_block_top">
	<form method="get" action="{$link->getPageLink('search')|escape:'html'}" id="searchbox">
		<p>
			<label for="search_query_top"><!-- image on background --></label>
			<input type="hidden" name="controller" value="search" />
			<input type="hidden" name="orderby" value="position" />
			<input type="hidden" name="orderway" value="desc" />
			<input class="search_query" type="text" id="search_query_top" name="search_query" value="{$search_query|escape:'htmlall':'UTF-8'|stripslashes}" />
			<input type="submit" name="submit_search" value="{l s='Search' mod='blocksearch'}" class="button" />
		</p>
	</form>
</div>

which results in http://www.mysite.com/search, even on ssl pages.

 

Anyone know how to fix this?

Link to comment
Share on other sites

Hi all,

 

Same here, running 1.6.0.8 and using the default-bootstrap themewe have successfully installed an EV SSL certificate, on all browser, except Chrome, we are getting the green URL. On Chrome, we are getting the https lock with the yellow warning triangle and the message stating that some resources in the page are pointing to insecure pages...

 

So, we have run the chrome inspector and it seems the pages submitting data to http and also the search box... see the error messages we got for example for the contact-us page:

 

The page at 'https://xxx.ch/contact-us' was loaded over HTTPS, but is submitting data to an insecure location at 'http://xxx.ch/search': this content should also be submitted over HTTPS.
 contact-us:165
The page at 'https://xxx.ch/contact-us' was loaded over HTTPS, but is submitting data to an insecure location at 'http://xxx.ch/': this content should also be submitted over HTTPS.
 contact-us:290
 
and same on on the quick-order page and so on any form pages
The page at 'https://xxx.ch/quick-order' was loaded over HTTPS, but is submitting data to an insecure location at 'http://xxx.ch/search': this content should also be submitted over HTTPS.
 quick-order:169
The page at 'https://xxx.ch/quick-order' was loaded over HTTPS, but is submitting data to an insecure location at 'http://xxx.ch/': this content should also be submitted over HTTPS.
 quick-order:243

 

We have tried to force the entire site to use https, but the problem continues. 

 

I have checked if we had any images or css pointing to http, but definitively it seems to in the core of the prestashop template.

 

Would appreciate any guidance!

 

Thanks!

Link to comment
Share on other sites

Ok, one more information, we found that the Get made by the search box and the Post made by the Newsletter subscription created the HTTP insecure code in Chrome (by running the inspector.

 

Now, if we force HTTPS to the entire shop, we don't have anymore the error from the Newsletter Post code...

 

and, if we disable the search module (in french: Bloc recherche rapide v1.5.1 - by PrestaShop), no more HTTP error for the Search box of course...

 

and Green lock....

 

of course, we haven't solved it, but at least we found where it comes from, now maybe someone else can help us how to force those two on https? 

 

Big thanks in advance!

Link to comment
Share on other sites

we have tried to modify blocksearch-top.tpl adding ,true in getPageLink, recompile, stop caching, empty cache, reloaded the page, but still doesn't work, same error on the Search box Get, so we haven't even tried to modify the newsletter... any other ideas??  :unsure:

 

<form id="searchbox" method="get" action="{$link->getPageLink('search', true)|escape:'html':'UTF-8'}" >

Link to comment
Share on other sites

Adding "true" to the URL should work so if it doesn't then the chances are that the file is being overridden by your theme.  Check your theme for the blocksearch-top.tpl, probably in themes/yourtheme/modules/blocksearch. 

 

Changing:

<form method="get" action="{$link->getPageLink('search')|escape:'html'}" id="searchbox">

to:

<form method="get" action="{$link->getPageLink('search', true)|escape:'html'}" id="searchbox">

will force the link to be called with https on all pages.  I changed mine to the following:

{if $search_ssl == 1}<form method="get" action="{$link->getPageLink('search', true)|addslashes}" id="searchbox">{else}<form method="get" action="{$link->getPageLink('search')|addslashes}" id="searchbox"{/if}

This ensures the link is https only on pages that need it to be, and the green padlock has returned:)

Edited by pel024 (see edit history)
  • Like 8
Link to comment
Share on other sites

Adding "true" to the URL should work so if it doesn't then the chances are that the file is being overridden by your theme.  Check your theme for the blocksearch-top.tpl, probably in themes/yourtheme/modules/blocksearch. 

 

Changing:

<form method="get" action="{$link->getPageLink('search')|escape:'html'}" id="searchbox">

to:

<form method="get" action="{$link->getPageLink('search', true)|escape:'html'}" id="searchbox">

will force the link to be called with https on all pages.  I changed mine to the following:

{if $search_ssl == 1}<form method="get" action="{$link->getPageLink('search', true)|addslashes}" id="searchbox">{else}<form method="get" action="{$link->getPageLink('search')|addslashes}" id="searchbox"{/if}

This ensures the link is https only on pages that need it to be, and the green padlock has returned:)

 

 

Thanks!!! at least good to know that it worked for someone else!  :rolleyes:

 

What we had tried exactly this change, we did the correction on the theme we use...

 

given that it was the first time we made changes to tpl files, maybe we did not recompile correctly? What we did was force recompile, stop caching, empty cache, reloaded the page, no luck...

  • Like 1
Link to comment
Share on other sites

have you tried to force ssl connection with code mentioned by sikarep

hi, 

if I did but I did not solve the problem.

 

My solution:

blocksearch-top.tpl, probably in themes/yourtheme/modules/blocksearch. 

 

Changing:

<form method="get" action="{$link->getPageLink('search')|escape:'html'}" id="searchbox">

to:

<form method="get" action="https://YOUSITE.com/search.php" id="searchbox">

  • Like 1
Link to comment
Share on other sites

Thanks!!! at least good to know that it worked for someone else!  :rolleyes:

 

What we had tried exactly this change, we did the correction on the theme we use...

 

given that it was the first time we made changes to tpl files, maybe we did not recompile correctly? What we did was force recompile, stop caching, empty cache, reloaded the page, no luck...

 

Thanks Pel024!!!! In fact, you were right, I thought I did the change in my theme's module, but I did not, so I have made again the same changes this morning and the site is now running perfectly!

 

We have made one change at once, so we haven't implemented your conditional code to use https only when required.

 

we had had to also chance the newsletter block <form action="{$link->getPageLink('index',true)|escape:'html':'UTF-8'}" method="post">? So if the condition in that case will be something like this {if $index_ssl == 1}... ?

 

BTW, I'd like to thanks Wdxperience http://www.prestashop.com/forums/user/23356-wdxperience/ who gave us the initial hint to add true to the code!!!!

 

Once we will have corrected the 2 modules with the conditional code, we will post the final resolution here and also turn the discussion to SOLVED

 

 

Link to comment
Share on other sites

we had had to also chance the newsletter block <form action="{$link->getPageLink('index',true)|escape:'html':'UTF-8'}" method="post">? So if the condition in that case will be something like this {if $index_ssl == 1}... ?

 

Hi, could you please post the exact code with the change, how you modified the newsletter form to also include SSL? I am having the same issue as you, and am not sure how to implement your fix.

 

Thanks in advance!

Link to comment
Share on other sites

  • 2 weeks later...

@Mister Denial:

 

I'm using prestashop 1.5.6.2 and I have changed the file blocksearch-top.tpl  in the following routes:

 

/modules/BlockSearch

/themes/Default/Modules/BlockSearch

 

changing the file in the following way:

<div class="input_search" data-role="fieldcontain">
	{if $search_ssl == 1}
		<form method="get" action="{$link->getPageLink('/search', true)|addslashes}" id="searchbox">
		{else}
		<form method="get" action="{$link->getPageLink('/search')|addslashes}" id="searchbox">
	{/if}
		<input type="hidden" name="controller" value="search" />
		<input type="hidden" name="orderby" value="position" />
		<input type="hidden" name="orderway" value="desc" />
		<input class="search_query" type="search" id="search_query_top" name="search_query" placeholder="{l s='Search' mod='blocksearch'}" value="{$search_query|escape:'htmlall':'UTF-8'|stripslashes}" />
	</form>
</div>

and the error continues I can't load the SSL certificate correctly in some sections like the shopping-cart

 

Does anyone know what can be happening?

 

This is my store --> toes.es

 

Please help me :(

Link to comment
Share on other sites

The If statement is not necessary because the test for SSL is already built into the "get".

 

Try completely removing this, 

{if $search_ssl == 1}
 <form method="get" action="{$link->getPageLink('/search', true)|addslashes}" id="searchbox">
{else}
 <form method="get" action="{$link->getPageLink('/search')|addslashes}" id="searchbox">

 

 

And replace it with this,

<form method="get" action="{$link->getPageLink('/search', true)|addslashes}" id="searchbox">

 

 

If that dosen't work try,

{if $search_ssl == 1}
 <form method="get" action="{$link->getPageLink('/search', true)|addslashes}" id="searchbox">
{else}
 <form method="get" action="{$link->getPageLink('/search', true)|addslashes}" id="searchbox">

 

You only need to change

/themes/Default/Modules/BlockSearch

Link to comment
Share on other sites

Are you sure this search box is BlockSearch ?

 

Please confirm. An easy way is to rename the folders, for example rename the directory BlockSeach to xxBlockSeach. You will need to do this at both locations.

 

If renaming your BlockSearch Directories breaks your search we will know we have the right module. If it doesn't break, we need to fix the correct module.

Link to comment
Share on other sites

If I rename the blocksearch folder to xxxblocksearch in modules and themes/default/modules the search box at the top of the page dissapear and if I enter to the shopping-cart it's showing me the following errors:
error2.jpg

To Mister Denial:

 

When I make the changes to blocksearch-top.tpl file on the default theme I always turn on the force recompile option. 

In this way it's showing me the following error:

Error3.jpg

I don't know what more things I can try nothin works :(

Link to comment
Share on other sites

OK ... in your blocksearch-top.tpl you should see the search code for mobile devi

{if isset($hook_mobile)}
<div class="input_search" data-role="fieldcontain">
	<form method="get" action="{$link->getPageLink('search')}" id="searchbox">
		<input type="hidden" name="controller" value="search" />
		<input type="hidden" name="orderby" value="position" />
		<input type="hidden" name="orderway" value="desc" />
		<input class="search_query" type="search" id="search_query_top" name="search_query" placeholder="{l s='Search' mod='blocksearch'}" value="{if isset($smarty.get.search_query)}{$smarty.get.search_query|htmlentities:$ENT_QUOTES:'utf-8'|stripslashes}{/if}" />
	</form>
</div>

and then a 2nd block of code for top search,

<!-- Block search module TOP -->
<section id="search_block_top" class="header-box">
	<form method="get" action="{$link->getPageLink('/search',true)}" id="searchbox">
		<p>
			<label for="search_query_top">{l s='Search' mod='blocksearch'}</label>
			<input type="hidden" name="controller" value="search" />
			<input type="hidden" name="orderby" value="position" />
			<input type="hidden" name="orderway" value="desc" />
			<input class="search_query" type="text" id="search_query_top" name="search_query" value="{if isset($smarty.get.search_query)}{$smarty.get.search_query|htmlentities:$ENT_QUOTES:'utf-8'|stripslashes}{/if}" />
            <a href="javascript:document.getElementById('searchbox').submit();"><i class="icon-search"></i></a>
			
	    </p>
	</form>
</section>

Are you doing both?

Edited by Bill Dalton (see edit history)
Link to comment
Share on other sites

I have the blocksearch-top.tpl like this:

<!-- block seach mobile -->
{if isset($hook_mobile)}
<div class="input_search" data-role="fieldcontain">
	<form method="get" action="{$link->getPageLink('/search', true)|addslashes}" id="searchbox">
		<input type="hidden" name="controller" value="search" />
		<input type="hidden" name="orderby" value="position" />
		<input type="hidden" name="orderway" value="desc" />
		<input class="search_query" type="search" id="search_query_top" name="search_query" placeholder="{l s='Search' mod='blocksearch'}" value="{$search_query|escape:'htmlall':'UTF-8'|stripslashes}" />
	</form>
</div>
{else}
<!-- Block search module TOP -->
<div id="search_block_top">
	<form method="get" action="{$link->getPageLink('/search',true)|escape:'html'}" id="searchbox">
		<p>
			<label for="search_query_top"><!-- image on background --></label>
			<input type="hidden" name="controller" value="search" />
			<input type="hidden" name="orderby" value="position" />
			<input type="hidden" name="orderway" value="desc" />
			<input class="search_query" type="text" id="search_query_top" name="search_query" value="{$search_query|escape:'htmlall':'UTF-8'|stripslashes}" />
			<input type="submit" name="submit_search" value="{l s='Search' mod='blocksearch'}" class="button" />
		</p>
	</form>
</div>

Bill Dalton as you can see I had already realized that I had to change the code in both places.

 

The error continues nothing that I've tried works :(

Link to comment
Share on other sites

The only difference seems to be )|escape:'html'

 

Have you tried replacing,

<form method="get" action="{$link->getPageLink('/search',true)|escape:'html'}" id="searchbox">

 

With

<form method="get" action="{$link->getPageLink('/search',true)}" id="searchbox">

 

Bill Dalton I also tried what you mention and the error persists.

Link to comment
Share on other sites

Also the changes we indicated also had to edit the following file:
 
/themes/default/modules/blocknewsletter/blocknewsletter.tpl
<!-- Block Newsletter module-->

<div id="newsletter_block_left" class="block">
	<p class="title_block">{l s='Newsletter' mod='blocknewsletter'}</p>
	<div class="block_content">
	{if isset($msg) && $msg}
		<p class="{if $nw_error}warning_inline{else}success_inline{/if}">{$msg}</p>
	{/if}
		<form action="{$link->getPageLink('index')|escape:'html'}" method="post">
			<p>
				<input class="inputNew" id="newsletter-input" type="text" name="email" size="18" value="{if isset($value) && $value}{$value}{else}{l s='your e-mail' mod='blocknewsletter'}{/if}" />
				<input type="submit" value="ok" class="button_mini" name="submitNewsletter" />
				<input type="hidden" name="action" value="0" />
			</p>
		</form>
	</div>
</div>
<!-- /Block Newsletter module-->

Changing the following line like this:

<form action="{$link->getPageLink('index',true)|escape:'html'}" method="post">

Now my SSL certificate loads correctly.

 

Thanks to all the people we helped me and specially Bill Dalton.

  • Like 2
Link to comment
Share on other sites

This is how I've solved it:

 

I've updated to Prestashop 1.5.6.2

 

Then:

 

Preferences > General: Force SSL on all pages YES

 

Then I've edited classes/Link.php with this GitHub:

 

https://github.com/PrestaShop/PrestaShop/commit/640100f10f789129dc50a0d68e3e82cedf85aad3

 

I've enabled Quick Search Box positions for all pages, with no restrictions, and all the content of the site is served in SSL.

 

Forcing SSL on all pages may also improve SEO, as Google now gives priority in search results to sites fully served in SSL.

 

So I mark this topic as solved.

  • Like 1
Link to comment
Share on other sites

  • 4 weeks later...

This solution is for prestashop 1.6.0.9 and anybody who use custom theme and in blocksearch-top.tpl is following code:

 

<div class="input_search" data-role="fieldcontain">
<form method="get" action="{$link->getPageLink('search')}" class="searchbox">
<input type="hidden" name="controller" value="search" />
<input type="hidden" name="orderby" value="position" />
<input type="hidden" name="orderway" value="desc" />
<input class="search_query" type="search" id="search_query_top" name="search_query" placeholder="{l s='Search' mod='blocksearch'}" value="{if isset($smarty.get.search_query)}{$smarty.get.search_query|htmlentities:$ENT_QUOTES:'utf-8'|stripslashes}{/if}" />
</form>
</div>
{else}
 
in my case we have to change only 
 
<form method="get" action="{$link->getPageLink('search')}" class="searchbox">
 
to
 
<form method="get" action="{$link->getPageLink('search')}" id="searchbox">
 
and all warnings are gone  :D  and on SSL!
 
best regards
 
martin
  • Like 1
Link to comment
Share on other sites

  • 1 month later...

To Post number #6

 

In addition to the "true", you need to add "/" in front of search.

 

It will look like this.

 

<form method="get" action="{$link->getPageLink('/search',true)}" id="searchbox">

 

im using prestashop 1.6.0.9

 

and i solved blocksearch and newsletter warnings by your solution.thanks.

 

i wish to see that updates from senior developers

Link to comment
Share on other sites

I am using 1.4.11,

I fixed the ssl problem on computer with the solution, add "true" in blocksearch-top.tpl.

But how to do the mobile side?

I am using the mobile theme module by prestashop.

I also add the "true" to the blocksearch-top.tpl under the mobile folder.

But the error persist.

Please help me.

Thanks

Link to comment
Share on other sites

  • 1 year later...

 

Also the changes we indicated also had to edit the following file:
 
/themes/default/modules/blocknewsletter/blocknewsletter.tpl
<!-- Block Newsletter module-->

<div id="newsletter_block_left" class="block">
	<p class="title_block">{l s='Newsletter' mod='blocknewsletter'}</p>
	<div class="block_content">
	{if isset($msg) && $msg}
		<p class="{if $nw_error}warning_inline{else}success_inline{/if}">{$msg}</p>
	{/if}
		<form action="{$link->getPageLink('index')|escape:'html'}" method="post">
			<p>
				<input class="inputNew" id="newsletter-input" type="text" name="email" size="18" value="{if isset($value) && $value}{$value}{else}{l s='your e-mail' mod='blocknewsletter'}{/if}" />
				<input type="submit" value="ok" class="button_mini" name="submitNewsletter" />
				<input type="hidden" name="action" value="0" />
			</p>
		</form>
	</div>
</div>
<!-- /Block Newsletter module-->

Changing the following line like this:

<form action="{$link->getPageLink('index',true)|escape:'html'}" method="post">

Now my SSL certificate loads correctly.

 

Thanks to all the people we helped me and specially Bill Dalton.

 

 

this works great for me.

thanks.

Link to comment
Share on other sites

×
×
  • Create New...