Moodle in English: https conversion tool clarification - my understanding

We just upgraded our moodle 3.2 to 3.4.x and also OS/PHP/DB/ to RHEL 7.2 64-bit, PHP 7.1.8, and MySQL 5.7.21

I want to understand this https conversion tool and to confirm this is what we have to do:

What this tool does is that it scans and warn you which external urls are in the system that just use "http"… and list them. Then the user has to confirm that an “https” version is available for that link ONE BY ONE AND EACH ONE so when the conversion is done (similar to a search and replace) from http to https, that it would work after the replacement

From what I understand, lets say that is found the ff urls to be http:

http://library.somesite.com with 2 content in them
http://buy.me.com with x content in them
http://science.com with x content in them
http://www.college.com with x content in them

etc.

So what we now have to do is to go through each one and check to see if there is a valid that the https:// version exist and renders properly for each one of them so it would render properly in moodle now after we convert from http to https using the conversion tool, correct?

https://library.somesite.com with 2 content in them
https://buy.me.com with x content in them
https://science.com with x content in them
https://www.college.com with x content in them

this is what I think is going to happen

what if there is no equivalent https for those http sites? would it break? what are our options and what happens if moodle tries and shows that url?

Is my understanding correct? please help.

thank you.

平均分： -

Re: https conversion tool clarification - my understanding

Helen Foster - 2018年06月6日星期三 14:07

Hello Jerry,

As mentioned in the documentation HTTPS conversion tool, the tool itself checks whether embedded HTTP content (not links) support HTTPS content and only lists any URLs which may not work after conversion. After switching to HTTPS, the content included from these sites will no longer display within Moodle for users with secure modern browsers.

平均分： -

Re: https conversion tool clarification - my understanding

Jerry Lau - 2018年06月6日星期三 22:07

Sorry but I still don't get it. An illustration may be better for me on how it works.

embedded http content and not links - what does this even mean? could anyone clarify or provide and example?

what does it convert?

why won't it display in secure modern sites if its switched to https already?

confused...

平均分： -

Re: https conversion tool clarification - my understanding

Dave Balch - 2018年06月7日星期四 16:36

> embedded http content and not links - what does this even mean?

Things like <img src="http://example.com/smile.png"/> - not <a href="http://moodle.org/">Moodle</a>.

Taking a look at MDL-46269 (the issue referenced in the docs) should reveal the problem solved by this tool.

> why won't it display in secure modern sites if its switched to https already?

I guess this relates to mixed http/https being a security risk that browsers now defend against - leaving it mixed could make your site appear (and possibly be) vulnerable to exploit.

平均分： -

Re: https conversion tool clarification - my understanding

Howard Miller - 2018年06月7日星期四 17:10

I can't speak for your particular case but my experience is that embedded links tend to be few and far between. On top of this most/many *will* have compatible https versions these days. In other words, you probably don't have much to worry about. It's highly likely the tool won't find anything - or not many at worst.

平均分： -

Re: https conversion tool clarification - my understanding

Jerry Lau - 2018年06月8日星期五 00:22

Is this tool optional though even though we've added a cert?

It did find quite a bit on our smaller site. I just changed the url name for privacy but the number of embedded content items are the same. The larger one has about 83 of them.

Problematic domain	Number of embedded content items
rsmith.freepolls.com	78
content.screencast.com	26
www2.worksafedc.com	12
www.schoolatwork.ca	6
www.ourlaws.com	4
library.oursite.com	2
moodle.oursite.com-wendy1.jpg	2
moodle18.oursite.com	2
images.epals.com	2
www.cdxplus.com	2
blogs.d47.org	1
www.spelling-help-online.com	1
image.shutterstock.com	1
whodate.cdxplus.net	1
www.claycook.net	1
www.industrymailout.com	1
image.4wdandsportutility.com	1
www.titanspot.com	1
www.vwimg.com	1
www.worksafedc.com	1
static.slidesharecdn.com	1
www.youtube-nocookie.com	1

平均分： -

Re: https conversion tool clarification - my understanding

Debbie Mowry - 2019年03月26日星期二 02:21

I understand what it is doing the part I can't figure out is locating the only 2 embedded content items, in the entire Moodle site, where they occur? In my humble opinion, it is missing a key component to fix "problematic items." You can't fix it otherwise. We just let somebody find it whenever or we search every data table in the database. We can change it anyway with admin search/replace but it would seem to me it would be better to let the person who added the problematic domain know they should look at finding an alternative.

平均分： -

Re: https conversion tool clarification - my understanding

Jerry Lau - 2019年03月26日星期二 07:37

Or what you can do is to announce a downtime for maintenance and create a backup to the database. Then do a search and replace of the string needed and import it back into the database. That is what I did

平均分： -

Re: https conversion tool clarification - my understanding

Debbie Mowry - 2019年03月26日星期二 22:07

I'm not discounting your solution however it isn't really the preferred solution. Your solution is reactive where I'm trying to be proactive.

If going to HTTPS is all about security/privacy we should want to make sure all domains in the site are secure. If the domain in question is not set up to allow HTTPS it should be on the person who added the domain to find a secure resolution. We can't do that if it requires an administrator to search each table in the Moodle database for a handful of domains that pop up in the verification step. If the script is smart enough to locate a problematic domain it should be smart enough to return the page that contains that domain so the person responsible for that content can fix it.

Based on the returned domain I thought it would have been in a person's profile however I was wrong after a search in the user table for that domain turned up zero results. If it was in code, for example, a custom theme, I would expect it would show up more than twice and it is easy to search code with a code editor.

平均分： -

Re: https conversion tool clarification - my understanding

Jerry Lau - 2019年03月27日星期三 01:47

find the owner of the course and notify them

平均分： -

Re: https conversion tool clarification - my understanding

Debbie Mowry - 2019年03月27日星期三 02:29

That's the point I'm making. I can't notify the course owner if I don't know what the course is. The tool only gives a domain and how many occurrences, not where the domain is found.

平均分： -

Re: https conversion tool clarification - my understanding

Ken Task - 2019年03月27日星期三 06:03

Not really an answer for the Moodle Admin/Other UI, but ...

Here's a discussion on:
mySQL query to search all tables within a database for a string?

https://stackoverflow.com/questions/7523039/mysql-query-to-search-all-tables-within-a-database-for-a-string/7523068

Some rather complicated sql queries there. There is one suggestion, however, that might be simplest.

Search an sql dump of the database for 'http://'.
That gets one close to the resource information ... which could be an assignment, a page, an HTML block, a X, a Y, or a Z.

fgrep "http://" moodle-355-201903121232.sql |more
After the first page pause by more, hit the '/' key. and type: http:// or the ending tag of a link </a>

That will/should find the first URL **not obscured** with base64 or some other.

In looking at the URL, it has to have text that is clickable with an ending tag ... </a>

Example:
raining with </b><a href=\"http://www.lynda.com/Julieanne-Kost/1059150-1.html\" title=\"Julieanne
Kost\"><b>Julieanne Kost</b></a>

IF you have search turned on, try your search for (as per example): Julieanne Kost

Should be able to find the course and the teacher for communications then.

Not a fix ... but a 'work-around' in attempting to find a resolution to the issue.

'spirit of sharing', Ken

平均分： -

General help

https conversion tool clarification - my understanding

https conversion tool clarification - my understanding

Re: https conversion tool clarification - my understanding

Re: https conversion tool clarification - my understanding

Re: https conversion tool clarification - my understanding

Re: https conversion tool clarification - my understanding

Re: https conversion tool clarification - my understanding

Re: https conversion tool clarification - my understanding

Re: https conversion tool clarification - my understanding

Re: https conversion tool clarification - my understanding

Re: https conversion tool clarification - my understanding

Re: https conversion tool clarification - my understanding

Re: https conversion tool clarification - my understanding

Empowering educators to improve our world

Moodle

Support

Get Involved

Contributions

Downloads

Tracker

Development

Empowering educators to improve our world