Not signed in (Sign In)

Categories

Vanilla 1.1.4 is a product of Lussumo. More Information: Documentation, Community Support.

Help keep Vanilla free:
Welcome Guest!
Want to take part in these discussions? If you have an account, sign in now.
If you don't have an account, apply for one now.

Fixes & Updates: Account Pictures - Trouble with http vs https

Bottom of Page

1 to 6 of 6

  1.  
    •  
      CommentAuthormvhaen
    • CommentTimeMay 29th 2007 edited
     # 1
    Hi Mark,

    I've discovered a problem with the account pictures.

    It seems that if you're $Configuration['HTTP_METHOD'] variable is set to http and you want to show an external account picture that uses https, http:// is still prepended. Resulting in a link like http://https://www.blah.com/pic.jpg in the img tag.

    I've traced this problem to People.Class.User.php, where you use the PrependString function.

    While this is perfectly good code for local files, it seems a wrong when you allow external images.

    PS check my own account picture for an example ;)
    •  
      CommentAuthorlech
    • CommentTimeMay 29th 2007
     # 2
    I'm just thinking out loud here, but wouldn't linking images from a https domain to a http domain or the other way around be some kind of no-no and spur unwanted security warnings etc? While I do see the validity of correcting this, I just think it could lead to some nastiness.
    •  
      CommentAuthormvhaen
    • CommentTimeMay 31st 2007
     # 3
    if you are linking in an image from https to a http domain like me, this is true. The other way around though should still be possible if you choose to allow external avatars.
    •  
      CommentAuthorlech
    • CommentTimeMay 31st 2007 edited
     # 4
    Hmmm, true.

    Doing a quick search through the code points me to the fact that it's related to the Configuration['HTTP_METHOD'] setting which fixed to either http:// or https:// based on the configuration settings and appears fixed to that as set by the host. I found it in two files: within library/framework/functions.php and library/people/people.class.user.php ...

    A quick search reveals that this is similar to another core bug that was never addressed fully and could probably use a patch. Stand by, someone else may have a proper temporary patch to address this. Mark should hopefully find this and include it into the core for the next expected release.
    • CommentAuthorskarlcf
    • CommentTimeNov 7th 2007
     # 5
    The problem still exist. Any recipe?
    • CommentAuthorskarlcf
    • CommentTimeMar 3rd 2008
     # 6
    If you allow external images from another servers (http) and your forum works on https.

    Into file ./library/People/People.Class.User.php (~ line 251) change:

    $this->Icon = PrependString($this->Context->Configuration['HTTP_METHOD'].'://', ForceIncomingString('Icon',''));
    $this->Picture = PrependString($this->Context->Configuration['HTTP_METHOD'].'://', ForceIncomingString('Picture',''));


    to:

    $this->Icon = PrependString('http://', ForceIncomingString('Icon',''));
    $this->Picture = PrependString('http://', ForceIncomingString('Picture',''));

    Now you have to change profiles settings - correct links into SQL table "LUM_User", columns "Icon" and" Picture".
    It's not elegant solution, but works.

1 to 6 of 6

  1.  
Add your comments
    Username Password
  • Format comments as
 
Back to Discussions Top of Page