Skip to:

Opened 13 years ago

Closed 13 years ago

Last modified 13 years ago

#3095 closed defect (bug) (fixed)

Change password form to send via SSL?

Reported by: finni3's profile finni3 Owned by:
Milestone: 1.5 Priority: normal
Severity: normal Version:
Component: Core Keywords: dev-feedback


"WP 3.0.5
BP 1.2.7
I am new to WP and BP, so this my be a stupid question, but…
I have noticed that although define(‘FORCE_SSL_ADMIN’, true); in wp-config.php redirects logging in to https the form under BP settings sends the password in clear text unless the whole site is under SSL. Is there a way to change this?"

pgibbs: "I think BuddyPress needs a pass-through to check where we should be using SSL."


Change History (3)

#1 @r-a-y
13 years ago

  • Keywords dev-feedback added; ssl removed
  • Version set to 1.2.8

In BP 1.2x, the form action uses $bp->loggedin_user->domain to output the URL.
$bp->loggedin_user->domain can be routed upstream to bp_core_get_user_domain().

bp_core_get_root_domain(), in turn, uses get_blog_option( $blog_id, 'home' ).


BP 1.3 (as of [3343]) fixes this as bp_core_get_root_domain() uses get_home_url(), which appropriately triggers the URL to use SSL if it is enabled:


Another way around the problem is to leave form actions blank (if it's not a multipart form) so they refresh on the same page.

Need core dev feedback on this though.

Last edited 13 years ago by r-a-y (previous) (diff)

#2 @DJPaul
13 years ago

  • Resolution set to fixed
  • Status changed from new to closed

If this is fixed in trunk, we're okay to go.

#3 @johnjamesjacoby
13 years ago

  • Milestone changed from Awaiting Review to 1.5
  • Severity set to normal
  • Version 1.2.8 deleted

Moving closed ticket out of Awaiting Review.

Note: See TracTickets for help on using tickets.