Skip to:

Opened 15 years ago

Closed 15 years ago

#960 closed defect (bug) (fixed)

Form action set with incorrect http scheme when logging in via theme. [Has Patch] x2

Reported by: jason_jm's profile Jason_JM Owned by: jason_jm's profile Jason_JM
Milestone: 1.1 Priority: minor
Severity: Version:
Component: Keywords: Security, SSL, Login
Cc: andypeatling


Stock themes may force a redirect in the login form. This is due to an incorrect implementation of the site_url() function.

Patch is available for both the new stock theme using the new theme framework and the older depreciated theme.

Basically, if the user has force_ssl and all the SSL trimmings, the login action never gets the scheme correct. It always defaults to http. The existing function call in the theme just needs the 2nd parameter (defined in the signature). The core site_url() function has a dedicated path for login and will send out the correct scheme. The 2nd parameter lets the function know it's for a login request.

Attachments (2)

(JASON_JM)userbar-DepreciatedTheme(v1).patch (1.0 KB) - added by Jason_JM 15 years ago.
V1 Patch for depreciated theme.
(JASON_JM)userbar-SNFramework-Theme(v1).patch (1.0 KB) - added by Jason_JM 15 years ago.
V1 Patch for new theme framework.

Download all attachments as: .zip

Change History (4)

15 years ago

V1 Patch for depreciated theme.

15 years ago

V1 Patch for new theme framework.

#1 @Jason_JM
15 years ago

Note: there are two patch files. One for the depreciated theme, one for the newer framework theme.

  • Jason Giedymin,

#2 @apeatling
15 years ago

  • Resolution set to fixed
  • Status changed from new to closed

Fixed in both, thanks.

Note: See TracTickets for help on using tickets.