Skip to:
Content

BuddyPress.org

Opened 11 years ago

Closed 11 years ago

#960 closed defect (bug) (fixed)

Form action set with incorrect http scheme when logging in via theme. [Has Patch] x2

Reported by: Jason_JM Owned by: Jason_JM
Milestone: 1.1 Priority: minor
Severity: Version:
Component: Keywords: Security, SSL, Login
Cc: andypeatling

Description

Stock themes may force a redirect in the login form. This is due to an incorrect implementation of the site_url() function.

Patch is available for both the new stock theme using the new theme framework and the older depreciated theme.

Basically, if the user has force_ssl and all the SSL trimmings, the login action never gets the scheme correct. It always defaults to http. The existing function call in the theme just needs the 2nd parameter (defined in the signature). The core site_url() function has a dedicated path for login and will send out the correct scheme. The 2nd parameter lets the function know it's for a login request.

Attachments (2)

(JASON_JM)userbar-DepreciatedTheme(v1).patch (1.0 KB) - added by Jason_JM 11 years ago.
V1 Patch for depreciated theme.
(JASON_JM)userbar-SNFramework-Theme(v1).patch (1.0 KB) - added by Jason_JM 11 years ago.
V1 Patch for new theme framework.

Download all attachments as: .zip

Change History (4)

@Jason_JM
11 years ago

V1 Patch for depreciated theme.

@Jason_JM
11 years ago

V1 Patch for new theme framework.

#1 @Jason_JM
11 years ago

Note: there are two patch files. One for the depreciated theme, one for the newer framework theme.

  • Jason Giedymin, AcronymLabs.com

#2 @apeatling
11 years ago

  • Resolution set to fixed
  • Status changed from new to closed

Fixed in both, thanks.

Note: See TracTickets for help on using tickets.