Opened 15 years ago
Closed 15 years ago
#960 closed defect (bug) (fixed)
Form action set with incorrect http scheme when logging in via theme. [Has Patch] x2
Reported by: | Jason_JM | Owned by: | Jason_JM |
---|---|---|---|
Milestone: | 1.1 | Priority: | minor |
Severity: | Version: | ||
Component: | Keywords: | Security, SSL, Login | |
Cc: | andypeatling |
Description
Stock themes may force a redirect in the login form. This is due to an incorrect implementation of the site_url() function.
Patch is available for both the new stock theme using the new theme framework and the older depreciated theme.
Basically, if the user has force_ssl and all the SSL trimmings, the login action never gets the scheme correct. It always defaults to http. The existing function call in the theme just needs the 2nd parameter (defined in the signature). The core site_url() function has a dedicated path for login and will send out the correct scheme. The 2nd parameter lets the function know it's for a login request.
V1 Patch for depreciated theme.