[buddypress-trac] [BuddyPress] #960: Form action set with incorrect http scheme when logging in via theme. [Has Patch] x2
buddypress-trac at lists.automattic.com
buddypress-trac at lists.automattic.com
Tue Sep 1 01:28:24 UTC 2009
#960: Form action set with incorrect http scheme when logging in via theme. [Has
Patch] x2
---------------------------------+------------------------------------------
Reporter: Jason_JM | Owner: Jason_JM
Type: defect | Status: new
Priority: minor | Milestone: 1.1
Keywords: Security, SSL, Login |
---------------------------------+------------------------------------------
Stock themes may force a redirect in the login form. This is due to an
incorrect implementation of the site_url() function.
Patch is available for both the new stock theme using the new theme
framework and the older depreciated theme.
Basically, if the user has force_ssl and all the SSL trimmings, the login
action never gets the scheme correct. It always defaults to http. The
existing function call in the theme just needs the 2nd parameter (defined
in the signature). The core site_url() function has a dedicated path for
login and will send out the correct scheme. The 2nd parameter lets the
function know it's for a login request.
--
Ticket URL: <http://trac.buddypress.org/ticket/960>
BuddyPress <http://buddypress.org/>
BuddyPress
More information about the buddypress-trac
mailing list