[buddypress-trac] [BuddyPress] #979: SSL Support for bp_core_get_avatar()
buddypress-trac at lists.automattic.com
buddypress-trac at lists.automattic.com
Sun Sep 6 21:20:50 UTC 2009
#979: SSL Support for bp_core_get_avatar()
--------------------------------+-------------------------------------------
Reporter: r-a-y | Owner:
Type: enhancement | Status: new
Priority: major | Milestone: 1.1
Keywords: ssl,gravatar,avatar |
--------------------------------+-------------------------------------------
More SSL goodness! Wanted to secure the BP settings pages (eg.
example.com/members/username/settings), so I had to tackle getting the
avatars secure.
In bp_core_avatars.php, for the '''bp_core_get_avatar()''' function,
change this line:
{{{
$gravatar = 'http://www.gravatar.com/avatar/' . md5( $ud->user_email ) .
'?d=' . $default_grav . '&s=';
}}}
to:
{{{
if ($_SERVER['HTTPS'] == 'on')
$gravatar = 'https://secure.gravatar.com/avatar/' . md5(
$ud->user_email ) . '?d=' . $default_grav . '&s=';
else
$gravatar = 'http://www.gravatar.com/avatar/' . md5(
$ud->user_email ) . '?d=' . $default_grav . '&s=';
}}}
---
You could probably save a few lines by using PHP conditional shorthand,
but just thought I'd jot down the easiest-to-read version.
Okay, so that handles gravatars; but for locally-uploaded avatars, the
$url uses $bp->root_domain, so we need to modify the
'''bp_core_get_root_domain()''' function in bp-core.php:
Change:
{{{
return apply_filters( 'bp_core_get_root_domain', get_blog_option(
BP_ROOT_BLOG, 'siteurl' ) );
}}}
to:
{{{
if ($_SERVER['HTTPS'] == 'on')
return apply_filters( 'bp_core_get_root_domain',
str_replace('http://', 'https://', get_blog_option(BP_ROOT_BLOG,
'siteurl')) );
else
return apply_filters( 'bp_core_get_root_domain', get_blog_option(
BP_ROOT_BLOG, 'siteurl' ) );
}}}
There might be a cleaner way to switch to SSL for the
bp_core_get_root_domain() function, but I've just provided one version.
Bonus for modifying the bp_core_get_root_domain() function is it switches
mostly everything over to HTTPS as well (form actions, etc.)
--
Ticket URL: <http://trac.buddypress.org/ticket/979>
BuddyPress <http://buddypress.org/>
BuddyPress
More information about the buddypress-trac
mailing list