[buddypress-trac] [BuddyPress] #979: SSL Support for bp_core_get_avatar()

buddypress-trac at lists.automattic.com buddypress-trac at lists.automattic.com
Sun Sep 6 21:20:50 UTC 2009


#979: SSL Support for bp_core_get_avatar()
--------------------------------+-------------------------------------------
Reporter:  r-a-y                |       Owner:     
    Type:  enhancement          |      Status:  new
Priority:  major                |   Milestone:  1.1
Keywords:  ssl,gravatar,avatar  |  
--------------------------------+-------------------------------------------
 More SSL goodness! Wanted to secure the BP settings pages (eg.
 example.com/members/username/settings), so I had to tackle getting the
 avatars secure.

 In bp_core_avatars.php, for the '''bp_core_get_avatar()''' function,
 change this line:

 {{{
 $gravatar = 'http://www.gravatar.com/avatar/' . md5( $ud->user_email ) .
 '?d=' . $default_grav . '&s=';
 }}}

 to:

 {{{
 if ($_SERVER['HTTPS'] == 'on')
         $gravatar = 'https://secure.gravatar.com/avatar/' . md5(
 $ud->user_email ) . '?d=' . $default_grav . '&s=';
 else
         $gravatar = 'http://www.gravatar.com/avatar/' . md5(
 $ud->user_email ) . '?d=' . $default_grav . '&s=';
 }}}

 ---

 You could probably save a few lines by using PHP conditional shorthand,
 but just thought I'd jot down the easiest-to-read version.

 Okay, so that handles gravatars; but for locally-uploaded avatars, the
 $url uses $bp->root_domain, so we need to modify the
 '''bp_core_get_root_domain()''' function in bp-core.php:

 Change:

 {{{
 return apply_filters( 'bp_core_get_root_domain', get_blog_option(
 BP_ROOT_BLOG, 'siteurl' ) );
 }}}

 to:

 {{{
 if ($_SERVER['HTTPS'] == 'on')
         return apply_filters( 'bp_core_get_root_domain',
 str_replace('http://', 'https://', get_blog_option(BP_ROOT_BLOG,
 'siteurl')) );
 else
         return apply_filters( 'bp_core_get_root_domain', get_blog_option(
 BP_ROOT_BLOG, 'siteurl' ) );
 }}}

 There might be a cleaner way to switch to SSL for the
 bp_core_get_root_domain() function, but I've just provided one version.

 Bonus for modifying the bp_core_get_root_domain() function is it switches
 mostly everything over to HTTPS as well (form actions, etc.)

-- 
Ticket URL: <http://trac.buddypress.org/ticket/979>
BuddyPress <http://buddypress.org/>
BuddyPress


More information about the buddypress-trac mailing list