Finding 1 bit of code

blunted · October 29, 2012, 12:28:34 AM

Spent all day disabling plugins, searching the forums, files, etc

http://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js

prob super simple, but any idea on where i can edit this script in the head? simply need to make it https...

Oldiesmann · October 29, 2012, 02:14:02 AM

SMF doesn't use jQuery, so that was either added by a mod or by a custom theme. I would suggest looking in index.template.php for whatever theme you're using.

blunted · October 29, 2012, 12:12:57 PM

i found it once in ssi.php changed it to ssl, but no change.

does this get cached or?

i honestly have checked everywhere, know of a good scanning program?

Kindred · October 29, 2012, 12:30:38 PM

oh... changing smf to SSL is MUCH more complicated than changing a single line of code

blunted · October 29, 2012, 12:45:06 PM

i know ive been working on it for over a day, this bit of code appears to be my last issue.

mashby · October 29, 2012, 12:46:53 PM

Code Select

<script src="//ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js"></script>

blunted · October 29, 2012, 12:58:21 PM

need to find where the code is being inserted from.

blunted · October 29, 2012, 01:01:18 PM

thinking make complete backup and disable everything til i find the culprit even those throwing errors on uninstall the best way to find it?

im new to sm, coming from vb so very nooooobish

mashby · October 29, 2012, 01:12:52 PM

What mods do you have installed?

blunted · October 29, 2012, 01:23:08 PM

    SA Chat    RC1 Rev59    [ Uninstall ] [ List Files ] [ Delete ]
   SMF Arcade    2.5    [ Uninstall ] [ List Files ] [ Delete ]
   WysiBB for SMF    0.3    [ Uninstall ] [ List Files ] [ Delete ]
   Anonymous Boards    1.1    [ Uninstall ] [ List Files ] [ Delete ]
   Adk Avatar User State    1.0    [ Uninstall ] [ List Files ] [ Delete ]
   Member Notepad    1.0.1    [ Uninstall ] [ List Files ] [ Delete ]
   SMF Gallery Pro    4.0.9a    [ Uninstall ] [ List Files ] [ Delete ]
   SimplePortal    2.3.5    [ Uninstall ] [ List Files ] [ Delete ]
   Tapatalk SMF 2.0 RC5/Final Plugin    3.2.1    [ Uninstall ] [ List Files ] [ Delete ]
   Swekey Hardware Authentication    1.2    [ Uninstall ] [ List Files ] [ Delete ]
   Activity in Profile    1.1    [ Uninstall ] [ List Files ] [ Delete ]
   Autocomplete    0.3.3    [ Uninstall ] [ List Files ] [ Delete ]
   Sisyphus    1.0    [ Uninstall ] [ List Files ] [ Delete ]
   Login Security    1.0.2.2    [ Uninstall ] [ List Files ] [ Delete ]
   Drafts    1.1.4    [ Uninstall ] [ List Files ] [ Delete ]
Bookmarks    2.5    [ Uninstall ] [ List Files ] [ Delete ]
   Hide User Names from Guests    1.1    [ Uninstall ] [ List Files ] [ Delete ]

mashby · October 29, 2012, 01:37:09 PM

Looks to me like it's Autocomplete 0.3.3
So, if you look in Sources/Load.php, look for :

Code Select

$context['html_headers'] .= '<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js"></script>

Replace with:

Code Select

$context['html_headers'] .= '<script type="text/javascript" src="//ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js"></script>

That should invoke it as https when running on https

blunted · October 29, 2012, 01:43:46 PM

thank you monster!

now it appears something else is loading non https so the hunt continues.

:p

i really appreciate it

mashby · October 29, 2012, 01:45:22 PM

Mind providing a link to where you're looking?

Might be able to get out a microscope or something similar.

blunted · October 29, 2012, 01:50:37 PM

https://www.enhancegenetics.com appears to be another jquery.

mashby · October 29, 2012, 01:56:23 PM

Wondering if it could also be:

Code Select

swekey_promo_url = "http://www.swekey.com?promo=smf";I do see the other jquery call, though, too...lemme see what that one might be.

EDIT: Sources/Mod-Sisyphus.php
Look for:

Code Select

    $context['insert_after_template'] .= '                                          
                <script type="text/javascript"><!-- // --><![CDATA[ 
                        !window.jQuery && document.write(unescape(\'%3Cscript src="http://code.jquery.com/jquery.min.js"%3E%3C/script%3E\'));
                        jQuery.noConflict();
                // ]]></script>

Replace with:

Code Select

    $context['insert_after_template'] .= '

Since you already have jquery defined, you can just remove it from being called up again in this one.

And it looks like you might have multiple versions running on your site, too:

Code Select

<script type="text/javascript" src="https://www.enhancegenetics.com/Themes/novaV1/scripts/jquery.js"></script>
You might consider removing that although I'm not sure why it's there...maybe for a good reason?

blunted · October 29, 2012, 02:06:18 PM

thanks 4 that catch, didnt even see it logged in. logged out and it shows.

odd a security service would use http imo :/

blunted · October 29, 2012, 02:21:21 PM

tracked down the swekey, now quick break and after the other culprit

blunted · October 29, 2012, 02:48:53 PM

found both of those issues, forced to local. still ssl broke :/

mashby · October 29, 2012, 06:13:00 PM

I'm not an expert on SSL in any way. But I did start here:
http://www.sslshopper.com/ssl-checker.html#hostname=www.enhancegenetics.com
I got a message when I visited using IE which is why I started there.

What is the nature of your SSL brokenness?

blunted · October 29, 2012, 06:15:23 PM

finally got it working in all but ff and opera and i know what plugin is causing the issue, but why?

SAchat is breaking the encryption so it comes up as only partially encrypted.

News:

Finding 1 bit of code