custom_avatar_url potential issue

Started by shawnb61, October 20, 2017, 01:53:58 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

shawnb61

October 20, 2017, 01:53:58 PM Last Edit: November 25, 2022, 06:32:37 PM by Diego Andrés
All -

I noticed this in 2.1, and double-checked, and I believe this is an issue in 2.0 as well.  I will be testing a PR for 2.1 for some SSL items over the next few weeks. 

In loadTheme(), there is some logic that deals with alternate URLs.  These can include anything from detected https/http differences, to using an IP address to load the board, to using alias URLs. 

When a valid 'alternate' is detected, it updates all of the board URLs in $modSettings in memory prior to loading the theme.   It does not update custom_avatar_url. 

I believe that there will be instances, for example, when somebody invokes a page via http on an https forum or vice-versa, where this may cause avatar issues.   This code is ~L1579:

Code Select
// And just a few mod settings :).
$modSettings['smileys_url'] = strtr($modSettings['smileys_url'], array($oldurl => $boardurl));
$modSettings['avatar_url'] = strtr($modSettings['avatar_url'], array($oldurl => $boardurl));

Address the process rather than the outcome.  Then, the outcome becomes more likely.   - Fripp

shawnb61

#1
November 25, 2022, 05:27:10 PM
This was fixed in 2.1.
Address the process rather than the outcome.  Then, the outcome becomes more likely.   - Fripp
Print
Go Up Pages1
User actions
Advertisement: