Author Topic: custom_avatar_url potential issue  (Read 3526 times)

Offline shawnb61

  • Support Specialist
  • Sr. Member
  • *
  • Posts: 943
    • sbulen on GitHub
custom_avatar_url potential issue
« on: October 20, 2017, 01:53:58 PM »
All -

I noticed this in 2.1, and double-checked, and I believe this is an issue in 2.0 as well.  I will be testing a PR for 2.1 for some SSL items over the next few weeks. 

In loadTheme(), there is some logic that deals with alternate URLs.  These can include anything from detected https/http differences, to using an IP address to load the board, to using alias URLs. 

When a valid 'alternate' is detected, it updates all of the board URLs in $modSettings in memory prior to loading the theme.   It does not update custom_avatar_url. 

I believe that there will be instances, for example, when somebody invokes a page via http on an https forum or vice-versa, where this may cause avatar issues.   This code is ~L1579:

Code: [Select]
// And just a few mod settings :).
$modSettings['smileys_url'] = strtr($modSettings['smileys_url'], array($oldurl => $boardurl));
$modSettings['avatar_url'] = strtr($modSettings['avatar_url'], array($oldurl => $boardurl));
« Last Edit: July 30, 2018, 11:23:54 AM by Gwenwyfar »
Address the process rather than the outcome.  Then, the outcome becomes more likely.   - Fripp