Nice plugin, but it has a serious bug.
When logging out you may be sent to a https version of the current URL. This is because of line 64 of tabbed-login.php. The global
$_SERVER['https']may also have the value “off”. In that case the “s” must not be added.
$current_url='http'.(empty($_SERVER['HTTPS']) || $_SERVER['HTTPS']=='off'?'':'s').'://'.$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'];
When a user is sent to a non-existent https site it will hit the server, but not the correct site. The error message i the browser may look very nasty.
- The topic ‘Logut to https’ is closed to new replies.