plugin not https compliant

(@rgc2000)

Links to avatar image files are always using a http URL, this breaks the security check when using this plugin on a https wordpress site.

I have made the following change in the plugin code to use http or https according to the site configuration :

--- wp-user-avatars/wp-user-avatars/includes/common.php        2018-04-25 08:18:59.000000000 +0200
+++ wp-user-avatars/wp-user-avatars/includes/common.php        2018-14-26 14:45:58.000000000 +0100
@@ -343,8 +343,8 @@
       }
                                                                                                                                                                         
       // URL corrections
-      if ( 'http' !== substr( $user_avatars[ $size ], 0, 4 ) ) {
-              $user_avatars[ $size ] = home_url( $user_avatars[ $size ] );
+      if ( 'http' == substr( $user_avatars[ $size ], 0, 4 ) ) {
+              $user_avatars[ $size ] = parse_url($user_avatars[ $size ], PHP_URL_PATH);
       }
                                                                                                                                                                         
       // Maybe switch back

Viewing 4 replies - 1 through 4 (of 4 total)

sublines
(@sublines)

5 years, 10 months ago

I was just about to report the same problem here.

Dear plugin authors, please fix this in the next update.

Thanks in advance and keep up the good work!

pako69
(@pako69)

5 years, 8 months ago

Hi
I do have any issue on my side with my https website… or maybe you can tell me where to watch?
Thanks

Clayton Chase
(@claytonchase)

5 years, 5 months ago

Having the same issue here! Thanks for the fix. Hopefully it gets fixed on the next plugin update.

jotacu
(@jotacu)

5 years, 1 month ago

Where do I need to put this code in order to fix the issue?

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘plugin not https compliant’ is closed to new replies.