Support » Plugin: WP User Avatars » plugin not https compliant

  • Links to avatar image files are always using a http URL, this breaks the security check when using this plugin on a https wordpress site.

    I have made the following change in the plugin code to use http or https according to the site configuration :

    --- wp-user-avatars/wp-user-avatars/includes/common.php        2018-04-25 08:18:59.000000000 +0200
    +++ wp-user-avatars/wp-user-avatars/includes/common.php        2018-14-26 14:45:58.000000000 +0100
    @@ -343,8 +343,8 @@
           }
                                                                                                                                                                             
           // URL corrections
    -      if ( 'http' !== substr( $user_avatars[ $size ], 0, 4 ) ) {
    -              $user_avatars[ $size ] = home_url( $user_avatars[ $size ] );
    +      if ( 'http' == substr( $user_avatars[ $size ], 0, 4 ) ) {
    +              $user_avatars[ $size ] = parse_url($user_avatars[ $size ], PHP_URL_PATH);
           }
                                                                                                                                                                             
           // Maybe switch back
Viewing 4 replies - 1 through 4 (of 4 total)
  • I was just about to report the same problem here.

    Dear plugin authors, please fix this in the next update.

    Thanks in advance and keep up the good work!

    Hi
    I do have any issue on my side with my https website… or maybe you can tell me where to watch?
    Thanks

    Having the same issue here! Thanks for the fix. Hopefully it gets fixed on the next plugin update.

    Where do I need to put this code in order to fix the issue?

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘plugin not https compliant’ is closed to new replies.