plugin not https compliant

  • Links to avatar image files are always using a http URL, this breaks the security check when using this plugin on a https wordpress site.

    I have made the following change in the plugin code to use http or https according to the site configuration :

    --- wp-user-avatars/wp-user-avatars/includes/common.php        2018-04-25 08:18:59.000000000 +0200
+++ wp-user-avatars/wp-user-avatars/includes/common.php        2018-14-26 14:45:58.000000000 +0100
@@ -343,8 +343,8 @@
       }
                                                                                                                                                                         
       // URL corrections
-      if ( 'http' !== substr( $user_avatars[ $size ], 0, 4 ) ) {
-              $user_avatars[ $size ] = home_url( $user_avatars[ $size ] );
+      if ( 'http' == substr( $user_avatars[ $size ], 0, 4 ) ) {
+              $user_avatars[ $size ] = parse_url($user_avatars[ $size ], PHP_URL_PATH);
       }
                                                                                                                                                                         
       // Maybe switch back
Viewing 4 replies - 1 through 4 (of 4 total)

  • I was just about to report the same problem here.

    Dear plugin authors, please fix this in the next update.

    Thanks in advance and keep up the good work!

    Hi
    I do have any issue on my side with my https website… or maybe you can tell me where to watch?
    Thanks

    Clayton Chase

    (@claytonchase)

    Having the same issue here! Thanks for the fix. Hopefully it gets fixed on the next plugin update.

    Where do I need to put this code in order to fix the issue?

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘plugin not https compliant’ is closed to new replies.