View Issue Details

IDProjectCategoryView StatusLast Update
0017741phplist applicationSecuritypublic07-07-15 08:10
Reporterhedrickbt 
PrioritynormalSeverityminorReproducibilityalways
Status resolvedResolutionfixed 
Product Version3.0.12 
Target Versionnext patchFixed in Version3.2.0 
Summary0017741: Hard coded link on page to http:// causes security error in browsers
DescriptionThe powered by image in public_html/lists/admin/connect.php is hard coded to http.
Steps To ReproduceAccess the phpList app via https. You should see something in the browser that indicates the page is not completely secure.
TagsNo tags attached.

Relationships

has duplicate 0017781 resolvedmichiel phplist logo on subscribe page breaks SSL 

Activities

hedrickbt

06-07-15 20:42

reporter   ~0056321

I have created a pull request on github with the fix to this issue.

michiel

06-07-15 20:51

manager   ~0056323

hmm, I'm afraid that won't work, as eg https://powered.phplist.com/images/pixel.gif doesn't work.

michiel

06-07-15 21:18

manager   ~0056326

what does work though on https is https://d3u7tsw7cvar0t.cloudfront.net/images/pixel.gif

I will update that.

michiel

07-07-15 07:16

manager   ~0056339

I have updated it to use the S3 address.

https://github.com/phpList/phplist3/commit/7223be7738c33830024fa6248fc94cd794c5b9dd