phplist

NOTE:: Before reporting an issue, make sure you are running the latest version, currently 3.3.1


View Issue Details Jump to Notes ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0017741phplist applicationSecuritypublic06-07-15 20:4107-07-15 08:10
Reporterhedrickbt 
PrioritynormalSeverityminorReproducibilityalways
StatusresolvedResolutionfixed 
PlatformOSOS Version
Product Version3.0.12 
Target Versionnext patchFixed in Version3.2.0 
Summary0017741: Hard coded link on page to http:// causes security error in browsers
DescriptionThe powered by image in public_html/lists/admin/connect.php is hard coded to http.
Steps To ReproduceAccess the phpList app via https. You should see something in the browser that indicates the page is not completely secure.
TagsNo tags attached.
Attached Files

- Relationships
has duplicate 0017781resolvedmichiel phplist logo on subscribe page breaks SSL 

-  Notes
(0056321)
hedrickbt (reporter)
06-07-15 20:42

I have created a pull request on github with the fix to this issue.
(0056323)
michiel (manager)
06-07-15 20:51

hmm, I'm afraid that won't work, as eg https://powered.phplist.com/images/pixel.gif [^] doesn't work.
(0056326)
michiel (manager)
06-07-15 21:18

what does work though on https is https://d3u7tsw7cvar0t.cloudfront.net/images/pixel.gif [^]

I will update that.
(0056339)
michiel (manager)
07-07-15 07:16

I have updated it to use the S3 address.

https://github.com/phpList/phplist3/commit/7223be7738c33830024fa6248fc94cd794c5b9dd [^]


Copyright © 2000 - 2017 MantisBT Team
Powered by Mantis Bugtracker