View Issue Details

IDProjectCategoryView StatusLast Update
0018049phpList 3 applicationSecuritypublic16-01-19 09:46
Reportergbriere Assigned To 
PrioritynormalSeveritymajorReproducibilityhave not tried
Status resolvedResolutionfixed 
PlatformLinuxOSDebianOS Versionstretch
Product Version3.2.4 
Fixed in Version3.2.5 
Summary0018049: Reset password links are hard coded to HTTP
DescriptionWhen a mail is send with a link to reset password (edit admin or forgotten password) the link is hard coded with HTTP rather than HTTPS wich is a security issue and the link can't work if the phplist web site is only HTTPS.
Steps To ReproduceUpdate an administrator with update password option selected or click "send password" on home page : The link received is :
TagsNo tags attached.



14-03-16 22:12

administrator   ~0057567

yes, lib.php line 310 has it hard coded.

it should use ADMIN_PROTOCOL