Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Try Vanilla Forums Cloud product
Vanilla 2.6 is here! It includes security fixes and requires PHP 7.0. We have therefore ALSO released Vanilla 2.5.2 with security patches if you are still on PHP 5.6 to give you additional time to upgrade.
Please upgrade to 2.3 here. The 2.2 and earlier branches are no longer being updated.

Hard-coded image over http://

This discussion is related to the Vanilla jsConnect addon.

Hi,

JSConnect is hard-coded to pull "usericon_50.png" from "https://images.v-cdn.net/usericon_50.png"; this breaks SSL.

This image should either be relatively loaded from the local plugin, or users should be given a choice as to where this image is loaded from to avoid mixed content errors.

For now, it can be patched by changing the hard-coded value at L83 of class.jsconnect.plugin.php but this should be addressed in future releases.

ptoone

Comments

Sign In or Register to comment.