Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Try Vanilla Forums Cloud product
Vanilla 2.6 is here! It includes security fixes and requires PHP 7.0. We have therefore ALSO released Vanilla 2.5.2 with security patches if you are still on PHP 5.6 to give you additional time to upgrade.

JsSSOString with hard coded crypt algorithm

This discussion is related to the Vanilla jsConnect addon.

In functions.jsconnect.php the function for creating the sso-string for embedded SSO uses the sha1 algorithm therefore ignoring other configurations done vie $secure or in the plugin settings.

Shouldn't the function respect configurations from the local installation?

Sign In or Register to comment.