Jump to content

Fix Insecure Gravatar Content

MemoryX2

By MemoryX2
in Feature Requests

 Share

Recommended Posts

MemoryX2 Newbie

MemoryX2

Posted
Posted

I know there was a core- something for this, but can support manager be updated so that it uses https:// for gravatar rather than the insecure http?

 

/plugins/support_manager/views/default/admin_tickets_reply.pdt        on line 135 

 

plugins/support_manager/views/default/client_tickets_reply.pdt       on line 103 

 

Those lines in each file can be updated to https:// and then clients/admin  will no longer receive the insecure content 

Link to comment
Share on other sites
Michael Apprentice

Michael

Posted
Posted

I know there was a core- something for this, but can support manager be updated so that it uses https:// for gravatar rather than the insecure http?

 

/plugins/support_manager/views/default/admin_tickets_reply.pdt        on line 135 

 

plugins/support_manager/views/default/client_tickets_reply.pdt       on line 103 

 

Those lines in each file can be updated to https:// and then clients/admin  will no longer receive the insecure content 

Yeah Paul was talking about making them like this:

 

<img src="//gravatar.com/avatar/<?php echo md5(strtolower(trim($this->Html->_($reply->email, true))));?>?s=120" />
Link to comment
Share on other sites
  • 2 months later...
cloudrck Newbie

cloudrck

Posted
Posted

This is still present. Can't believe I didn't notice it until now. Easy fix

 

On both:

plugins/support_manager/views/default/client_tickets_reply.pdt

plugins/support_manager/views/default/admin_tickets_reply.pdt

 

<div>
<img src="http://gravatar.com/avatar/<?php echo md5(strtolower(trim($this->Html->_($reply->email, true))));?>?s=120" />
</div>

Should be:

<div>
<img src="https://secure.gravatar.com/avatar/<?php echo md5(strtolower(trim($this->Html->_($reply->email, true))));?>?s=120" />
</div>

 

Link to comment
Share on other sites
MemoryX2 Newbie

MemoryX2

Posted
  • Author
Posted

This is still present. Can't believe I didn't notice it until now. Easy fix

 

On both:

plugins/support_manager/views/default/client_tickets_reply.pdt

plugins/support_manager/views/default/admin_tickets_reply.pdt

 

<div>
<img src="http://gravatar.com/avatar/<?php echo md5(strtolower(trim($this->Html->_($reply->email, true))));?>?s=120" />
</div>

Should be:

<div>
<img src="https://secure.gravatar.com/avatar/<?php echo md5(strtolower(trim($this->Html->_($reply->email, true))));?>?s=120" />
</div>

 

 

Yeah, it's literally a 5 minute fix. I have been trying to do it on each update but I occasionally forget.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to topic listing
×
×
  • Create New...