Login

Methyus · 01-Nov-2015, 11:13 AM

Hello again Steven,
I just discovered another bug. I noticed that any page that a comment is posted on becomes insecure... I will PM you a link...

Thanks.

***Steven*** · 01-Nov-2015, 02:12 PM

Okay can you open /commentics/includes/template/head.php and change all instances of "http://" to "//".

Then open /commentics/includes/functions/page.php and change this function ..

PHP Code:
<?php 

function cmtx_commentics_url() { //gets the URL to Commentics

    $url = cmtx_url_decode('http' . ((!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') ? 's' : '') . '://' . strtolower($_SERVER['HTTP_HOST']) . parse_url(cmtx_setting('commentics_url'), PHP_URL_PATH));

    $url = cmtx_url_encode($url);

    if (!parse_url(cmtx_setting('commentics_url'), PHP_URL_PATH) || !filter_var($url, FILTER_VALIDATE_URL)) {

        $url = cmtx_url_encode(cmtx_setting('commentics_url'));

    }

    return $url;

} //end of commentics-url function

Methyus · 02-Nov-2015, 01:16 AM

Thanks so much for your reply as always, Steven. I made the changes you suggested, but i'm still getting the error. All of my internal links were previously changed from http to https sitewide when I first activated my SSL. I went back through all of the source code and my php includes and nothing is referencing anything (internally) as http. There are outbound links to other sites that are http obviously, but that's all... All internal links and references are either absolute https or ./, ../, etc...

As far as I can tell it definitely seems to be the comments causing it. If you want to test it, try the following:

1) Go to one of my other blog pages that don't have any comments yet. Note that the pages are secure. I will PM you a link to one...

2) Leave a test comment. You will see that the page is then insecure...

I left the changes in place, which you recommended in your first reply.

Thanks again, Steven! I truly appreciate your help!

***Steven*** · 02-Nov-2015, 07:05 PM

Okay I went to https://www.whynopadlock.com and it says that there are two reasons. One is from your own website and is related to a Google font and the other is from Commentics and is related to the Gravatar.

1. <link href="http://fonts.googleapis.com/css?family=Play" rel="stylesheet" type="text/css">

2. For the gravatar open /commentics/includes/functions/comments.php and change this ..

PHP Code:
<?php 

img src="http://www.gravatar.com/avatar/ 

Methyus · 02-Nov-2015, 08:35 PM

Hi Steven,
Thanks as always! I fixed those errors, but it's still insecure. According to whynopadlock.com it is because of:

http://www.domain/commentics/images/smilies/smile.gif

Where can I change the smilie url reference at?

Thanks again. I'm going to buy you a few more cups of coffee (or beers) for your trouble, bro! >8>)

***Steven*** · 03-Nov-2015, 07:13 PM

Ah, I see. For that you'll need to edit the particular comment which has the smiley in 'Manage -> Comments'.

Methyus · 03-Nov-2015, 08:24 PM

HA! Excellent! I must have been getting that error, because the comment was posted with the smilie in it before I switched over to SSL. I deleted the smilie from the comment and posted another test comment with smilies in it and everything works perfectly now.

Thanks for all of your help once again, Steven! There will be a few more bucks heading your way for your trouble my friend. If anyone reading this is using Commentics and you haven't shown your appreciation with a donation, you should be ashamed of yourself. This is a a terrific thing Steven is doing for us here!

Ron Wood · 05-Mar-2016, 08:45 AM

I also want to make my site secure. I have read the above but can't find /commentics/includes/template/head.php in my control panel commentics folder. Has it changed?

***Steven*** · 05-Mar-2016, 02:15 PM

Hi Ron,

In earlier versions, fewer resources were included so there wasn't a need for a head.php file. I believe the equivalent would be for you to just change the http to https in the following line in /includes/template/comments.php.

Code:
document.write("<scr" + "ipt type=\"text/javascript\" src=\"http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js\"></scr" + "ipt>");

Ron Wood · 06-Mar-2016, 02:02 PM

Login
Username:
Password:	Lost Password?
	Remember me