This is the community forum. For a developer response use the Client Area.
Follow us on Facebook, Twitter and YouTube!

Comments Causing HTTPS To Become Insecure
#1

Hello again Steven,
I just discovered another bug. I noticed that any page that a comment is posted on becomes insecure... I will PM you a link...

Thanks.
Reply
#2

Okay can you open /commentics/includes/template/head.php and change all instances of "http://" to "//".

Then open /commentics/includes/functions/page.php and change this function ..

PHP Code:
<?php 
function cmtx_commentics_url() { //gets the URL to Commentics

    $url = cmtx_url_decode('http' . ((!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') ? 's' : '') . '://' . strtolower($_SERVER['HTTP_HOST']) . parse_url(cmtx_setting('commentics_url'), PHP_URL_PATH));
    
    $url
= cmtx_url_encode($url);
    
    if
(!parse_url(cmtx_setting('commentics_url'), PHP_URL_PATH) || !filter_var($url, FILTER_VALIDATE_URL)) {
        $url = cmtx_url_encode(cmtx_setting('commentics_url'));
    }

    return $url;

}
//end of commentics-url function

.. to this ..

PHP Code:
<?php 
function cmtx_commentics_url() { //gets the URL to Commentics
    return cmtx_url_encode(cmtx_setting('commentics_url'));
}
//end of commentics-url function

I think some of your page's other content (not to do with Commentics) may be causing the insecure error too. After you make the above changes, view the source code of your page and search for "http://". Any links using it are fine but if it's including content (for example an image, JavaScript or CSS file) then these will need to be changed as well.

Have you completed the interview?
Reply
#3

Thanks so much for your reply as always, Steven. I made the changes you suggested, but i'm still getting the error. All of my internal links were previously changed from http to https sitewide when I first activated my SSL. I went back through all of the source code and my php includes and nothing is referencing anything (internally) as http. There are outbound links to other sites that are http obviously, but that's all... All internal links and references are either absolute https or ./, ../, etc...

As far as I can tell it definitely seems to be the comments causing it. If you want to test it, try the following:

1) Go to one of my other blog pages that don't have any comments yet. Note that the pages are secure. I will PM you a link to one...

2) Leave a test comment. You will see that the page is then insecure...

I left the changes in place, which you recommended in your first reply.

Thanks again, Steven! I truly appreciate your help!
Reply
#4

Okay I went to https://www.whynopadlock.com and it says that there are two reasons. One is from your own website and is related to a Google font and the other is from Commentics and is related to the Gravatar.

1. <link href="http://fonts.googleapis.com/css?family=Play" rel="stylesheet" type="text/css">

2. For the gravatar open /commentics/includes/functions/comments.php and change this ..

PHP Code:
<?php 
img src
="http://www.gravatar.com/avatar/

.. to this ..

PHP Code:
<?php 
img src
="//www.gravatar.com/avatar/

Have you completed the interview?
Reply
#5

Hi Steven,
Thanks as always! I fixed those errors, but it's still insecure. According to whynopadlock.com it is because of:

http://www.domain/commentics/images/smilies/smile.gif

Where can I change the smilie url reference at?

Thanks again. I'm going to buy you a few more cups of coffee (or beers) for your trouble, bro! >8>)
Reply
#6

Ah, I see. For that you'll need to edit the particular comment which has the smiley in 'Manage -> Comments'.

Have you completed the interview?
Reply
#7

HA! Excellent! I must have been getting that error, because the comment was posted with the smilie in it before I switched over to SSL. I deleted the smilie from the comment and posted another test comment with smilies in it and everything works perfectly now.

Thanks for all of your help once again, Steven! There will be a few more bucks heading your way for your trouble my friend. If anyone reading this is using Commentics and you haven't shown your appreciation with a donation, you should be ashamed of yourself. This is a a terrific thing Steven is doing for us here!
Reply
#8

I also want to make my site secure. I have read the above but can't find  /commentics/includes/template/head.php in my control panel commentics folder. Has it changed?
Reply
#9

Hi Ron,

In earlier versions, fewer resources were included so there wasn't a need for a head.php file. I believe the equivalent would be for you to just change the http to https in the following line in /includes/template/comments.php.

Code:
document.write("<scr" + "ipt type=\"text/javascript\" src=\"http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js\"></scr" + "ipt>");

Have you completed the interview?
Reply
#10

Hi Steven,
I have done as suggested but I am still getting these test results:
Total number of items: 80
Number of insecure items: 35
Insecure URL: http://www.jollygoodfun.co.uk/favicon.ico
Found in: https://www.jollygoodfun.co.uk/

Insecure URL: http://jollygoodfun.co.uk/comments/image...r_full.png
Found in: https://www.jollygoodfun.co.uk/

Insecure URL: http://jollygoodfun.co.uk/comments/image...cebook.png
Found in: https://www.jollygoodfun.co.uk/

Insecure URL: http://jollygoodfun.co.uk/comments/image...icious.png
Found in: https://www.jollygoodfun.co.uk/

Insecure URL: http://jollygoodfun.co.uk/comments/image...leupon.png
Found in: https://www.jollygoodfun.co.uk/

Insecure URL: http://jollygoodfun.co.uk/comments/image...l/digg.png
Found in: https://www.jollygoodfun.co.uk/

Insecure URL: http://jollygoodfun.co.uk/comments/image...google.png
Found in: https://www.jollygoodfun.co.uk/

Insecure URL: http://jollygoodfun.co.uk/comments/image...witter.png
Found in: https://www.jollygoodfun.co.uk/

Insecure URL: http://www.gravatar.com/avatar/c08ec7656...0&r=g&d=mm
Found in: https://www.jollygoodfun.co.uk/

Insecure URL: http://jollygoodfun.co.uk/comments/image.../smile.gif
Found in: https://www.jollygoodfun.co.uk/

Insecure URL: http://jollygoodfun.co.uk/comments/image.../reply.png
Found in: https://www.jollygoodfun.co.uk/

Insecure URL: http://jollygoodfun.co.uk/comments/image...s/flag.png
Found in: https://www.jollygoodfun.co.uk/

Insecure URL: http://jollygoodfun.co.uk/comments/image...ons/up.png
Found in: https://www.jollygoodfun.co.uk/

Insecure URL: http://jollygoodfun.co.uk/comments/image...s/down.png
Found in: https://www.jollygoodfun.co.uk/

Insecure URL: http://www.gravatar.com/avatar/1c0e81135...0&r=g&d=mm
Found in: https://www.jollygoodfun.co.uk/

Insecure URL: http://www.gravatar.com/avatar/ca090974e...0&r=g&d=mm
Found in: https://www.jollygoodfun.co.uk/

Insecure URL: http://www.gravatar.com/avatar/7b1976a02...0&r=g&d=mm
Found in: https://www.jollygoodfun.co.uk/

Insecure URL: http://www.gravatar.com/avatar/6930954b2...0&r=g&d=mm
Found in: https://www.jollygoodfun.co.uk/

Insecure URL: http://jollygoodfun.co.uk/comments/images/misc/rss.jpg
Found in: https://www.jollygoodfun.co.uk/

Insecure URL: http://jollygoodfun.co.uk/comments/image...es/sad.gif
Found in: https://www.jollygoodfun.co.uk/

Insecure URL: http://jollygoodfun.co.uk/comments/image...es/huh.gif
Found in: https://www.jollygoodfun.co.uk/

Insecure URL: http://jollygoodfun.co.uk/comments/image.../laugh.gif
Found in: https://www.jollygoodfun.co.uk/

Insecure URL: http://jollygoodfun.co.uk/comments/image...es/mad.gif
Found in: https://www.jollygoodfun.co.uk/

Insecure URL: http://jollygoodfun.co.uk/comments/image...tongue.gif
Found in: https://www.jollygoodfun.co.uk/

Insecure URL: http://jollygoodfun.co.uk/comments/image...crying.gif
Found in: https://www.jollygoodfun.co.uk/

Insecure URL: http://jollygoodfun.co.uk/comments/image...s/grin.gif
Found in: https://www.jollygoodfun.co.uk/

Insecure URL: http://jollygoodfun.co.uk/comments/image...s/wink.gif
Found in: https://www.jollygoodfun.co.uk/

Insecure URL: http://jollygoodfun.co.uk/comments/image...scared.gif
Found in: https://www.jollygoodfun.co.uk/

Insecure URL: http://jollygoodfun.co.uk/comments/image...s/cool.gif
Found in: https://www.jollygoodfun.co.uk/

Insecure URL: http://jollygoodfun.co.uk/comments/image.../sleep.gif
Found in: https://www.jollygoodfun.co.uk/

Insecure URL: http://jollygoodfun.co.uk/comments/image.../blush.gif
Found in: https://www.jollygoodfun.co.uk/

Insecure URL: http://jollygoodfun.co.uk/comments/image...unsure.gif
Found in: https://www.jollygoodfun.co.uk/

Insecure URL: http://jollygoodfun.co.uk/comments/image...hocked.gif
Found in: https://www.jollygoodfun.co.uk/

Insecure URL: http://www.youtube.com/embed/WoyZ_u_D288
Found in: https://www.jollygoodfun.co.uk/

Insecure URL: http://feeds.feedburner.com/TheJollyGood...mat=sigpro
Found in: https://www.jollygoodfun.co.uk/

Any suggestions?

Regards
Ron
Reply


Possibly Related Threads…
Thread / Author Replies Views Last Post
Last Post by Steven
13-Aug-2021, 08:01 AM
Last Post by The_Phantom
29-Jul-2021, 12:14 PM
Last Post by 2hands
18-Nov-2017, 11:21 PM
Last Post by Deparis
21-Jul-2014, 10:39 AM
Last Post by johan
29-Oct-2013, 11:01 PM

Forum Jump:


Users browsing this thread: 3 Guest(s)