[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [H-source-users] this connection is insecure. logins entered here co
From: |
Yuchen Pei |
Subject: |
Re: [H-source-users] this connection is insecure. logins entered here could be compromised. |
Date: |
Wed, 29 Jun 2022 23:31:40 +1000 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/28.1 (gnu/linux) |
On Tue 2022-06-28 11:51:00 -0400, bill-auger wrote:
> * visit: https://h-node.org/users/login/en
> * click on either the username or password field
>
> icecat and iceweasel show this pop-up warning - it will surely frighten
> people these days - it is clearly due to the form POST URL -
> it is probably a trivial fix - change that to https
>
> <form action="http://h-node.org/users/login/en?redirect=" method="POST">
>
Thanks for the report. A quick look shows the problem may be to do with
./Application/Controllers/UsersController.php:
$data['action'] =
Url::getRoot("users/login/".$this->lang."?redirect=$redirect");
which could be the $action in Application/Views/Desktop/Users/login.php:
<form action = '<?php echo $action;?>' method = 'POST'>
Not 100% sure. To be investigated further.
Best,
Yuchen
--
PGP Key: 47F9 D050 1E11 8879 9040 4941 2126 7E93 EF86 DFD0
<https://ypei.org/assets/ypei-pubkey.txt>