Announcement

Collapse
No announcement yet.

BUG: HTTPS mixed content (AdminCP)

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • blackdream71
    replied
    Hey Mark,

    I dont think so? I just copy and pasted the new code into the old code area?

    thanks.



    Originally posted by Mark.B View Post
    Can't really provide any support for those changes other than to say that they do work, so I suspect you've made a mistake editing the code somewhere.

    The code was changed in 4.2.5 so the issue doesn't occur there, but you will need to upgrade php to 5.6 to run 4.2.5.

    Leave a comment:


  • Mark.B
    replied
    Can't really provide any support for those changes other than to say that they do work, so I suspect you've made a mistake editing the code somewhere.

    The code was changed in 4.2.5 so the issue doesn't occur there, but you will need to upgrade php to 5.6 to run 4.2.5.

    Leave a comment:


  • blackdream71
    replied
    I tried this exactly as you said but it did nothing but revert my board back to HTTP??
    can you tell me why this may be?
    ive changed it to https:// in my admin control panel.

    i'm running version 4.2.0

    heres how the code looks (and yes I know this is the code that needs to be replaced, im just showing how it looklooked before I changed it to what you posted, it didnt work and I changed it back to whats below)
    --------------------------------------------



    print_label_row($vbphrase['php_function_lookup'], '

    <form action="http://www.ph' . 'p.net/manual-lookup.ph' . 'p" method="get" style="display:inline">
    <input type="text" class="bginput" name="function" size="30" tabindex="1" />
    <input type="submit" value=" ' . $vbphrase['find'] . ' " class="button" tabindex="1" />
    </form>
    ', '', 'top', NULL, false
    );
    print_label_row($vbphrase['mysql_language_lookup'], '
    <form action="http://www.mysql.com/search/" method="get" style="display:inline">

    <input type="hidden" name="doc" value="1" />
    <input type="hidden" name="m" value="o" />
    <input type="text" class="bginput" name="q" size="30" tabindex="1" />
    <input type="submit" value=" ' . $vbphrase['find'] . ' " class="button" tabindex="1" />
    </form>
    ', '', 'top', NULL, false



    Originally posted by gio~logist View Post
    When enabling https on vBulletin 4, the AdminCP won't show as secure, because there's mixed content.

    First off, this issue is deeper than mixed content. The php form mentioned below doesn't even work since php.net doesn't allow loading via iFrame.

    So 3 things need to be done:
    • Use secure.php.net for php.net form
    • Use relative paths for php.net and mysql.com forms
    • Open each in new tab


    Fix: in admincp/index.php

    Change:
    PHP Code:
     <form action="http://www.ph' . 'p.net/manual-lookup.ph' . 'p" method="get" style="display:inline"
    To:
    PHP Code:
     <form action="//secure.ph' . 'p.net/manual-lookup.ph' . 'p" method="get" style="display:inline" target="_blank"
    Change:
    PHP Code:
     <form action="http://www.mysql.com/search/" method="get" style="display:inline"
    To:
    PHP Code:
     <form action="//www.mysql.com/search/" method="get" style="display:inline" target="_blank"


    That will get rid of the mixed content issue and make the AdminCP display the green padlock as fully secure
    Last edited by blackdream71; Mon 11th Sep '17, 1:17am.

    Leave a comment:


  • djbaxter
    replied
    I haven't edited admincp/index.php at all but my AdminCP shows as secure.

    I ran my sites, including forums, through one or both of these checkers:

    Why No Padlock? - Why is my SSL web page insecure? Find the culprit!

    SSL-check: crawl your HTTPS website and find unsecure content

    Then, if memory serves, I changed a couple of links in some templates from http:// to either https:// or just // and that was all that I needed to do.

    For the forums themselves, I used this plugin for images: Mini Mods - IMG Cacher - SSL Keeper - Mixed Content Block Solution - vBulletin.org Forum
    Last edited by djbaxter; Mon 4th Sep '17, 2:23pm.

    Leave a comment:


  • TS | Julio
    replied
    Thanks!
    Works fine in vBulletin v3.8.10 as well
    The change applies to both admincp and modcp

    Leave a comment:


  • gio~logist
    started a topic [Forum] BUG: HTTPS mixed content (AdminCP)

    BUG: HTTPS mixed content (AdminCP)

    When enabling https on vBulletin 4, the AdminCP won't show as secure, because there's mixed content.

    First off, this issue is deeper than mixed content. The php form mentioned below doesn't even work since php.net doesn't allow loading via iFrame.

    So 3 things need to be done:
    • Use secure.php.net for php.net form
    • Use relative paths for php.net and mysql.com forms
    • Open each in new tab
    Fix: in admincp/index.php

    Change:
    PHP Code:
        <form action="http://www.ph' . 'p.net/manual-lookup.ph' . 'p" method="get" style="display:inline"
    To:
    PHP Code:
        <form action="//secure.ph' . 'p.net/manual-lookup.ph' . 'p" method="get" style="display:inline" target="_blank"
    Change:
    PHP Code:
        <form action="http://www.mysql.com/search/" method="get" style="display:inline"
    To:
    PHP Code:
        <form action="//www.mysql.com/search/" method="get" style="display:inline" target="_blank"


    That will get rid of the mixed content issue and make the AdminCP display the green padlock as fully secure
widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...
X