h-source-users
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [H-source-users] this connection is insecure. logins entered here co

From: Yuchen Pei
Subject: Re: [H-source-users] this connection is insecure. logins entered here could be compromised.
Date: Wed, 29 Jun 2022 23:31:40 +1000
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/28.1 (gnu/linux) 
On Tue 2022-06-28 11:51:00 -0400, bill-auger wrote:

> * visit: https://h-node.org/users/login/en
> * click on either the username or password field
>
> icecat and iceweasel show this pop-up warning - it will surely frighten
> people these days - it is clearly due to the form POST URL -
> it is probably a trivial fix - change that to https
>
> <form action="http://h-node.org/users/login/en?redirect="; method="POST">
>

Thanks for the report.  A quick look shows the problem may be to do with
./Application/Controllers/UsersController.php:

$data['action'] = 
Url::getRoot("users/login/".$this->lang."?redirect=$redirect");

which could be the $action in Application/Views/Desktop/Users/login.php:

<form action = '<?php echo $action;?>' method = 'POST'>

Not 100% sure.  To be investigated further.

Best,
Yuchen

-- 
PGP Key: 47F9 D050 1E11 8879 9040  4941 2126 7E93 EF86 DFD0
          <https://ypei.org/assets/ypei-pubkey.txt>
reply via email to
[Prev in Thread] Current Thread [Next in Thread]