Opened 9 years ago
Closed 9 years ago
#1024 closed defect (bug) (fixed)
BuddyPress.org/blog comment submit button goes to blank /wp-comments-post.php
Reported by: | mercime | Owned by: | johnjamesjacoby |
---|---|---|---|
Milestone: | Priority: | high | |
Component: | buddypress.org | Keywords: | |
Cc: |
Description
Visitor (not logged in) clicking on comment submit button is redirected to blank page https://buddypress.org/wp-comments-post.php
When user is logged in and clicks on the comment submit button, warning shows up :
Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party.
Are you sure you want to continue sending this information?
And when you proceed, it goes to the same blank page https://buddypress.org/wp-comments-post.php
Change History (5)
#1
@
9 years ago
- Owner set to johnjamesjacoby
- Priority changed from normal to high
- Status changed from new to assigned
#2
@
9 years ago
siteurl is HTTP at the moment, but I can't change it. Someone with a sandbox needs to do it.
#3
@
9 years ago
using site_url() instead of a direct get_option() should also fix that (without the scheme parameter)
Using Chrome on a Mac:
Mixed Content: The page at 'https://buddypress.org/2015/05/2015-buddypress-survey-results/' was loaded over a secure connection, but contains a form which targets an insecure endpoint 'http://buddypress.org/wp-comments-post.php'. This endpoint should be made available over a secure connection.
Source: /buddypress.org/public_html/wp-content/themes/bb-base/comments.php#L38
I don't think we actually changed the
siteurl
to HTTPS, systems have redirected HTTP to HTTPS for the bb'sLikely to be other instances of
site_url
andhome_url
that may be affected, e.g. r1468Switching from
get_option('siteurl');
tosite_url( '/wp-comments-post.php', 'https' );
and overriding the protocol is one way to fix this, the other is to update the home and site URL's in the BP network