WordPress.org

Making WordPress.org

Opened 5 years ago

Closed 5 years ago

#1024 closed defect (fixed)

BuddyPress.org/blog comment submit button goes to blank /wp-comments-post.php

Reported by: mercime Owned by: johnjamesjacoby
Milestone: Priority: high
Component: buddypress.org Keywords:
Cc:

Description

Visitor (not logged in) clicking on comment submit button is redirected to blank page https://buddypress.org/wp-comments-post.php

When user is logged in and clicks on the comment submit button, warning shows up :

Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party.
Are you sure you want to continue sending this information?

And when you proceed, it goes to the same blank page https://buddypress.org/wp-comments-post.php

Change History (5)

#1 @netweb
5 years ago

  • Owner set to johnjamesjacoby
  • Priority changed from normal to high
  • Status changed from new to assigned

Using Chrome on a Mac:

Mixed Content: The page at 'https://buddypress.org/2015/05/2015-buddypress-survey-results/' was loaded over a secure connection, but contains a form which targets an insecure endpoint 'http://buddypress.org/wp-comments-post.php'. This endpoint should be made available over a secure connection.

Source: /buddypress.org/public_html/wp-content/themes/bb-base/comments.php#L38

 <form action="<?php echo get_option('siteurl'); ?>/wp-comments-post.php" method="post" id="commentform">

I don't think we actually changed the siteurl to HTTPS, systems have redirected HTTP to HTTPS for the bb's

Likely to be other instances of site_url and home_url that may be affected, e.g. r1468

Switching from get_option('siteurl'); to site_url( '/wp-comments-post.php', 'https' ); and overriding the protocol is one way to fix this, the other is to update the home and site URL's in the BP network

#2 @DJPaul
5 years ago

siteurl is HTTP at the moment, but I can't change it. Someone with a sandbox needs to do it.

#3 @dd32
5 years ago

using site_url() instead of a direct get_option() should also fix that (without the scheme parameter)

Last edited 5 years ago by dd32 (previous) (diff)

This ticket was mentioned in Slack in #meta by netweb. View the logs.


5 years ago

#5 @johnjamesjacoby
5 years ago

  • Resolution set to fixed
  • Status changed from assigned to closed

In 1645:

BuddyPress.org: use site_url() in comments.php.

Fixes mixed content issues when posting comments.

Fixes #1024. Props netweb, dd32.

Note: See TracTickets for help on using tickets.