Wedge
Public area => Off-topic => The Pub => Other software => Topic started by: nikos15 on October 31st, 2011, 05:16 PM
-
Hello there guys.
I hope i am in the correct place to be asking this question, since the SMF forums are down for maintenance. So anyway, i maintain a secure version of my website, with an SMF forum (version 2.0), however, there's a little piece of code, that i THINK is somehow connected to you (wedge.org) which i'd like to alter a little bit.
More specificaly, the following part of code is loaded from an "unsecure" according to the browsers location and thus it shows that "the website is not fully encrypted".
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/swfobject/2.1/swfobject.js"></script>
<script type="text/javascript"><!-- // --><![CDATA[
aevams = {wmode:"transparent",quality:"high",allowFullScreen:"true",allowScriptAccess:"never",pluginspage:"http://www.macromedia.com/go/getflashplayer",autoplay:"false",autostart:"false"};
aeinst = "";
function aevacopy()
{
var cp = document.getElementById("footerarea"), cpf = document.createElement("div"), ats = 0; cpf.innerHTML = '<div>Embedding by Aeva Media, © <a href="http://wedge.org/" target="_blank">Wedge</a></div>';
if (cp == null) { cp = document.getElementById("footer_section"); if (cp == null) cp = document; } cp = cp.getElementsByTagName("a"); for (var i=cp.length-1; i>=0; i--)
if (cp[i].href == 'http://www.simplemachines.org/') { ats = 1; break; } cp = ats ? cp[i].parentNode : null; if (cp == null) cp = document.body; cp.appendChild(cpf);
}
function aevatq(q, id, w, h)
{
var yt = document.getElementById("aevawi"+id);
document.getElementById("sae"+id).style.width = w;
document.getElementById("saeva"+id).style.height = h;
var dat = yt.data != "" ? yt.data : yt.movie;
var aq = document.getElementById("aqc"+id).childNodes;
for (var i = 0; i < aq.length; i++)
if (aq.item(i).href)
aq.item(i).className = aq.item(i).href.indexOf("(" + q + ",") > 0 ? "aeva_dq" : "";
swfobject.createSWF({ data: dat, width: w, height: h }, aevams, "aevawi" + id);
document.cookie = "aeva_quality=" + q + ";path=/";
}
// ]]></script>
from
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/swfobject/2.1/swfobject.js"></script>
<script type="text/javascript" src="httpS://ajax.googleapis.com/ajax/libs/swfobject/2.1/swfobject.js"></script>
I really apologize if it has nothing to do with you or i am asking at the wrong forum section. Cheers! :cool:
-
Well, that is an issue in Aeva (and in fact any mod with third party dependencies, and yes, we'll probably have to fix it in Wedge)
You'll find it in Aeva-Subs-Vital.php in your Sources folder, line 881 or so:
$scr = "\n\t" . '<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/swfobject/2.1/swfobject.js"></script>';
Just change the http to https, and assuming ajax.googleapis.com has a suitable certificate, it'll work. (If it doesn't have a suitable certificate, there's nothing you can do other than hosting the file yourself, but we'll get to that if we have to)
-
Thanks a lot Arantor, found that line, changed it but for some strange reason the actual code when i open my forum didn't change. >: Even tried to open it with various browsers so to rule out the possibility of a cached version, but still nothing. Should i wait or something till the changes take place? :/
PS: Googleapis have a nice and expensive certificate :P
-
Eh, it's also in Sources/Aeva-Embed.php
if (!$use_object_init)
$scr .= '
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/swfobject/2.1/swfobject.js"></script>';
$scr .= '
<script type="text/javascript"><!-- // --><![CDATA[';
-
Cool! Now it did change! Thanks! :cool: :cool: :cool:
-
I meant to update this version number but... Not much into AeMe these days.
-
We do need to check the behaviour in Wedge for this, btw, and if secure is on, make sure we use that in external references, including CDN scripts.
-
Since the release of FireSheep, it's trivial to sniff a cookie based connection on an open WIFI. It doesn't tell you a persons' password, but it allows you to login as them. It was always possible before, it's just a lot easier now. And SSL certs are getting cheaper all the time. Supporting SSL is definitely an important feature for a forum.
-
SMF and Wedge already support it, just it needs tweaking.