Wedge

Public area => Off-topic => The Pub => Other software => Topic started by: nikos15 on October 31st, 2011, 05:16 PM

Title: Change of code in order to suit the SSL version
Post by: nikos15 on October 31st, 2011, 05:16 PM
Hello there guys.
I hope i am in the correct place to be asking this question, since the SMF forums are down for maintenance. So anyway, i maintain a secure version of my website, with an SMF forum (version 2.0), however, there's a little piece of code, that i THINK is somehow connected to you (wedge.org) which i'd like to alter a little bit.

More specificaly, the following part of code is loaded from an "unsecure" according to the browsers location and thus it shows that "the website is not fully encrypted".

Code: [Select]
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/swfobject/2.1/swfobject.js"></script>
<script type="text/javascript"><!-- // --><![CDATA[
aevams = {wmode:"transparent",quality:"high",allowFullScreen:"true",allowScriptAccess:"never",pluginspage:"http://www.macromedia.com/go/getflashplayer",autoplay:"false",autostart:"false"};
aeinst = "";
function aevacopy()
{
var cp = document.getElementById("footerarea"), cpf = document.createElement("div"), ats = 0; cpf.innerHTML = '<div>Embedding by Aeva Media, &copy; <a href="http://wedge.org/" target="_blank">Wedge</a></div>';
if (cp == null) { cp = document.getElementById("footer_section"); if (cp == null) cp = document; } cp = cp.getElementsByTagName("a"); for (var i=cp.length-1; i>=0; i--)
if (cp[i].href == 'http://www.simplemachines.org/') { ats = 1; break; } cp = ats ? cp[i].parentNode : null; if (cp == null) cp = document.body; cp.appendChild(cpf);
}
function aevatq(q, id, w, h)
{
var yt = document.getElementById("aevawi"+id);
document.getElementById("sae"+id).style.width = w;
document.getElementById("saeva"+id).style.height = h;
var dat = yt.data != "" ? yt.data : yt.movie;
var aq = document.getElementById("aqc"+id).childNodes;
for (var i = 0; i < aq.length; i++)
if (aq.item(i).href)
aq.item(i).className = aq.item(i).href.indexOf("(" + q + ",") > 0 ? "aeva_dq" : "";
swfobject.createSWF({ data: dat, width: w, height: h }, aevams, "aevawi" + id);
document.cookie = "aeva_quality=" + q + ";path=/";
}
// ]]></script>
it's the first line that obviously creates the problem and i would like to change it into "https".
from
Code: [Select]
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/swfobject/2.1/swfobject.js"></script>
to
Code: [Select]
<script type="text/javascript" src="httpS://ajax.googleapis.com/ajax/libs/swfobject/2.1/swfobject.js"></script>
Any help?

I really apologize if it has nothing to do with you or i am asking at the wrong forum section. Cheers! :cool:
Title: Re: Change of code in order to suit the SSL version
Post by: Arantor on October 31st, 2011, 05:21 PM
Well, that is an issue in Aeva (and in fact any mod with third party dependencies, and yes, we'll probably have to fix it in Wedge)

You'll find it in Aeva-Subs-Vital.php in your Sources folder, line 881 or so:
Code: [Select]
$scr = "\n\t" . '<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/swfobject/2.1/swfobject.js"></script>';

Just change the http to https, and assuming ajax.googleapis.com has a suitable certificate, it'll work. (If it doesn't have a suitable certificate, there's nothing you can do other than hosting the file yourself, but we'll get to that if we have to)
Title: Re: Change of code in order to suit the SSL version
Post by: nikos15 on October 31st, 2011, 05:34 PM
Thanks a lot Arantor, found that line, changed it but for some strange reason the actual code when i open my forum didn't change. >:  Even tried to open it with various browsers so to rule out the possibility of a cached version, but still nothing. Should i wait or something till the changes take place? :/

PS: Googleapis have a nice and expensive certificate :P
Title: Re: Change of code in order to suit the SSL version
Post by: Arantor on October 31st, 2011, 06:07 PM
Eh, it's also in Sources/Aeva-Embed.php

Code: [Select]
if (!$use_object_init)
$scr .= '
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/swfobject/2.1/swfobject.js"></script>';
$scr .= '
<script type="text/javascript"><!-- // --><![CDATA[';
Title: Re: Change of code in order to suit the SSL version
Post by: nikos15 on October 31st, 2011, 06:16 PM
Cool! Now it did change! Thanks! :cool: :cool: :cool:
Title: Re: Change of code in order to suit the SSL version
Post by: Nao on October 31st, 2011, 07:02 PM
I meant to update this version number but... Not much into AeMe these days.
Title: Re: Change of code in order to suit the SSL version
Post by: Arantor on October 31st, 2011, 07:03 PM
We do need to check the behaviour in Wedge for this, btw, and if secure is on, make sure we use that in external references, including CDN scripts.
Title: Re: Change of code in order to suit the SSL version
Post by: tfs on October 31st, 2011, 09:08 PM
Since the release of FireSheep, it's trivial to sniff a cookie based connection on an open WIFI.  It doesn't tell you a persons' password, but it allows you to login as them.  It was always possible before, it's just a lot easier now.  And SSL certs are getting cheaper all the time.  Supporting SSL is definitely an important feature for a forum.
Title: Re: Change of code in order to suit the SSL version
Post by: Arantor on October 31st, 2011, 09:32 PM
SMF and Wedge already support it, just it needs tweaking.