Change of code in order to suit the SSL version

nikos15

  • Posts: 3
Change of code in order to suit the SSL version
« on October 31st, 2011, 05:16 PM »
Hello there guys.
I hope i am in the correct place to be asking this question, since the SMF forums are down for maintenance. So anyway, i maintain a secure version of my website, with an SMF forum (version 2.0), however, there's a little piece of code, that i THINK is somehow connected to you (wedge.org) which i'd like to alter a little bit.

More specificaly, the following part of code is loaded from an "unsecure" according to the browsers location and thus it shows that "the website is not fully encrypted".

Code: [Select]
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/swfobject/2.1/swfobject.js"></script>
<script type="text/javascript"><!-- // --><![CDATA[
aevams = {wmode:"transparent",quality:"high",allowFullScreen:"true",allowScriptAccess:"never",pluginspage:"http://www.macromedia.com/go/getflashplayer",autoplay:"false",autostart:"false"};
aeinst = "";
function aevacopy()
{
var cp = document.getElementById("footerarea"), cpf = document.createElement("div"), ats = 0; cpf.innerHTML = '<div>Embedding by Aeva Media, &copy; <a href="http://wedge.org/" target="_blank">Wedge</a></div>';
if (cp == null) { cp = document.getElementById("footer_section"); if (cp == null) cp = document; } cp = cp.getElementsByTagName("a"); for (var i=cp.length-1; i>=0; i--)
if (cp[i].href == 'http://www.simplemachines.org/') { ats = 1; break; } cp = ats ? cp[i].parentNode : null; if (cp == null) cp = document.body; cp.appendChild(cpf);
}
function aevatq(q, id, w, h)
{
var yt = document.getElementById("aevawi"+id);
document.getElementById("sae"+id).style.width = w;
document.getElementById("saeva"+id).style.height = h;
var dat = yt.data != "" ? yt.data : yt.movie;
var aq = document.getElementById("aqc"+id).childNodes;
for (var i = 0; i < aq.length; i++)
if (aq.item(i).href)
aq.item(i).className = aq.item(i).href.indexOf("(" + q + ",") > 0 ? "aeva_dq" : "";
swfobject.createSWF({ data: dat, width: w, height: h }, aevams, "aevawi" + id);
document.cookie = "aeva_quality=" + q + ";path=/";
}
// ]]></script>
it's the first line that obviously creates the problem and i would like to change it into "https".
from
Code: [Select]
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/swfobject/2.1/swfobject.js"></script>
to
Code: [Select]
<script type="text/javascript" src="httpS://ajax.googleapis.com/ajax/libs/swfobject/2.1/swfobject.js"></script>
Any help?

I really apologize if it has nothing to do with you or i am asking at the wrong forum section. Cheers! :cool:

Arantor

  • As powerful as possible, as complex as necessary.
  • Posts: 14,278
Re: Change of code in order to suit the SSL version
« Reply #1, on October 31st, 2011, 05:21 PM »
Well, that is an issue in Aeva (and in fact any mod with third party dependencies, and yes, we'll probably have to fix it in Wedge)

You'll find it in Aeva-Subs-Vital.php in your Sources folder, line 881 or so:
Code: [Select]
$scr = "\n\t" . '<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/swfobject/2.1/swfobject.js"></script>';

Just change the http to https, and assuming ajax.googleapis.com has a suitable certificate, it'll work. (If it doesn't have a suitable certificate, there's nothing you can do other than hosting the file yourself, but we'll get to that if we have to)
When we unite against a common enemy that attacks our ethos, it nurtures group solidarity. Trolls are sensational, yes, but we keep everyone honest. | Game Memorial

nikos15

  • Posts: 3
Re: Change of code in order to suit the SSL version
« Reply #2, on October 31st, 2011, 05:34 PM »
Thanks a lot Arantor, found that line, changed it but for some strange reason the actual code when i open my forum didn't change. >:  Even tried to open it with various browsers so to rule out the possibility of a cached version, but still nothing. Should i wait or something till the changes take place? :/

PS: Googleapis have a nice and expensive certificate :P

Arantor

  • As powerful as possible, as complex as necessary.
  • Posts: 14,278
Re: Change of code in order to suit the SSL version
« Reply #3, on October 31st, 2011, 06:07 PM »
Eh, it's also in Sources/Aeva-Embed.php

Code: [Select]
if (!$use_object_init)
$scr .= '
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/swfobject/2.1/swfobject.js"></script>';
$scr .= '
<script type="text/javascript"><!-- // --><![CDATA[';

nikos15

  • Posts: 3

Nao

  • Dadman with a boy
  • Posts: 16,063

Arantor

  • As powerful as possible, as complex as necessary.
  • Posts: 14,278

tfs

  • Wow! You guys have been busy beavers. :)
  • Posts: 78
Re: Change of code in order to suit the SSL version
« Reply #7, on October 31st, 2011, 09:08 PM »
Since the release of FireSheep, it's trivial to sniff a cookie based connection on an open WIFI.  It doesn't tell you a persons' password, but it allows you to login as them.  It was always possible before, it's just a lot easier now.  And SSL certs are getting cheaper all the time.  Supporting SSL is definitely an important feature for a forum.
"God is dead." -Nietzsche 1883
"Nietzsche is dead." -God 1900

Arantor

  • As powerful as possible, as complex as necessary.
  • Posts: 14,278