Firefox SSL security warning

[Ajeh]

Sorry, hate when I do that ... the filename is:
tpl_product_info_display.php

[TALES75]

In IE and chrome im also getting this unsecure message. I have change all the thing what has been saying here some fix's where already there im using 1.3.9a

The side effect what i get in IE is the page is all messed up. When i click yes to go furder. But the main page look good.

in de source i still see the normale http urls for the search buttons from the top and the sidebox. But the tpl_search_header is changed with the $request_type.

The file tpl_product_info_display
I have tryed like this:

PHP Code:

<?php echo zen_draw_form('cart_quantity', zen_href_link(zen_get_info_page($_GET['products_id']), zen_get_all_get_params(array('action')) . 'action=add_product', $request_type), 'post', 'enctype="multipart/form-data"') . "\n"; ?>

and like this:

PHP Code:

<?php echo zen_draw_form('cart_quantity', zen_href_link(FILENAME_SHOPPING_CART, 'action=update_product', $request_type)); ?>

But then again still dont see the error to be gone

Any idee and help would be very nice
Thanks in advance

TALES

[TALES75]

In the html_output file i have change now this:

PHP Code:

if ($connection == 'NONSSL') {
      $link = HTTP_SERVER;
    } elseif ($connection == 'SSL') {
      if (ENABLE_SSL == 'true') {
        $link = HTTPS_SERVER ;
      } else {
        $link = HTTP_SERVER;
      } 


to this:

PHP Code:

if ($connection == 'NONSSL') {
      $link = HTTPS_SERVER;
    } elseif ($connection == 'SSL') {
      if (ENABLE_SSL == 'true') {
        $link = HTTPS_SERVER ;
      } else {
        $link = HTTP_SERVER;
      } 


Now the whole site is SSL on every link that i see. But still getting the error like: This site contain diffrent sources that are not secure. These source can be seen by others. etc..

How this can be if everything has an HTTPS now?

[Ajeh]

Put the code back how it was and if you could perhaps let us see an URL to this issue we could tell you how to fix it correctly ...

[Ajeh]

I found it ...

Code:

<!--bof Form start-->
<?php echo zen_draw_form('cart_quantity', zen_href_link(zen_get_info_page($_GET['products_id']), zen_get_all_get_params(array('action')) . 'action=add_product', $request_type), 'post', 'enctype="multipart/form-data"') . "\n"; ?>
<!--eof Form start-->

That fixes it on the template for the product _info ...

You will need to fix the other product types too if you use them ...

[TALES75]

Ok finaly i have change back all the files and i changed only what you just say in your last post.

What i get is when i want to login then im getting the message from IE.

I set the confige file back to true SSL

the url to my website is www.apajo.nl
hope you can help me furder.

Greets
TALES

[scientific_anomaly]

OK I think I have hit upon a simple brute force solution to all this rubbish that has been driving everyone nuts for years, myself included.

I have taken a complete directory contaning a 1.39 install and done a bulk find and replace of every instance of 'NONSSL' with '$request_type' (yes I know that this bull in china shop move lacks elegance - but hey warning folk not to buy stuff is really offensive IMHO).

Then a bulk find and replace of every instance of ), 'post',
with , $request_type), 'post',

Then a bulk find and replace of every instance of
$request_type, $request_type), 'post', with $request_type), 'post',

Closed all browser sessions on the site and tested it.

SO FAR nothing has broken, and on the contrary I have a completely functional site moving from HTTPS to HTTP and back again via numerous sequences of forms including searching, adding products from search results, and back tracking from checkout to add extra items etc without any weirdness or error messages whatsoever.

I would be very grateful if anyone can discover a problem with this or confirm that this is in fact the industrial fix that it appears to be. Added to which I am sure it is worth coming up with a more refined NONSSL replacement term that just bulldozing the lot.

FYI I used the source code search in Dreamweaver across a folder to achieve this - probably many other editors can do the same job.

Hope it helps. (Oh and don't blame me if you did not back up everything first).

[scientific_anomaly]

DON'T

global replacement of NONSSL is too rude, it screws the Admin (and it seems unnecessary anyway).



Just this function directed at the includes directory seems to be all that is required and appears to be perfect:

Then a bulk find and replace of every instance of ), 'post',
with , $request_type), 'post',

Then a bulk find and replace of every instance of
$request_type, $request_type), 'post', with $request_type), 'post',