Firefox SSL security warning

**Ajeh** · 6 Dec 2009, 07:29 PM

Let us know what you discover ...

**CindyM22** · 14 Dec 2009, 05:25 PM

Please help if you can.

Chrome, Firefox, and Safari work fine, but when a customer logs into MyAccount with Internet Explorer the HTTPS error comes up and tells them it is not secure. It has to do with the blank sidebox linking to an outside site.

Can someone please point me in the right direction? TY!

Cindy

http://store.burrellcolourimaging.com/

**CindyM22** · 14 Dec 2009, 05:36 PM

I think I got it... just made the image SSL and it seems to be working. Thanks anyway! :)

**fold** · 15 Jan 2010, 11:37 PM

I've added the following code to html_output.php in 'function zen_href_link' to fix the security warning issue with firefox etc. Just thought I would post it here for anyone else. Feedback/criticism/suggestions greatly appreciated!

Code:

function zen_href_link($page = '', $parameters = '', $connection = 'NONSSL', $add_session_id = true, $search_engine_safe = true, $static = false, $use_dir_ws_catalog = true) {
    global $request_type, $session_started, $http_domain, $https_domain;

if($connection=='NONSSL' && $request_type=='SSL')
{
			
	if( $page == FILENAME_ADVANCED_SEARCH_RESULT
	|| $page == FILENAME_ADVANCED_SEARCH
	|| $page == FILENAME_DEFAULT
	|| $page == FILENAME_SHOPPING_CART)
	{
		$connection = $request_type;
	}
}

..rest of function is unchanged...

-Fold

**wolfderby** · 26 Jan 2010, 08:56 PM

Originally Posted by fold

I've added the following code to html_output.php in 'function zen_href_link' to fix the security warning issue with firefox etc. Just thought I would post it here for anyone else. Feedback/criticism/suggestions greatly appreciated!

Code:

function zen_href_link($page = '', $parameters = '', $connection = 'NONSSL', $add_session_id = true, $search_engine_safe = true, $static = false, $use_dir_ws_catalog = true) {
    global $request_type, $session_started, $http_domain, $https_domain;

if($connection=='NONSSL' && $request_type=='SSL')
{
			
	if( $page == FILENAME_ADVANCED_SEARCH_RESULT
	|| $page == FILENAME_ADVANCED_SEARCH
	|| $page == FILENAME_DEFAULT
	|| $page == FILENAME_SHOPPING_CART)
	{
		$connection = $request_type;
	}
}

..rest of function is unchanged...

-Fold

Although it seems to keep more pages secure than necessary, it seems to work for me. I prefer this over a faster site potentially perceived as insecure. Even if this code slows site performance I still think this is better. Thanks

**boardmangraham** · 16 Feb 2010, 02:25 PM

Sorry but would you be able to explain a little more clearly what text needs to be replaced?

At the minute in my: admin/includes/functions/html_output.php file for the text you have mentioned above I have:

PHP Code:


// The HTML href link wrapper function

  function zen_href_link($page = '', $parameters = '', $connection = 'NONSSL', $add_session_id = true) {

    global $request_type, $session_started, $http_domain, $https_domain;

    if ($page == '') {

      die('</td></tr></table></td></tr></table><br><br><font color="#ff0000"><b>Error!</b></font><br><br><b>Unable to determine the page link!<br><br>Function used:<br><br>zen_href_link(\'' . $page . '\', \'' . $parameters . '\', \'' . $connection . '\')</b>');

    }



    if ($connection == 'NONSSL') {

      $link = HTTP_SERVER . DIR_WS_ADMIN;

    } elseif ($connection == 'SSL') {

      if (ENABLE_SSL_ADMIN == 'true') {

        $link = HTTPS_SERVER . DIR_WS_HTTPS_ADMIN;

      } else {

        $link = HTTP_SERVER . DIR_WS_ADMIN;

      }

    } else {

      die('</td></tr></table></td></tr></table><br><br><font color="#ff0000"><b>Error!</b></font><br><br><b>Unable to determine connection method on a link!<br><br>Known methods: NONSSL SSL<br><br>Function used:<br><br>zen_href_link(\'' . $page . '\', \'' . $parameters . '\', \'' . $connection . '\')</b>');

    }

    if (!strstr($page, '.php')) $page .= '.php';

    if ($parameters == '') {

      $link = $link . $page;

      $separator = '?';

    } else {

      $link = $link . $page . '?' . $parameters;

      $separator = '&';

    }



    while ( (substr($link, -1) == '&') || (substr($link, -1) == '?') ) $link = substr($link, 0, -1);

Where do I need to put the code that you mentioned in the above post?

Thanks in advance.

Graham.

**Techiescot** · 10 Mar 2010, 09:01 AM

Hi

I have tried the fixes mentioned in this thread but am still getting the warning on Product Info Pages but not on All Products listing.

When I first looked at the site this morning, I could not get the Create an Account page - it said Session had expired .... but about the third tome of trying it, it worked (without having made any changes.)

I have recently changed hosts and changed to SSL.

In IE, I am getting an empty cart when I add to cart. In Firefox I am getting a warning. I can add to cart from product listing pages but not from product info pages.

Please please please ... can anyone help me?

Thanks

Gillian
qualitygardenfurniture.com/store

**jetx** · 15 Mar 2010, 04:56 AM

Originally Posted by Ajeh

This is the change for the tpl_products_info_default.php ... you will need to take it from there or you can contact me privately for further di$cu$$ion$ on cu$tomizing your $ite ...

Code:

<?php echo zen_draw_form('cart_quantity', zen_href_link(zen_get_info_page($_GET['products_id']), zen_get_all_get_params(array('action')) . 'action=add_product', $request_type), 'post', 'enctype="multipart/form-data"') . "\n"; ?>

This was annoying me for most of the day, your post provided a solution. It apparently only happens if a visitor views a product, then logs in. It is returning to that product and adding to cart which generated the firefox warning. Thanks for the tip!

**pcnovice** · 6 May 2010, 01:08 PM

Originally Posted by Ajeh

This is the change for the tpl_product_info_display.php ... you will need to take it from there or you can contact me privately for further di$cu$$ion$ on cu$tomizing your $ite ...

Code:

<?php echo zen_draw_form('cart_quantity', zen_href_link(zen_get_info_page($_GET['products_id']), zen_get_all_get_params(array('action')) . 'action=add_product', $request_type), 'post', 'enctype="multipart/form-data"') . "\n"; ?>

Sorry wrong post

**pcnovice** · 6 May 2010, 01:14 PM

Originally Posted by Ajeh

This is the change for the tpl_product_info_display.php ... you will need to take it from there or you can contact me privately for further di$cu$$ion$ on cu$tomizing your $ite ...

Code:

<?php echo zen_draw_form('cart_quantity', zen_href_link(zen_get_info_page($_GET['products_id']), zen_get_all_get_params(array('action')) . 'action=add_product', $request_type), 'post', 'enctype="multipart/form-data"') . "\n"; ?>

Ajeh,
I have the same problem but cannot find the tpl_products_info_default.php to apply your fix. I'm using v1.3.8
Please help. Thanx

Thread: Firefox SSL security warning

Thread Tools

Search Thread

Display

Re: Firefox SSL security warning

Re: Firefox SSL security warning

Re: Firefox SSL security warning

Re: Firefox SSL security warning

Re: Firefox SSL security warning

Re: Firefox SSL security warning

Re: Firefox SSL security warning

Re: Firefox SSL security warning

Re: Firefox SSL security warning

Re: Firefox SSL security warning

Similar Threads

Suddenly getting SSL Security Warning

SSL Security Warning IE8

SSL Security Warning

FireFox - Security Warning on Forms. HELP!

[NOT A BUG] Firefox SSL security warning

Posting Permissions