Tagged: , ,

Viewing 9 reply threads
  • Author
    Posts
    • February 20, 2013 at 2:55 pm #692
      johnmcalester
      Member

      I have a need to force SSL on the admin side in the WP config file.  Looking at the debugging console it looks like PikList makes a bunch of reference calls to resources and they are set to call http://.  Is there a way that I could set ABSPATH or something so that references are https://?

      Thanks!

    • February 20, 2013 at 3:35 pm #693
      Steve
      Keymaster

      Hey John– What references are you talking about?  I believe the only HTTP references are external.

    • February 20, 2013 at 4:04 pm #694
      johnmcalester
      Member

      Thanks Steve.  I am getting these errors in Chrome’s javascript debugging console:

      [blocked] The page at https://www.MYSITE.com/wp-admin/post-new.php?post_type=book ran insecure content from http://www.MYSITE.com/wp-content/plugins/piklist/parts/js/pik-admin.js?ver=0.1.
      [blocked] The page at https://www.MYSITE.com/wp-admin/post-new.php?post_type=book ran insecure content from http://www.MYSITE.com/wp-content/plugins/piklist/parts/js/pik.js?ver=0.1.

      If I go into the class-piklist-admin.php file on line 232 and change the WP_PLUGIN_URL to a hardcoded URL with an HTTPS:// prefix that removes the errors. But, of course, this will get over written in an update.

      Same on lines 242 and 243 of class-piklist-admin.php.

      It looks like when PikList is enqueing scripts and styles is when the issue occurs.

    • February 20, 2013 at 4:20 pm #695
      johnmcalester
      Member

      The other two places that I hardcoded the URL were:

      class-piklist-theme.php line 42

      class-piklist-form.php lines 249 & 250

      That removed all of the errors for me.

      Functions are:

      wp_register_style

      wp_register_script

      wp_enqueue_script

      wp_enqueue_style

    • February 20, 2013 at 5:23 pm #696
      Steve
      Keymaster

      Good catch.

      Please change all instances of:

      WP_CONTENT_URL  to  content_url()

      WP_PLUGIN_URL  to  plugins_url()

      That should fix the issue… let me know.

      We’ll release the changes in the next version.

    • February 25, 2013 at 3:10 pm #705
      web doctor
      Member

      We made updates to scripts as outlined above.  Although the links to PikList within the browser source are proper, IE is still saying that there is a security issue (silliness with IE!).  I am guessing that there is a reference within the scripts to a non-secure script elsewhere?

    • February 25, 2013 at 5:21 pm #706
      Steve
      Keymaster

      @web doctor– What is the IE error?

    • February 25, 2013 at 5:33 pm #707
      web doctor
      Member

      Insecure items error (with silly “what are the risks” link and option to load all).  Using F12 developer tools the odd thing is that it references both calls in header to the PikList JS , the source of which are https:.  Granted these errors in IE are absurd and have been for as long as I can remember, that does not satisfy my client who panics at their very sight.

      I am guessing that there are references to other JS scripts within the PikList scripts which are called in the WP header.  I have run into this working with other plugins which were fixed by using relative links instead of the URL, though I am unsure this would be that simple in WP.

    • February 25, 2013 at 10:18 pm #708
      Steve
      Keymaster

      Is this a public url we can take a look at?

    • February 26, 2013 at 1:09 pm #709
      web doctor
      Member

      Unfortunately, no.  In order to suppress the errors to satisfy my client’s concerns, I had to turn off PikList.  I have a development site but it does not have a cert, so any errors would be unreliable.

  • Author
    Posts
Viewing 9 reply threads
  • You must be logged in to reply to this topic.