aboutsummaryrefslogtreecommitdiff
path: root/classes
diff options
context:
space:
mode:
authorMikael Nordfeldth <mmn@hethane.se>2016-02-10 00:57:39 +0100
committerMikael Nordfeldth <mmn@hethane.se>2016-02-10 00:57:39 +0100
commitec257d940a3dda9f6db153efc46342a348560192 (patch)
tree13cdfbdd4ebe32e52101a1311f8e84366168522b /classes
parentdcf29c2a07c730cb79637672b7fab8db7360c27c (diff)
downloadgnu-social-ec257d940a3dda9f6db153efc46342a348560192.tar
gnu-social-ec257d940a3dda9f6db153efc46342a348560192.zip
Either use or don't use HTTPS
The risk of injection attacks using HTTP is too great to allow a site that allows both HTTP and HTTPS...
Diffstat (limited to 'classes')
-rw-r--r--classes/Avatar.php11
1 files changed, 1 insertions, 10 deletions
diff --git a/classes/Avatar.php b/classes/Avatar.php
index 5ce2712dfb..d8cc134b80 100644
--- a/classes/Avatar.php
+++ b/classes/Avatar.php
@@ -187,16 +187,7 @@ class Avatar extends Managed_DataObject
$server = common_config('site', 'server');
}
- $ssl = common_config('avatar', 'ssl');
-
- if (is_null($ssl)) { // null -> guess
- if (common_config('site', 'ssl') == 'always' &&
- !common_config('avatar', 'server')) {
- $ssl = true;
- } else {
- $ssl = false;
- }
- }
+ $ssl = (common_config('avatar', 'ssl') || GNUsocial::useHTTPS());
$protocol = ($ssl) ? 'https' : 'http';