Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
3.1.7-pl1, 3.2.0-a2
-
None
Description
Hello
If you want to upload this image as avatar https://jenkins.erwan-projects.fr/static/00f9e71c/images/headshot.png it failed:
The file specified could not be found.
Because in remote_upload() function, the host parameter of fsockopen is never appended with 'tls://' and port is always 80, if avatar is a https ressource; so remote upload works only if resource is also accessible by http://
Even if there is, on web hosting, a redirect from http to https; it failes again:
because response looks like this:The upload was rejected because the uploaded file was identified as a possible attack vector
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
|
<html><head>
|
<title>301 Moved Permanently</title>
|
</head><body>
|
<h1>Moved Permanently</h1>
|
<p>The document has moved <a href="https://jenkins.erwan-projects.fr/static/00f9e71c/images/headshot.png">here</a>
|
I suggest to detect if url is a https resource, and append the host parameter with 'tls://' (and change port) if needed.
I think with let's encrypt, more and more websites will be accessible by HTTPS, this bug can be annoying.
Attachments
Issue Links
- is related to
-
PHPBB3-14448 Use guzzle for remote files uploading
-
- Unverified Fix
-