No validation on site logo field, leading to broken authentication, lockout

shane-tomlinson / browserid-wordpress

Wordpress plugin that adds Persona authentication

23 stars 16 forks source link

No validation on site logo field, leading to broken authentication, lockout #63

Closed MagicFab closed 11 years ago

MagicFab commented 11 years ago

The site logo field has a comment indicating it has to be a relative URL and SSL hosted. If an absolute url such as https:// or a mistake is introduced in that field, Persona authentication will be broken. If Persona is the only authentication possible, the user will be locked out (and anyone else too). Perhaps this fiels needs a bit more validation and check if:

the file exists
the file can be fecthed using SSL

Perhaps just use the Media Manager here?

shane-tomlinson commented 11 years ago

Thanks for the suggestion @MagicFab, I did just that! Fixed in ae30d412dd2d49410bc0c06c8f105048edc38965. Closing.