Viewing 4 posts - 1 through 4 (of 4 total)
Viewing 4 posts - 1 through 4 (of 4 total)
- You must be logged in to reply to this topic.
Tagged: SSL
I just noticed the following in enfold\framework\php\class-framework-widgets.php
:
$remote = wp_remote_get( 'https://www.instagram.com/'.trim( $username ), array( 'sslverify' => false, 'timeout' => 60 ) );
And these posts must be the reasons for this: https://kriesi.at/support/topic/unable-to-communicate-with-instagram/ , https://kriesi.at/support/topic/mailchimp-api-not-connecting/#post-552751.
Please don’t set sslverify
to false. It is bad practice. See https://www.skyverge.com/blog/developers-stop-using-sslverify-false/ for more information. Having to disable sslverify indicates a PHP configuration error on the web server that users or administrators need to fix, and see https://www.saotn.org/dont-turn-off-curlopt_ssl_verifypeer-fix-php-configuration/ on how to do that.
So please don’t make these kind assumptions for your users, it may break the internet (really). Or if you really have to, make it optional through the Enfold Options Framework.
Other files affected:
./config-templatebuilder/avia-shortcodes/av-helper-mailchimp.php: 'sslverify' => false
and here I have set sslverify to true:
./framework/php/class-framework-widgets.php: $remote = wp_remote_get( ‘https://www.instagram.com/’.trim( $username ), array( ‘sslverify’ => true, ‘timeout’ => 60 ) );`
Hey Jan,
I think Kriesi implemented a fix in Enfold v3.7.1. for it.
Best regards,
Andy
Hi Andy,
Thank you for you reply.
Unfortunately, Enfold v3.7.1 is what introduced this bad practice code. Just don’t do 'sslverify' => false
Hey!
thank you. I will notify Kriesi about it.
Best regards,
Andy