Im getting a security warning in IE6 on order form (Fixed)

[Blueberry3.14]

I'm still not getting any warning in FF (2.0.0.5), but in IE7, certain images (like the header, that's an absolute http link)

Where are you seeing an absolute link? "../images..." is not absolute. Paste the code you're seeing, please, with a few lines before and after.

 

Sure, although I was wrong on some of that...the absolute http links I was seeing were just that, links, not images. My bad.

 

I'm wondering if this is what IE7 is having a problem with? The http link is to the domain checker, but there's also an image link? I'm not saying IE7 *should* be having a problem with it...but this might be it.

 

<div id="domain">
<div id="domreg">Domain Name Registration</div>
<div id="checker"><form action="http://www.kintallon.com/client/domainchecker.php" method="post" enctype="multipart/form-data" id="domainform" style="margin:0px; padding:0px"><fieldset>

[...]

 <input name="imageField" type="image" src="../images/go.gif" alt="go" /></fieldset>
 </form>

 

 

If it were me, I'd do typical troubleshooting and copy the image files over to the SSL domain/sub-domain.

Not all server setups use separate folders for SSL (mainly Plesk does so). It's valid to use relative references and as long as the calling page is https, it works correctly.

 

I would still try copying over the image files, any images that are remote to the SSL, into the domain for troubleshooting purposes of finding why IE7 is issuing the warning.[/code]

[bear]

If it were me, I'd remove all external elements, including WHMCS code. Put things back one by one until the error reappears. It's the only way...starting with what works, and breaking it.

[Blueberry3.14]

If it were me, I'd remove all external elements, including WHMCS code. Put things back one by one until the error reappears. It's the only way...starting with what works, and breaking it.

 

Agreed. In medicine or in programming, the process of elimination is the quickest path to the problem.

[Angler]

If it were me, I'd remove all external elements, including WHMCS code. Put things back one by one until the error reappears. It's the only way...starting with what works, and breaking it.

 

Thanks for all the replies I have added the Google analytics back in since it seemed earlier no one had any idea what was causing the issue wasn't included when testing earlier have removed it again now

 

The problem is that i get the warning even when I set whmcs to use the basic templates with NO site integration or customization and it is only with the singlepage order form the other order forms are fine.

[Angler]

Right I did some more testing and this is the results

All test were performed using the basic templates that come with WHMCS so none of my own site code was part of the testing.

 

Using PORTAL theme:

works fine with default and boxes order forms from (whmcs v3.2.1 & v3.1.2)

get warning with the single page order form from (whmcs v3.2.1)

 

 

Using DEFAULT theme files from (whmcs v3.2.1)

get warning with all 3 order forms from (whmcs v3.2.1 & v3.1.2)

 

 

Using DEFAULT theme files from (whmcs v3.1.2)

works fine with default and boxes order forms from (whmcs v3.2.1 & v3.1.2)

get warning with the single page order form from (whmcs v3.2.1)

 

Still can't figure out what is causing it

[Blueberry3.14]

Right I did some more testing and this is the results

All test were performed using the basic templates that come with WHMCS so none of my own site code was part of the testing.

 

Using PORTAL theme:

works fine with default and boxes order forms from (whmcs v3.2.1 & v3.1.2)

get warning with the single page order form from (whmcs v3.2.1)

 

 

Using DEFAULT theme files from (whmcs v3.2.1)

get warning with all 3 order forms from (whmcs v3.2.1 & v3.1.2)

 

 

Using DEFAULT theme files from (whmcs v3.1.2)

works fine with default and boxes order forms from (whmcs v3.2.1 & v3.1.2)

get warning with the single page order form from (whmcs v3.2.1)

 

Still can't figure out what is causing it

 

I wouldn't assume the default code is free of standards errors. Running it through the validator http:///validator.w3c.org will likely help...process of elimination.

[Matt]

I wouldn't assume the default code is free of standards errors. Running it through the validator http:///validator.w3c.org will likely help...process of elimination.

Not using fully valid HTML markup doesn't result in security warnings.

 

If as the tests Angler has done suggest, that it is just the single page order form causing the issue, then it must be the javascript code in that form that's causing it for some reason. Has it been found to happen in any other browser than IE6 yet?

 

EDIT: Angler, open a ticket so I can have a look at this.

 

Matt

[Blueberry3.14]

I wouldn't assume the default code is free of standards errors. Running it through the validator http:///validator.w3c.org will likely help...process of elimination.

Not using fully valid HTML markup doesn't result in security warnings.

 

No, it doesn't, otherwise 70% of the Internet would cause IE to choke.

 

I meant that by eliminating any other issues, the cause of the warnings might be easier to spot. And the warnings I got, as well as one other person testing, were from IE7.

 

There's a setting in IE7 to allow mixed content, if you have that enabled that would explain the lack of warnings in IE7.

[bear]

Interesting, I hadn't checked my own install for this using IE6 (not in production), and it also has a cert warning. Looking forward to hearing the cause on this one.

[uberhost]

Interesting, I hadn't checked my own install for this using IE6 (not in production), and it also has a cert warning. Looking forward to hearing the cause on this one.

Same here. It's a bit disquieting since most of the world is still using IE6 as their browser of choice. Of course, the figures tend to be different for tech-savvy users.

 

Anyway, I hope it's diagnosed and fixed soon.

[Joweb]

I am having a similar issue wen submitting a ticke from the client area. Anyone else?

secure unsecure items message

[Matt]

That will be your own template problem, this issue is just the single page order form.

[Angler]

Matt has now fixed the problem with the single page order form and also with the default template giving the warning using any order form.

 

 

Anyone wanting the files which Matt changed can download them from here

 

http://www.kintallon.com/ie6_fix.zip

 

 

Matt if you would rather I didn't make these files available then please edit/delete this post

[bear]

Can we know what it was?

[Angler]

Can we know what it was?

 

Was going to tell you but Matt has updated the v3.2.1 download with the fixes and I had already changed my own files.

So I can't compare the files as they are now identical

 

changes were made to the footer.tpl of the default template and to step 1 & 2 of the single page order form.

 

I do know that at least one change to the order form was to the iframe code

[Matt]

Yep, it's the default src that needed setting. Before there was none set so it would just be loading the about:blank page. It'll be included in the V3.2.2 update.

 

Matt

[Blueberry3.14]

Can we know what it was?

 

Nope, trade secret!

[uberhost]

Can we know what it was?

 

Nope, trade secret!

I'll trade you a secret.

[bear]

Nope, trade secret!

 

Thanks, Matt.

[Gears]

I experienced this problem but fixed it by making sure all images and scripts were within the same directory that uses https. The Google analytics code must use the https too (which someone already mentioned in this post)

[Blueberry3.14]

Can we know what it was?

 

Nope, trade secret!

I'll trade you a secret.

 

Buhahahaha! But seriously...I've compared the changelog.txt files from the 3.2.1 I downloaded Friday, and the one that's there now, and the files are identical. So...I guess we're back to a trade secret

[Matt]

Be patient! You'll find the changed files for this issue in 3.2.2.

 

Matt