Skip to:

Few Patches Uploaded to MU, and BB. You use them, I know you do.

  • Jason Giedymin


    Some of you may have seen I’ve been trying to get security working smoothly across the stack.

    (I hate security programming btw but it has to get done.)

    These patches should help ease some MU <-> BBpress frustrations.

    I know for a lot of you this has been a problem and this is important as all of you guys are most likely running MU and BBpress for BP forum functionality.

    ::Your the best::

    BuddyPress has by far the best team of Devs, Mods, and Contributors of any of the apps in the Automattic stack. Maybe because it’s the nature of the app? I can hardly get a hold of any of the leads from Mu or BB.

    ::The horses mouth::

    One Spanking good piece of info not in the trac notes: The patches also allows silo’d proper ssl flagged loggins per MU site with bbpress. It plays nice with multi-site.


    You need to make this change to the bbpress integration plugin:

    function bbpress_integration_set_bb_cookies( $uri, $expire = false, $expiration = '', $user_id = '' )
    if ( !$uri_parsed = @parse_url( $uri ) ) {
    return false;

    $secure = false; //Default no auth
    if ( force_ssl_login() || force_ssl_admin() )
    $secure = true; //Will create secure flagged cookies

    ::The Patches::

    ::If it don’t work::

    Don’t blame me! :-)

    ::If It does::

    Be Happy!

Viewing 7 replies - 1 through 7 (of 7 total)

  • Paul Gibbs


    Thanks for sending the patches in to the relevant projects!

    Jeff Sayre


    Jason, good stuff!

    Thanks for your continued contributions.

    Jason Giedymin


    I forgot one more patch, and thats for BuddyPress.

    I haven’t submitted it yet (i’m beat…)

    When you have applied everything I’ve submitted above, you need to be in an HTTPS session to edit/submit anything.

    For instance, after logging in and going to your activity list you will see the login form again. This is because the cookies set are secure cookies. If you were to go in your browser and change the scheme to https, you will see that buddypress will mark you as logged in and you can change whatever settings you need. This is what I was trying to achieve, complete HTTPS sessions for when it is flagged.

    And also, thanks to R-A-Y for #979.

    I think after 979 + this new patch, SSL will be complete for buddypress (famous last words)!

    I have a feeling though a backpress update may be in order though..(me ranting)



    I’m one of those guys trying to get security working smoothly across the *Press stack ;)

    Jason has really been on top with getting the *Press entities fully SSL-compatible; I’ve been privately bugging Jason with SSL questions and he’s been great with responding to everything.

    Thanks for all the advice and feedback, Jason (so far)!

    Jason Giedymin


    Added an additional patch and Function for MU.

    Would be nice if we could have it…

    Will be used for BP as a filter, as shown in trac notes.

    Patches Recap (Project SSL):


    Jason Giedymin


    Deferring ticket # 979 until MU Ticket # 1111 is passed, in case anyone was following that ticket (gets your Buddypress gravatars to use https).

    Jason Giedymin


    Patches Recap (Project SSL):

    A lot depends on 1111 and 1107.

    It introduces ‘force_ssl_content’ and I think everything under the sun can use it.

    If 1111 goes through you might as well add ‘Securing Buddypress’ to the roadmap, let R-A-Y, the gang and myself loose on this task.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Few Patches Uploaded to MU, and BB. You use them, I know you do.’ is closed to new replies.
Skip to toolbar