Permalink
Browse files

Don’t send donators’ e-mail addresses unencrypted

  • Loading branch information...
maffe authored and ansgarbecker committed Dec 11, 2017
1 parent 0786673 commit 10668bc370c4779246afaf39316492da6422f50a
Showing with 1 addition and 1 deletion.
  1. +1 −1 source/main.pas
View
@@ -12134,7 +12134,7 @@ function TMainForm.HasDonated(ForceCheck: Boolean): TThreeStateBoolean;
// = 2 : Valid donor
rx := TRegExpr.Create;
CheckWebpage := THttpDownload.Create(MainForm);
CheckWebpage.URL := GetAppWebsite(False) + 'hasdonated.php?email='+EncodeURLParam(Email);
CheckWebpage.URL := GetAppWebsite(True) + 'hasdonated.php?email='+EncodeURLParam(Email);
CheckWebpage.TimeOut := 3;
TempFileName := GetTempDir + '\' + APPNAME + '_hasdonated_check.tmp';
try

4 comments on commit 10668bc

@ansgarbecker

This comment has been minimized.

Show comment
Hide comment
@ansgarbecker

ansgarbecker Jan 2, 2018

Collaborator

I knew I had a reason for using http here. I just got feedback from a WinXP user, which cannot call any of the https pages internally with HeidiSQL.

Collaborator

ansgarbecker replied Jan 2, 2018

I knew I had a reason for using http here. I just got feedback from a WinXP user, which cannot call any of the https pages internally with HeidiSQL.

@Zulgrib

This comment has been minimized.

Show comment
Hide comment
@Zulgrib

Zulgrib Jan 15, 2018

XP is not supported by Microsoft anymore and security is more important.

Zulgrib replied Jan 15, 2018

XP is not supported by Microsoft anymore and security is more important.

@ansgarbecker

This comment has been minimized.

Show comment
Hide comment
@ansgarbecker

ansgarbecker Jan 15, 2018

Collaborator

Yes, definitely. But if third world countries are stuck to XP, then that also matters.

Please note that using http is just the fallback for cases in which https does not load.

Collaborator

ansgarbecker replied Jan 15, 2018

Yes, definitely. But if third world countries are stuck to XP, then that also matters.

Please note that using http is just the fallback for cases in which https does not load.

@maffe

This comment has been minimized.

Show comment
Hide comment
@maffe

maffe Mar 2, 2018

Contributor

Is there a prompt before using unencrypted HTTP? I’d rather know something’s wrong with my connection (technical problem or MITM) than having my personal data sent unencrypted.

Contributor

maffe replied Mar 2, 2018

Is there a prompt before using unencrypted HTTP? I’d rather know something’s wrong with my connection (technical problem or MITM) than having my personal data sent unencrypted.

Please sign in to comment.