Bug :: File Downloads + SSL Filters + Cross-Protocol IP Changes

[jaswrks]

It recently came to my attention that it is somewhat common for a user's IP address to change depending on the current protocol they are communicating over; i.e., https vs. http.

In the case of s2Member's File Download Keys; a "key" is generally connected to a specific IP address. Thus, if you create a download link that is served from an SSL page, but the link is served over http, there is a chance of authentication failure—depending on a customer's ISP.

In the current release of s2Member, the protocol is automatically matched up. So not an issue there. However, if you apply s2member_force_ssl = yes as a Post/Page Custom Field, there is a problem that can arise as a result of s2Member filtering the HTML markup to force all resources over SSL, and all links over http by default.

Referencing this line of code. ~ Special consideration should be given to s2Member File Download URLs here. Note: this is an edge case, but an important issue that should be resolved.

[jaswrks]

Next Release Changelog:

• (s2Member/s2Member Pro) SSL Edge Case: This release corrects an SSL + Protected File Download problem that may have occurred in rare circumstances. Reproducing this required that you have a user with an ISP that changed their IP address whenever they accessed a site over https instead of http, and that an s2Member Protected File Download link is presented on an HTTPS page. And, that you were using s2Member's own force-SSL filters. A symptom of this issue was to receive mysterious reports of a user getting a 503 error when trying to access a protected file. Resolved in this release. See this GitHub issue if you'd like additional details.