Details
-
Type:
Bug
-
Status: Done/Fixed
-
Priority:
Major
-
Resolution: Won't Fix
-
Affects Version/s: 4.4.7
-
Fix Version/s: 4.5.3
-
Component/s: CiviCRM Profile
-
Labels:None
-
Documentation Required?:None
Description
After the POODLE vulnerability was discovered, my hosting provider disabled SSL3 on all HTTP Apache connections and my users started seeing warnings like this:
Warning: getimagesize() [function.getimagesize]: Failed to enable crypto in [...]/public_html/wp-content/plugins/civicrm/civicrm/CRM/Core/BAO/UFGroup.php on line 1114
Warning: getimagesize(https://[...]/?page=CiviCRM&q=civicrm/contact/imagefile&photo=xyz.jpg) [function.getimagesize]: failed to open stream: operation failed in /[...]/public_html/wp-content/plugins/civicrm/civicrm/CRM/Core/BAO/UFGroup.php on line 1114
![https://[...]/?page=CiviCRM&q=civicrm/contact/imagefile&photo=xyz.jpg](https://[...]/?page=CiviCRM&q=civicrm/contact/imagefile&photo=xyz.jpg){kind=link}
I have no idea if this is a serious problem, but I did work with my host to confirm that the cause is SSL v3. The site still works, so I have suppressed the display of error messages for now. Obviously this only affects https: connections – I force SSL everywhere on this site.
This probably affects current versions (4.5.x) but I cannot confirm because the demo sites do not use SSL.