I *think* that the ajaxlogin is the most security conscious part of this bug. js/mahara.js->ajaxlogin() sends the json login request to config.wwwroot + 'minilogin.php' which will ignore the httpswwwroot set for auths.
I *think* that the ajaxlogin is the most security conscious part of this bug. js->ajaxlogin( ) sends the json login request to config.wwwroot + 'minilogin.php' which will ignore the httpswwwroot set for auths.
js/mahara.