/ow_core/application.php
Line 925:
$markup = str_replace("http:", "https:", $markup);
Replace with:
$markup = str_replace("", "", $markup);
Line 929:
$search[$index] = str_replace($matches[2][$index], str_replace("http:", "https:", $matches[2][$index]), $search[$index]);
Replace with:
$search[$index] = str_replace($matches[2][$index], str_replace("", "", $matches[2][$index]), $search[$index]);
Note: What it does is make it so that http <a> links don't get converted to https. But if a user posts a link to the Newsfeed, the oEmbed image will still remain as http (it does that even without this edit). The best solution to fixing this is for Oxwall to download the image to the server and serve it from our own installation. They do something similar if you post an external image directly into the Newsfeed, but it must have been overlooked with regular links.
I've only tested this for a few minutes, would be good to have more feedback going through here. It's been way too long with HTTPS being broken on Oxwall, a patch is highly needed soon.
In the image above, the top status update is this image from Oxwall: http://www.oxwall.org/...owered-by-oxwall.png . The image is HTTPS as it's uploaded to the server and the static link stays as a reference. Good.
The second status update is simply linking to oxwall.com/messages/. The image that's pulled is not HTTPS, as it doesn't get uploaded to the server. Bad.
