Index: wp-admin/ssl_proxy.php
===================================================================
--- wp-admin/ssl_proxy.php	(revision 0)
+++ wp-admin/ssl_proxy.php	(revision 0)
@@ -0,0 +1,50 @@
+<?php
+/**
+ * WordPress SSL Proxy
+ *
+ * @package WordPress
+ * @subpackage Administration
+ */
+
+// Get admin libs
+require_once('./admin.php');
+
+// Make sure URL is present
+if (empty($_REQUEST['url']))
+	default_image();
+
+// Get the URL arg
+$url = base64_decode($_REQUEST['url']);
+
+// Check that base64 decoded okay
+if ( false === $url )
+	default_image();
+
+// Make sure it's a valid URL
+if ( false === parse_url($url) )
+	default_image();
+
+// Fetch it
+$req = wp_remote_get(base64_decode($_REQUEST['url']));
+
+// Look for errors
+if ( is_wp_error($req) )
+	default_image();
+
+// Look for error status codes
+if ( $req['response']['code'] < 200 || $req['response']['code'] >= 400)
+	default_image();
+
+// Okay, no errors, show the image
+if (isset($req['headers']['content-type']))
+	header('Content-type: ' . $req['headers']['content-type']);
+echo $req['body'];
+
+/**
+ * Show the default image.  This is called when an error happened.
+ */
+function default_image() {
+	header('Content-type: image/gif');
+	readfile('./images/loading.gif');
+	die();
+}

Property changes on: wp-admin\ssl_proxy.php
___________________________________________________________________
Added: svn:eol-style
   + native

Index: wp-admin/edit-comments.php
===================================================================
--- wp-admin/edit-comments.php	(revision 19037)
+++ wp-admin/edit-comments.php	(working copy)
@@ -16,6 +16,10 @@
 
 $doaction = $wp_list_table->current_action();
 
+// Filter out any insecure content to avoid SSL warnings
+if ( is_ssl() )
+	add_filter( 'comment_text', 'proxy_insecure_content', 999 );
+
 if ( $doaction ) {
 	check_admin_referer( 'bulk-comments' );
 
Index: wp-includes/comment-template.php
===================================================================
--- wp-includes/comment-template.php	(revision 19037)
+++ wp-includes/comment-template.php	(working copy)
@@ -615,6 +615,44 @@
 }
 
 /**
+ * Filter out any images from insecure sources 
+ * @param string $content
+ * @return string
+ */
+function proxy_insecure_content($content) {
+	if ( preg_match_all('/src=[\'"]?([^\'">]+)[\'"]?/iS', $content, $matches )) {
+		foreach ( $matches[1] as $k => $v ) {
+			$parts = parse_url($v);
+			if ( $parts === false )
+				continue;
+			
+			// If we can just slap "https://" onto the front, go ahead
+			if ( $parts['host'] == $_SERVER['HTTP_HOST'] ) {
+				$url = str_replace('http://', 'https://', $v);
+
+			// If not, it's probably an external image and needs to be proxied
+			} else {
+				$url = get_ssl_proxy_url($v);
+			}
+			
+			// Update the content
+			$content = str_replace($v, $url, $content);
+		}
+	}
+	return $content;
+}
+
+/**
+ * Run non-secure items through an SSL proxy
+ * Why base64 encode?  mod_security will detect it as an attack otherwise.
+ * @param string $url
+ * @return string
+ */
+function get_ssl_proxy_url($url) {
+	return get_admin_url() . 'ssl_proxy.php?url=' . base64_encode($url);
+}
+
+/**
  * Retrieve the comment time of the current comment.
  *
  * @since 1.5.0
Index: wp-admin/admin-ajax.php
===================================================================
--- wp-admin/admin-ajax.php	(revision 19037)
+++ wp-admin/admin-ajax.php	(working copy)
@@ -733,6 +733,9 @@
 	$wp_list_table = _get_list_table( $checkbox ? 'WP_Comments_List_Table' : 'WP_Post_Comments_List_Table' );
 
 	ob_start();
+		// Filter out any insecure content to avoid SSL warnings
+		if ( is_ssl() )
+			add_filter( 'comment_text', 'proxy_insecure_content', 999 );
 		$wp_list_table->single_row( get_comment( $comment_id ) );
 		$comment_list_item = ob_get_contents();
 	ob_end_clean();