id	summary	reporter	owner	description	type	status	priority	milestone	component	version	severity	resolution	keywords	cc
13941	WP_CONTENT_URL should use site_url() to support HTTPS / SSL	micropat	ryan	"On HTTPS pages, users sometimes get 'insecure content' warnings from their browser.  This is commonly caused by plugins which use the ''WP_PLUGIN_URL'' constant to get the full plugin directory URL for the sake of loading static content.

The problem is that ''WP_PLUGIN_URL'' will always return the ''siteurl'' (as specified in Settings > General) and thus does not adjust from http:... to https:... when needed.

''WP_PLUGIN_URL'' is dependent on ''WP_CONTENT_URL'', and ''WP_CONTENT_URL'' is derived from ''get_option('siteurl')'', which only returns the ''siteurl'' and does not adjust for HTTPS pages. However, the ''site_url()'' function '''does''' adjust for HTTPS pages.

So, to fully support HTTPS and directives such as ''FORCE_SSL_LOGIN'' and ''FORCE_SSL_ADMIN'', ''WP_CONTENT_URL'' needs to use the ''site_url()'' function as proposed in my riveting one-liner patch.

Related #10198 #9008"	enhancement	new	normal	Future Release	General		normal		has-patch	micropat WordPress@… pauli.price@… jer@…