Opened 3 years ago
Last modified 8 months ago
#14873 new defect (bug)
HTTPS related issue with ms-settings.php — at Initial Version
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Priority: | normal | Milestone: | Future Release |
| Component: | Multisite | Version: | 2.9 |
| Severity: | normal | Keywords: | has-patch dev-feedback |
| Cc: |
Description
ms-settings.php hard-codes "http://" in a few places. This didn't impact me, but I can see that it might impact someone.
Hopefully, a developer can take a look at the code and verify that, in fact, it has to change. Seems like it does since hard-coding "http:" isn't a good practice, but I don't want to claim it since I haven't seen the need for it personally.
Here's the updated code that needs to replace the code in ms-settings.php starting at line 83 and ending at line 105:
if ( ! defined( 'WP_INSTALLING' ) && is_subdomain_install() && ! is_object( $current_blog ) ) {
if ( defined( 'NOBLOGREDIRECT' ) ) {
$destination = NOBLOGREDIRECT;
if ( '%siteurl%' == $destination )
$destination = $protocol . $current_site->domain . $current_site->path;
} else {
$destination = $protocol . $current_site->domain . $current_site->path . 'wp-signup.php?new=' . str_replace( '.' . $current_site->domain, , $domain );
}
header( 'Location: ' . $destination );
die();
}
if ( ! defined( 'WP_INSTALLING' ) ) {
if ( $current_site && ! $current_blog ) {
if ( $current_site->domain != $_SERVER[ 'HTTP_HOST' ] ) {
header( 'Location: ' . $protocol . $current_site->domain . $current_site->path );
exit;
}
$current_blog = get_blog_details( array( 'domain' => $current_site->domain, 'path' => $current_site->path ), false );
}
if ( ! $current_blog ! $current_site ) ms_not_installed();
}
Updated ms-settings.php with HTTPS fix