WP_CONTENT_URL breaking FORCE_ADMIN_SSL in administration
|Reported by:||beautomated||Owned by:|
WP_CONTENT_URL isn't converting to https:// when the FORCE_ADMIN_SSL is enabled and the user is in the wp-admin folder. This causes various plugins that include CSS and JS in the admin area to break the security causing browser havoc. I think that when WP_CONTENT_URL is set it should first check if is_admin() and FORCE_ADMIN_SSL are both true, and if so use https:// instead. To reproduce this issue, set FORCE_ADMIN_SSL to true and install the free Defensio antispam plugin, then log into wp-admin and see the http:// CSS link in the source code. This plugin example uses WP_PLUGIN_URL in its source. Thank you.