WordPress.org

Make WordPress Core

Ticket #1372: wp-secure-schema.2.patch

File wp-secure-schema.2.patch, 4.4 KB (added by michaelmoore, 13 years ago)

Revised patch for WordPress SVN Revision 2657

  • wp-login.php

     
    1212        if ( isset( $_SERVER['PATH_INFO'] ) && ($_SERVER['PATH_INFO'] != $_SERVER['PHP_SELF']) )
    1313                $_SERVER['PHP_SELF'] = str_replace( $_SERVER['PATH_INFO'], '', $_SERVER['PHP_SELF'] );
    1414       
    15         if ( dirname('http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']) != get_settings('siteurl') )
    16                 update_option('siteurl', dirname('http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']) );
     15        $schema = (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS'])=='on')?'https://':'http://';
     16        if ( dirname($schema . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']) != get_settings('siteurl') )
     17                update_option('siteurl', dirname($schema . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']) );
    1718}
    1819
    1920switch($action) {
  • wp-includes/functions.php

     
    685685                $link_url = $matches[2][$i];
    686686                $link_text = $matches[4][$i];
    687687                $content = str_replace($link_match, $link_text.' '.$link_number, $content);
    688                 $link_url = (strtolower(substr($link_url,0,7)) != 'http://') ? get_settings('home') . $link_url : $link_url;
     688                $link_url = ((strtolower(substr($link_url,0,7)) != 'http://')||(strtolower(substr($link_url,0,7)) != 'https://')) ? get_settings('home') . $link_url : $link_url;
    689689                $links_summary .= "\n".$link_number.' '.$link_url;
    690690        }
    691691        $content = strip_tags($content);
  • xmlrpc.php

     
    283283
    284284          /* warning: here we make the assumption that the weblog's URI is on the same server */
    285285          $filename = get_settings('home') . '/';
    286           $filename = preg_replace('#http://.+?/#', $_SERVER['DOCUMENT_ROOT'].'/', $filename);
     286          $filename = preg_replace('#https?://.+?/#', $_SERVER['DOCUMENT_ROOT'].'/', $filename);
    287287
    288288          $f = fopen($filename, 'r');
    289289          $content = fread($f, filesize($filename));
     
    317317
    318318          /* warning: here we make the assumption that the weblog's URI is on the same server */
    319319          $filename = get_settings('home') . '/';
    320           $filename = preg_replace('#http://.+?/#', $_SERVER['DOCUMENT_ROOT'].'/', $filename);
     320          $filename = preg_replace('#https?://.+?/#', $_SERVER['DOCUMENT_ROOT'].'/', $filename);
    321321
    322322          if ($f = fopen($filename, 'w+')) {
    323323            fwrite($f, $content);
     
    10861086                $error_code = -1;
    10871087
    10881088                // Check if the page linked to is in our site
    1089                 $pos1 = strpos($pagelinkedto, str_replace('http://', '', str_replace('www.', '', get_settings('home'))));
     1089                $pos1 = strpos($pagelinkedto, str_replace(array('http://www.','http://','https://www.','https://'), '', get_settings('home')));
    10901090                if( !$pos1 )
    10911091                        return new IXR_Error(0, 'Is there no link to us?');
    10921092
  • wp-admin/install.php

     
    66require_once('../wp-config.php');
    77require_once('./upgrade-functions.php');
    88
    9 $guessurl = str_replace('/wp-admin/install.php?step=2', '', 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) );
     9$schema = (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS'])=='on')?'https://':'http://';
     10$guessurl = str_replace('/wp-admin/install.php?step=2', '', $schema . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) );
    1011
    1112if (isset($_GET['step']))
    1213        $step = $_GET['step'];
  • wp-admin/upgrade-schema.php

     
    149149function populate_options() {
    150150        global $wpdb;
    151151
    152         $guessurl = preg_replace('|/wp-admin/.*|i', '', 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
     152        $schema = (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS'])=='on')?'https://':'http://';
     153        $guessurl = preg_replace('|/wp-admin/.*|i', '', $schema . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
    153154        add_option('siteurl', $guessurl, __('WordPress web address'));
    154155        add_option('blogname', __('My Weblog'), __('Blog title'));
    155156        add_option('blogdescription', __('Just another WordPress weblog'), __('Short tagline'));