WordPress.org

Make WordPress Core

Ticket #1372: wp-secure-schema.2.patch

File wp-secure-schema.2.patch, 4.4 KB (added by michaelmoore, 9 years ago)

Revised patch for WordPress SVN Revision 2657

  • wp-login.php

     
    1212        if ( isset( $_SERVER['PATH_INFO'] ) && ($_SERVER['PATH_INFO'] != $_SERVER['PHP_SELF']) ) 
    1313                $_SERVER['PHP_SELF'] = str_replace( $_SERVER['PATH_INFO'], '', $_SERVER['PHP_SELF'] ); 
    1414         
    15         if ( dirname('http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']) != get_settings('siteurl') ) 
    16                 update_option('siteurl', dirname('http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']) ); 
     15        $schema = (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS'])=='on')?'https://':'http://'; 
     16        if ( dirname($schema . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']) != get_settings('siteurl') ) 
     17                update_option('siteurl', dirname($schema . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']) ); 
    1718} 
    1819 
    1920switch($action) { 
  • wp-includes/functions.php

     
    685685                $link_url = $matches[2][$i]; 
    686686                $link_text = $matches[4][$i]; 
    687687                $content = str_replace($link_match, $link_text.' '.$link_number, $content); 
    688                 $link_url = (strtolower(substr($link_url,0,7)) != 'http://') ? get_settings('home') . $link_url : $link_url; 
     688                $link_url = ((strtolower(substr($link_url,0,7)) != 'http://')||(strtolower(substr($link_url,0,7)) != 'https://')) ? get_settings('home') . $link_url : $link_url; 
    689689                $links_summary .= "\n".$link_number.' '.$link_url; 
    690690        } 
    691691        $content = strip_tags($content); 
  • xmlrpc.php

     
    283283 
    284284          /* warning: here we make the assumption that the weblog's URI is on the same server */ 
    285285          $filename = get_settings('home') . '/'; 
    286           $filename = preg_replace('#http://.+?/#', $_SERVER['DOCUMENT_ROOT'].'/', $filename); 
     286          $filename = preg_replace('#https?://.+?/#', $_SERVER['DOCUMENT_ROOT'].'/', $filename); 
    287287 
    288288          $f = fopen($filename, 'r'); 
    289289          $content = fread($f, filesize($filename)); 
     
    317317 
    318318          /* warning: here we make the assumption that the weblog's URI is on the same server */ 
    319319          $filename = get_settings('home') . '/'; 
    320           $filename = preg_replace('#http://.+?/#', $_SERVER['DOCUMENT_ROOT'].'/', $filename); 
     320          $filename = preg_replace('#https?://.+?/#', $_SERVER['DOCUMENT_ROOT'].'/', $filename); 
    321321 
    322322          if ($f = fopen($filename, 'w+')) { 
    323323            fwrite($f, $content); 
     
    10861086                $error_code = -1; 
    10871087 
    10881088                // Check if the page linked to is in our site 
    1089                 $pos1 = strpos($pagelinkedto, str_replace('http://', '', str_replace('www.', '', get_settings('home')))); 
     1089                $pos1 = strpos($pagelinkedto, str_replace(array('http://www.','http://','https://www.','https://'), '', get_settings('home'))); 
    10901090                if( !$pos1 ) 
    10911091                        return new IXR_Error(0, 'Is there no link to us?'); 
    10921092 
  • wp-admin/install.php

     
    66require_once('../wp-config.php'); 
    77require_once('./upgrade-functions.php'); 
    88 
    9 $guessurl = str_replace('/wp-admin/install.php?step=2', '', 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) ); 
     9$schema = (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS'])=='on')?'https://':'http://'; 
     10$guessurl = str_replace('/wp-admin/install.php?step=2', '', $schema . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) ); 
    1011 
    1112if (isset($_GET['step'])) 
    1213        $step = $_GET['step']; 
  • wp-admin/upgrade-schema.php

     
    149149function populate_options() { 
    150150        global $wpdb; 
    151151 
    152         $guessurl = preg_replace('|/wp-admin/.*|i', '', 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']); 
     152        $schema = (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS'])=='on')?'https://':'http://'; 
     153        $guessurl = preg_replace('|/wp-admin/.*|i', '', $schema . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']); 
    153154        add_option('siteurl', $guessurl, __('WordPress web address')); 
    154155        add_option('blogname', __('My Weblog'), __('Blog title')); 
    155156        add_option('blogdescription', __('Just another WordPress weblog'), __('Short tagline'));