Ticket #15928: 15928.5.patch

src/wp-includes/post.php

@@ -4944 +4944 @@
                 $url = get_the_guid( $post->ID );
         }
 
+        // URLs should use HTTPS scheme if using SSL to avoid insecure content errors.
+        if ( is_ssl() || ( is_admin() && force_ssl_admin() ) ) {
+                $url = set_url_scheme( $url, 'https');
+        }
+
+        return $url;
+
         /**
          * Filter the attachment URL.
          *

tests/phpunit/tests/post/attachments.php

@@ -278 +278 @@
                 $this->assertEquals( $attachment->post_parent, $post_id );
         }
 
+        /**
+         * @ticket 15928
+         */
+        public function test_wp_get_attachment_url_on_dashboard_with_force_ssl_admin() {
+                $filename = ( DIR_TESTDATA . '/images/test-image.jpg' );
+                $contents = file_get_contents( $filename );
+
+                $upload = wp_upload_bits( basename( $filename ), null, $contents );
+                $this->assertTrue( empty( $upload['error'] ) );
+
+                // Set attachment ID
+                $attachment_id = $this->_make_attachment( $upload );
+
+                // Remember initial settings
+                $force_ssl_admin = force_ssl_admin();
+
+                // Force SSL in the admin
+                force_ssl_admin( true );
+
+                // Should return scheme HTTPS in admin when SSL forced
+                set_current_screen( 'dashboard' );
+                $url = wp_get_attachment_url( $attachment_id );
+                $this->assertSame( $url, set_url_scheme( $url, 'https' ) );
+
+                force_ssl_admin( $force_ssl_admin );
+        }
+
+        /**
+         * @ticket 15928
+         */
+        public function test_wp_get_attachment_url_on_front_end_with_https_off() {
+                $filename = ( DIR_TESTDATA . '/images/test-image.jpg' );
+                $contents = file_get_contents( $filename );
+
+                $upload = wp_upload_bits( basename( $filename ), null, $contents );
+                $this->assertTrue( empty( $upload['error'] ) );
+
+                // Set attachment ID
+                $attachment_id = $this->_make_attachment( $upload );
+
+                $is_ssl = is_ssl();
+                $_SERVER['HTTPS'] = 'off';
+
+                // Test non-admin pages
+                set_current_screen( 'front' );
+                $url = wp_get_attachment_url( $attachment_id );
+                $this->assertSame( $url, set_url_scheme( $url, 'http' ) );
+
+                $_SERVER['HTTPS'] = $is_ssl ? 'on' : 'off';
+        }
+
+        /**
+         * @ticket 15928
+         */
+        public function test_wp_get_attachment_url_on_front_end_with_https_on() {
+                $filename = ( DIR_TESTDATA . '/images/test-image.jpg' );
+                $contents = file_get_contents( $filename );
+
+                $upload = wp_upload_bits( basename( $filename ), null, $contents );
+                $this->assertTrue( empty( $upload['error'] ) );
+
+                // Set attachment ID
+                $attachment_id = $this->_make_attachment( $upload );
+
+                $is_ssl = is_ssl();
+                $_SERVER['HTTPS'] = 'on';
+
+                // Test non-admin pages
+                set_current_screen( 'front' );
+                $url = wp_get_attachment_url( $attachment_id );
+                $this->assertSame( $url, set_url_scheme( $url, 'https' ) );
+
+                $_SERVER['HTTPS'] = $is_ssl ? 'on' : 'off';
+        }
 }