WordPress.org

Make WordPress Core

Ticket #19037: ssl.patch

File ssl.patch, 22.3 KB (added by MarcusPope, 3 years ago)

patch for ssl checking logic

  • wp-admin/includes/class-wp-list-table.php

    diff -r 0c4c93d6bc0c wp-admin/includes/class-wp-list-table.php
    a b  
    486486 
    487487                $current = $this->get_pagenum(); 
    488488 
    489                 $current_url = ( is_ssl() ? 'https://' : 'http://' ) . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; 
     489                $current_url = scheme( 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] ); 
    490490 
    491491                $current_url = remove_query_arg( array( 'hotkeys_highlight_last', 'hotkeys_highlight_first' ), $current_url ); 
    492492 
     
    645645 
    646646                list( $columns, $hidden, $sortable ) = $this->get_column_info(); 
    647647 
    648                 $current_url = ( is_ssl() ? 'https://' : 'http://' ) . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; 
     648                $current_url = scheme( 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] ); 
    649649                $current_url = remove_query_arg( 'paged', $current_url ); 
    650650 
    651651                if ( isset( $_GET['orderby'] ) ) 
  • wp-admin/includes/class-wp-themes-list-table.php

    diff -r 0c4c93d6bc0c wp-admin/includes/class-wp-themes-list-table.php
    a b  
    155155        $parent_theme = $themes[$theme_name]['Parent Theme']; 
    156156        $theme_root = $themes[$theme_name]['Theme Root']; 
    157157        $theme_root_uri = $themes[$theme_name]['Theme Root URI']; 
    158         $preview_link = esc_url( get_option( 'home' ) . '/' ); 
    159         if ( is_ssl() ) 
    160                 $preview_link = str_replace( 'http://', 'https://', $preview_link ); 
     158        $preview_link = scheme( esc_url( get_option( 'home' ) . '/' ) ); 
    161159        $preview_link = htmlspecialchars( add_query_arg( array( 'preview' => 1, 'template' => $template, 'stylesheet' => $stylesheet, 'preview_iframe' => true, 'TB_iframe' => 'true' ), $preview_link ) ); 
    162160        $preview_text = esc_attr( sprintf( __( 'Preview of “%s”' ), $title ) ); 
    163161        $tags = $themes[$theme_name]['Tags']; 
  • wp-admin/includes/meta-boxes.php

    diff -r 0c4c93d6bc0c wp-admin/includes/meta-boxes.php
    a b  
    4242        $preview_button = __( 'Preview Changes' ); 
    4343} else { 
    4444        $preview_link = get_permalink( $post->ID ); 
    45         if ( is_ssl() ) 
    46                 $preview_link = str_replace( 'http://', 'https://', $preview_link ); 
    4745        $preview_link = esc_url( apply_filters( 'preview_post_link', add_query_arg( 'preview', 'true', $preview_link ) ) ); 
    4846        $preview_button = __( 'Preview' ); 
    4947} 
  • wp-admin/includes/plugin.php

    diff -r 0c4c93d6bc0c wp-admin/includes/plugin.php
    a b  
    877877 
    878878        if ( empty($icon_url) ) 
    879879                $icon_url = esc_url( admin_url( 'images/generic.png' ) ); 
    880         elseif ( is_ssl() && 0 === strpos($icon_url, 'http://') ) 
    881                 $icon_url = 'https://' . substr($icon_url, 7); 
    882880 
    883         $new_menu = array( $menu_title, $capability, $menu_slug, $page_title, 'menu-top ' . $hookname, $hookname, $icon_url ); 
     881        $new_menu = array( $menu_title, $capability, $menu_slug, $page_title, 'menu-top ' . $hookname, $hookname, scheme($icon_url) ); 
    884882 
    885883        if ( null === $position  ) 
    886884                $menu[] = $new_menu; 
  • wp-admin/includes/post.php

    diff -r 0c4c93d6bc0c wp-admin/includes/post.php
    a b  
    14881488 
    14891489                        foreach ( $mce_external_plugins as $name => $url ) { 
    14901490 
    1491                                 if ( is_ssl() ) $url = str_replace('http://', 'https://', $url); 
     1491                                $url = scheme($url); 
    14921492 
    14931493                                $plugins[] = '-' . $name; 
    14941494 
     
    18601860<div class="fullscreen-overlay fullscreen-fader fade-600" id="fullscreen-fader"></div> 
    18611861<?php 
    18621862} 
    1863  
    1864  
  • wp-admin/network/site-info.php

    diff -r 0c4c93d6bc0c wp-admin/network/site-info.php
    a b  
    118118                <tr class="form-field form-required"> 
    119119                        <th scope="row"><?php _e( 'Domain' ) ?></th> 
    120120                        <?php 
    121                         $protocol = is_ssl() ? 'https://' : 'http://'; 
    122121                        if ( $is_main_site ) { ?> 
    123                         <td><code><?php echo $protocol; echo esc_attr( $details->domain ) ?></code></td> 
     122                        <td><code><?php echo esc_attr( $details->domain ) ?></code></td> 
    124123                        <?php } else { ?> 
    125                         <td><?php echo $protocol; ?><input name="blog[domain]" type="text" id="domain" value="<?php echo esc_attr( $details->domain ) ?>" size="33" /></td> 
     124                        <td><input name="blog[domain]" type="text" id="domain" value="<?php echo esc_attr( $details->domain ) ?>" size="33" /></td> 
    126125                        <?php } ?> 
    127126                </tr> 
    128127                <tr class="form-field form-required"> 
  • wp-admin/setup-config.php

    diff -r 0c4c93d6bc0c wp-admin/setup-config.php
    a b  
    192192                 * @ignore 
    193193                 */ 
    194194                function get_bloginfo() { 
    195                         return ( ( is_ssl() ? 'https://' : 'http://' ) . $_SERVER['HTTP_HOST'] . str_replace( $_SERVER['PHP_SELF'], '/wp-admin/setup-config.php', '' ) ); 
     195                        return ( scheme( 'http://' . $_SERVER['HTTP_HOST'] ) ); 
    196196                } 
    197197                /**#@-*/ 
    198198                $secret_keys = wp_remote_get( 'https://api.wordpress.org/secret-key/1.1/salt/' ); 
  • wp-includes/canonical.php

    diff -r 0c4c93d6bc0c wp-includes/canonical.php
    a b  
    4040        if ( is_trackback() || is_search() || is_comments_popup() || is_admin() || !empty($_POST) || is_preview() || is_robots() || $is_IIS ) 
    4141                return; 
    4242 
    43         if ( !$requested_url ) { 
     43        if ( ! $requested_url ) { 
    4444                // build the URL in the address bar 
    45                 $requested_url  = is_ssl() ? 'https://' : 'http://'; 
    46                 $requested_url .= $_SERVER['HTTP_HOST']; 
    47                 $requested_url .= $_SERVER['REQUEST_URI']; 
     45                $requested_url  = scheme('http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']); 
    4846        } 
    4947 
    5048        $original = @parse_url($requested_url); 
  • wp-includes/class-wp-admin-bar.php

    diff -r 0c4c93d6bc0c wp-includes/class-wp-admin-bar.php
    a b  
    33        var $changed_locale = false; 
    44        var $menu; 
    55        var $need_to_change_locale = false; 
    6         var $proto = 'http://'; 
    76        var $user; 
    87 
    98        function initialize() { 
    10                 /* Set the protocol used throughout this code */ 
    11                 if ( is_ssl() ) 
    12                         $this->proto = 'https://'; 
    13  
    149                $this->user = new stdClass; 
    1510                $this->menu = new stdClass; 
    1611 
  • wp-includes/class-wp-xmlrpc-server.php

    diff -r 0c4c93d6bc0c wp-includes/class-wp-xmlrpc-server.php
    a b  
    17521752                global $current_blog; 
    17531753                $domain = $current_blog->domain; 
    17541754                $path = $current_blog->path . 'xmlrpc.php'; 
    1755                 $protocol = is_ssl() ? 'https' : 'http'; 
    1756  
    1757                 $rpc = new IXR_Client("$protocol://{$domain}{$path}"); 
     1755 
     1756                $rpc = new IXR_Client(scheme("http://{$domain}{$path}")); 
    17581757                $rpc->query('wp.getUsersBlogs', $args[1], $args[2]); 
    17591758                $blogs = $rpc->getResponse(); 
    17601759 
  • wp-includes/feed.php

    diff -r 0c4c93d6bc0c wp-includes/feed.php
    a b  
    486486 */ 
    487487function self_link() { 
    488488        $host = @parse_url(home_url()); 
    489         $host = $host['host']; 
    490         echo esc_url( 
    491                 'http' 
    492                 . ( (isset($_SERVER['https']) && $_SERVER['https'] == 'on') ? 's' : '' ) . '://' 
    493                 . $host 
    494                 . stripslashes($_SERVER['REQUEST_URI']) 
    495                 ); 
     489        echo esc_url( $host['scheme'] . '://' . $host['host'] . stripslashes( $_SERVER['REQUEST_URI'] ) ); 
    496490} 
    497491 
    498492/** 
  • wp-includes/functions.php

    diff -r 0c4c93d6bc0c wp-includes/functions.php
    a b  
    36223622} 
    36233623 
    36243624/** 
     3625 * Properly format the scheme of any URL based on SSL state.  Safe for use with relative URLs 
     3626 * 
     3627 * @since 3.2.X 
     3628 * 
     3629 * @param string $url 
     3630 * @return string A string representing a url with the proper scheme given the SSL state of this site 
     3631 */ 
     3632function scheme( $url ) { 
     3633    if (is_ssl()) { 
     3634        $url = str_replace('http://', 'https://', $url); 
     3635    } 
     3636    else { 
     3637        $url = str_replace('https://', 'http://', $url); 
     3638    } 
     3639 
     3640    return $url; 
     3641} 
     3642 
     3643/** 
     3644 * Forces an ssl redirect for authentication if SSL is required and we're not currently using an HTTPS scheme 
     3645 * 
     3646 * @since 3.2.X 
     3647 * 
     3648 * @return bool true if request needs secure redirect 
     3649 */ 
     3650function ssl_redirect() { 
     3651 
     3652    $secure = ( is_ssl() || force_ssl_admin() ); 
     3653 
     3654        $secure = apply_filters('secure_auth_redirect', $secure); 
     3655 
     3656    // If https is required and request is http, redirect 
     3657    if ( $secure && !is_ssl() && false !== strpos($_SERVER['REQUEST_URI'], 'wp-admin') ) { 
     3658        do_ssl_redirect(); 
     3659    } 
     3660 
     3661    return $secure; 
     3662} 
     3663 
     3664/** 
     3665 * Does actual redirect for https scheme 
     3666 * 
     3667 * @since 3.2.X 
     3668 * 
     3669 * @return null 
     3670 */ 
     3671function do_ssl_redirect() { 
     3672 
     3673    if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) { 
     3674        wp_redirect(preg_replace('|^http://|', 'https://', $_SERVER['REQUEST_URI'])); 
     3675        exit(); 
     3676    } else { 
     3677        wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']); 
     3678        exit(); 
     3679    } 
     3680} 
     3681 
     3682/** 
    36253683 * Whether SSL login should be forced. 
    36263684 * 
    36273685 * @since 2.6.0 
     
    36753733        if ( defined('WP_SITEURL') && '' != WP_SITEURL ) { 
    36763734                $url = WP_SITEURL; 
    36773735        } else { 
    3678                 $schema = is_ssl() ? 'https://' : 'http://'; 
    3679                 $url = preg_replace('|/wp-admin/.*|i', '', $schema . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']); 
     3736                $url = preg_replace('|/wp-admin/.*|i', '', scheme('http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'])); 
    36803737        } 
    36813738        return rtrim($url, '/'); 
    36823739} 
  • wp-includes/link-template.php

    diff -r 0c4c93d6bc0c wp-includes/link-template.php
    a b  
    19261926 * Retrieve the home url for the current site. 
    19271927 * 
    19281928 * Returns the 'home' option with the appropriate protocol,  'https' if 
    1929  * is_ssl() and 'http' otherwise. If $scheme is 'http' or 'https', is_ssl() is 
     1929 * is_ssl and 'http' otherwise. If $scheme is 'http' or 'https', is_ssl is 
    19301930 * overridden. 
    19311931 * 
    19321932 * @package WordPress 
     
    19461946 * Retrieve the home url for a given site. 
    19471947 * 
    19481948 * Returns the 'home' option with the appropriate protocol,  'https' if 
    1949  * is_ssl() and 'http' otherwise. If $scheme is 'http' or 'https', is_ssl() is 
     1949 * is_ssl and 'http' otherwise. If $scheme is 'http' or 'https', is_ssl is 
    19501950 * overridden. 
    19511951 * 
    19521952 * @package WordPress 
     
    19811981 * Retrieve the site url for the current site. 
    19821982 * 
    19831983 * Returns the 'site_url' option with the appropriate protocol,  'https' if 
    1984  * is_ssl() and 'http' otherwise. If $scheme is 'http' or 'https', is_ssl() is 
     1984 * is_ssl and 'http' otherwise. If $scheme is 'http' or 'https', is_ssl is 
    19851985 * overridden. 
    19861986 * 
    19871987 * @package WordPress 
     
    20012001 * Retrieve the site url for a given site. 
    20022002 * 
    20032003 * Returns the 'site_url' option with the appropriate protocol,  'https' if 
    2004  * is_ssl() and 'http' otherwise. If $scheme is 'http' or 'https', is_ssl() is 
     2004 * is_ssl and 'http' otherwise. If $scheme is 'http' or 'https', is_ssl is 
    20052005 * overridden. 
    20062006 * 
    20072007 * @package WordPress 
     
    20472047 * @since 2.6.0 
    20482048 * 
    20492049 * @param string $path Optional path relative to the admin url 
    2050  * @param string $scheme The scheme to use. Default is 'admin', which obeys force_ssl_admin() and is_ssl(). 'http' or 'https' can be passed to force those schemes. 
     2050 * @param string $scheme The scheme to use. Default is 'admin', which obeys force_ssl_admin() and is_ssl. 'http' or 'https' can be passed to force those schemes. 
    20512051 * @return string Admin url link with optional path appended 
    20522052*/ 
    20532053function admin_url( $path = '', $scheme = 'admin' ) { 
     
    20622062 * 
    20632063 * @param int $blog_id (optional) Blog ID. Defaults to current blog. 
    20642064 * @param string $path Optional path relative to the admin url 
    2065  * @param string $scheme The scheme to use. Default is 'admin', which obeys force_ssl_admin() and is_ssl(). 'http' or 'https' can be passed to force those schemes. 
     2065 * @param string $scheme The scheme to use. Default is 'admin', which obeys force_ssl_admin() and is_ssl. 'http' or 'https' can be passed to force those schemes. 
    20662066 * @return string Admin url link with optional path appended 
    20672067*/ 
    20682068function get_admin_url( $blog_id = null, $path = '', $scheme = 'admin' ) { 
     
    21022102 * @return string Content url link with optional path appended. 
    21032103*/ 
    21042104function content_url($path = '') { 
    2105         $url = WP_CONTENT_URL; 
    2106         if ( 0 === strpos($url, 'http') && is_ssl() ) 
    2107                 $url = str_replace( 'http://', 'https://', $url ); 
     2105        $url = scheme( WP_CONTENT_URL ); 
    21082106 
    21092107        if ( !empty($path) && is_string($path) && strpos($path, '..') === false ) 
    21102108                $url .= '/' . ltrim($path, '/'); 
     
    21362134        else 
    21372135                $url = WP_PLUGIN_URL; 
    21382136 
    2139         if ( 0 === strpos($url, 'http') && is_ssl() ) 
    2140                 $url = str_replace( 'http://', 'https://', $url ); 
     2137    $url = scheme($url); 
    21412138 
    21422139        if ( !empty($plugin) && is_string($plugin) ) { 
    21432140                $folder = dirname(plugin_basename($plugin)); 
     
    21552152 * Retrieve the site url for the current network. 
    21562153 * 
    21572154 * Returns the site url with the appropriate protocol,  'https' if 
    2158  * is_ssl() and 'http' otherwise. If $scheme is 'http' or 'https', is_ssl() is 
     2155 * is_ssl and 'http' otherwise. If $scheme is 'http' or 'https', is_ssl is 
    21592156 * overridden. 
    21602157 * 
    21612158 * @package WordPress 
     
    21952192 * Retrieve the home url for the current network. 
    21962193 * 
    21972194 * Returns the home url with the appropriate protocol,  'https' if 
    2198  * is_ssl() and 'http' otherwise. If $scheme is 'http' or 'https', is_ssl() is 
     2195 * is_ssl and 'http' otherwise. If $scheme is 'http' or 'https', is_ssl is 
    21992196 * overridden. 
    22002197 * 
    22012198 * @package WordPress 
     
    22312228 * @since 3.0.0 
    22322229 * 
    22332230 * @param string $path Optional path relative to the admin url 
    2234  * @param string $scheme The scheme to use. Default is 'admin', which obeys force_ssl_admin() and is_ssl(). 'http' or 'https' can be passed to force those schemes. 
     2231 * @param string $scheme The scheme to use. Default is 'admin', which obeys force_ssl_admin() and is_ssl. 'http' or 'https' can be passed to force those schemes. 
    22352232 * @return string Admin url link with optional path appended 
    22362233*/ 
    22372234function network_admin_url( $path = '', $scheme = 'admin' ) { 
     
    22532250 * @since 3.0.0 
    22542251 * 
    22552252 * @param string $path Optional path relative to the admin url 
    2256  * @param string $scheme The scheme to use. Default is 'admin', which obeys force_ssl_admin() and is_ssl(). 'http' or 'https' can be passed to force those schemes. 
     2253 * @param string $scheme The scheme to use. Default is 'admin', which obeys force_ssl_admin() and is_ssl. 'http' or 'https' can be passed to force those schemes. 
    22572254 * @return string Admin url link with optional path appended 
    22582255*/ 
    22592256function user_admin_url( $path = '', $scheme = 'admin' ) { 
     
    22722269 * @since 3.1.0 
    22732270 * 
    22742271 * @param string $path Optional path relative to the admin url 
    2275  * @param string $scheme The scheme to use. Default is 'admin', which obeys force_ssl_admin() and is_ssl(). 'http' or 'https' can be passed to force those schemes. 
     2272 * @param string $scheme The scheme to use. Default is 'admin', which obeys force_ssl_admin() and is_ssl. 'http' or 'https' can be passed to force those schemes. 
    22762273 * @return string Admin url link with optional path appended 
    22772274*/ 
    22782275function self_admin_url($path = '', $scheme = 'admin') { 
     
    22952292 * 
    22962293 * @param int $user_id User ID 
    22972294 * @param string $path Optional path relative to the dashboard.  Use only paths known to both blog and user admins. 
    2298  * @param string $scheme The scheme to use. Default is 'admin', which obeys force_ssl_admin() and is_ssl(). 'http' or 'https' can be passed to force those schemes. 
     2295 * @param string $scheme The scheme to use. Default is 'admin', which obeys force_ssl_admin() and is_ssl. 'http' or 'https' can be passed to force those schemes. 
    22992296 * @return string Dashboard url link with optional path appended 
    23002297 */ 
    23012298function get_dashboard_url( $user_id, $path = '', $scheme = 'admin' ) { 
     
    23282325 * @since 3.1.0 
    23292326 * 
    23302327 * @param int $user User ID 
    2331  * @param string $scheme The scheme to use. Default is 'admin', which obeys force_ssl_admin() and is_ssl(). 'http' or 'https' can be passed to force those schemes. 
     2328 * @param string $scheme The scheme to use. Default is 'admin', which obeys force_ssl_admin() and is_ssl. 'http' or 'https' can be passed to force those schemes. 
    23322329 * @return string Dashboard url link with optional path appended 
    23332330 */ 
    23342331function get_edit_profile_url( $user, $scheme = 'admin' ) { 
  • wp-includes/ms-functions.php

    diff -r 0c4c93d6bc0c wp-includes/ms-functions.php
    a b  
    20352035 
    20362036        $arrURL = parse_url( $url ); 
    20372037 
    2038         if ( force_ssl_content() && is_ssl() ) { 
    2039                 if ( 'http' === $arrURL['scheme'] && 'https' !== $arrURL['scheme'] ) 
    2040                         $url = str_replace( $arrURL['scheme'], 'https', $url ); 
     2038        if ( 'http' === $arrURL['scheme'] && force_ssl_content() && is_ssl()  ) { 
     2039        $url = str_replace( $arrURL['scheme'], 'https', $url ); 
    20412040        } 
    20422041 
    20432042        return $url; 
  • wp-includes/nav-menu-template.php

    diff -r 0c4c93d6bc0c wp-includes/nav-menu-template.php
    a b  
    360360 
    361361                // if the menu item corresponds to the currently-requested URL 
    362362                } elseif ( 'custom' == $menu_item->object ) { 
    363                         $current_url = untrailingslashit( ( is_ssl() ? 'https://' : 'http://' ) . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] ); 
     363                        $current_url = untrailingslashit( scheme( 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] ) ); 
    364364                        $item_url = untrailingslashit( strpos( $menu_item->url, '#' ) ? substr( $menu_item->url, 0, strpos( $menu_item->url, '#' ) ) : $menu_item->url ); 
    365365                        $_indexless_current = untrailingslashit( preg_replace( '/index.php$/', '', $current_url ) ); 
    366366 
  • wp-includes/pluggable.php

    diff -r 0c4c93d6bc0c wp-includes/pluggable.php
    a b  
    799799function auth_redirect() { 
    800800        // Checks if a user is logged in, if not redirects them to the login page 
    801801 
    802         $secure = ( is_ssl() || force_ssl_admin() ); 
    803  
    804         $secure = apply_filters('secure_auth_redirect', $secure); 
    805  
    806         // If https is required and request is http, redirect 
    807         if ( $secure && !is_ssl() && false !== strpos($_SERVER['REQUEST_URI'], 'wp-admin') ) { 
    808                 if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) { 
    809                         wp_redirect(preg_replace('|^http://|', 'https://', $_SERVER['REQUEST_URI'])); 
    810                         exit(); 
    811                 } else { 
    812                         wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']); 
    813                         exit(); 
    814                 } 
    815         } 
     802    $secure = ssl_redirect(); 
    816803 
    817804        if ( is_user_admin() ) 
    818805                $scheme = 'logged_in'; 
     
    824811 
    825812                // If the user wants ssl but the session is not ssl, redirect. 
    826813                if ( !$secure && get_user_option('use_ssl', $user_id) && false !== strpos($_SERVER['REQUEST_URI'], 'wp-admin') ) { 
    827                         if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) { 
    828                                 wp_redirect(preg_replace('|^http://|', 'https://', $_SERVER['REQUEST_URI'])); 
    829                                 exit(); 
    830                         } else { 
    831                                 wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']); 
    832                                 exit(); 
    833                         } 
     814                        do_ssl_redirect(); 
    834815                } 
    835816 
    836817                return;  // The cookie is good so we're done 
     
    839820        // The cookie is no good so force login 
    840821        nocache_headers(); 
    841822 
    842         if ( is_ssl() ) 
    843                 $proto = 'https://'; 
    844         else 
    845                 $proto = 'http://'; 
     823        if ( strpos($_SERVER['REQUEST_URI'], '/options.php') && wp_get_referer() ) { 
     824        $redirect = wp_get_referer(); 
     825    } 
     826    else { 
     827        $redirect = scheme( 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] ); 
     828    } 
    846829 
    847         $redirect = ( strpos($_SERVER['REQUEST_URI'], '/options.php') && wp_get_referer() ) ? wp_get_referer() : $proto . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; 
    848  
    849         $login_url = wp_login_url($redirect, true); 
    850  
    851         wp_redirect($login_url); 
     830        wp_redirect( wp_login_url($redirect, true) ); 
    852831        exit(); 
    853832} 
    854833endif; 
  • wp-includes/theme.php

    diff -r 0c4c93d6bc0c wp-includes/theme.php
    a b  
    14371437        if ( is_random_header_image() ) 
    14381438                $url = get_random_header_image(); 
    14391439 
    1440         if ( is_ssl() ) 
    1441                 $url = str_replace( 'http://', 'https://', $url ); 
    1442         else 
    1443                 $url = str_replace( 'https://', 'http://', $url ); 
    1444  
    1445         return esc_url_raw( $url ); 
     1440        return esc_url_raw( scheme( $url ) ); 
    14461441} 
    14471442 
    14481443/** 
  • wp-login.php

    diff -r 0c4c93d6bc0c wp-login.php
    a b  
    1212require( dirname(__FILE__) . '/wp-load.php' ); 
    1313 
    1414// Redirect to https login if forced to use SSL 
    15 if ( force_ssl_admin() && !is_ssl() ) { 
    16         if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) { 
    17                 wp_redirect(preg_replace('|^http://|', 'https://', $_SERVER['REQUEST_URI'])); 
    18                 exit(); 
    19         } else { 
    20                 wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']); 
    21                 exit(); 
    22         } 
    23 } 
     15ssl_redirect(); 
    2416 
    2517/** 
    2618 * Outputs the header for the login page. 
     
    356348        if ( isset( $_SERVER['PATH_INFO'] ) && ($_SERVER['PATH_INFO'] != $_SERVER['PHP_SELF']) ) 
    357349                $_SERVER['PHP_SELF'] = str_replace( $_SERVER['PATH_INFO'], '', $_SERVER['PHP_SELF'] ); 
    358350 
    359         $schema = is_ssl() ? 'https://' : 'http://'; 
    360         if ( dirname($schema . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']) != get_option('siteurl') ) 
    361                 update_option('siteurl', dirname($schema . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']) ); 
     351        $path = dirname( scheme( 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] ) ); 
     352        if ( $path != get_option('siteurl') ) 
     353                update_option('siteurl', $path); 
    362354} 
    363355 
    364356//Set a cookie now to see if they are supported by the browser. 
  • wp-signup.php

    diff -r 0c4c93d6bc0c wp-signup.php
    a b  
    399399if ( $active_signup == 'none' ) { 
    400400        _e( 'Registration has been disabled.' ); 
    401401} elseif ( $active_signup == 'blog' && !is_user_logged_in() ) { 
    402         if ( is_ssl() ) 
    403                 $proto = 'https://'; 
    404         else 
    405                 $proto = 'http://'; 
    406         $login_url = site_url( 'wp-login.php?redirect_to=' . urlencode($proto . $_SERVER['HTTP_HOST'] . '/wp-signup.php' )); 
     402        $login_url = site_url( 'wp-login.php?redirect_to=' . urlencode( scheme( 'http://' . $_SERVER['HTTP_HOST'] . '/wp-signup.php' ))); 
    407403        echo sprintf( __( 'You must first <a href="%s">log in</a>, and then you can create a new site.' ), $login_url ); 
    408404} else { 
    409405        $stage = isset( $_POST['stage'] ) ?  $_POST['stage'] : 'default';