WordPress.org

Make WordPress Core

Ticket #7001: admin_ssl.3.diff

File admin_ssl.3.diff, 22.8 KB (added by ryan, 10 years ago)

More use of admin_url() and site_url()

  • wp-login.php

     
    137137        $message .= get_option('siteurl') . "\r\n\r\n";
    138138        $message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n";
    139139        $message .= __('To reset your password visit the following address, otherwise just ignore this email and nothing will happen.') . "\r\n\r\n";
    140         $message .= get_option('siteurl') . "/wp-login.php?action=rp&key=$key\r\n";
     140        $message .= site_url("wp-login.php?action=rp&key=$key") . "\r\n";
    141141
    142142        if ( !wp_mail($user_email, sprintf(__('[%s] Password Reset'), get_option('blogname')), $message) )
    143143                die('<p>' . __('The e-mail could not be sent.') . "<br />\n" . __('Possible reason: your host may have disabled the mail() function...') . '</p>');
     
    174174        wp_set_password($new_pass, $user->ID);
    175175        $message  = sprintf(__('Username: %s'), $user->user_login) . "\r\n";
    176176        $message .= sprintf(__('Password: %s'), $new_pass) . "\r\n";
    177         $message .= get_option('siteurl') . "/wp-login.php\r\n";
     177        $message .= site_url('wp-login.php') . "\r\n";
    178178
    179179        if (  !wp_mail($user->user_email, sprintf(__('[%s] Your new password'), get_option('blogname')), $message) )
    180180                die('<p>' . __('The e-mail could not be sent.') . "<br />\n" . __('Possible reason: your host may have disabled the mail() function...') . '</p>');
     
    405405        if ( !is_wp_error($user) ) {
    406406                // If the user can't edit posts, send them to their profile.
    407407                if ( !$user->has_cap('edit_posts') && ( empty( $redirect_to ) || $redirect_to == 'wp-admin/' ) )
    408                         $redirect_to = get_option('siteurl') . '/wp-admin/profile.php';
     408                        $redirect_to = admin_url('profile.php');
    409409                wp_safe_redirect($redirect_to);
    410410                exit();
    411411        }
  • wp-includes/functions.php

     
    17651765        return 0;
    17661766}
    17671767
     1768function is_ssl() {
     1769        return ( 'on' == strtolower($_SERVER['HTTPS']) ) ? true : false;
     1770}
    17681771?>
  • wp-includes/media.php

     
    306306                return $image;
    307307
    308308        if ( $icon && $src = wp_mime_type_icon($attachment_id) ) {
    309                 $icon_dir = apply_filters( 'icon_dir', ABSPATH . WPINC . '/images/crystal' );
     309                $icon_dir = apply_filters( 'icon_dir', includes_url('images/crystal') );
    310310                $src_file = $icon_dir . '/' . basename($src);
    311311                @list($width, $height) = getimagesize($src_file);
    312312        }
  • wp-includes/link-template.php

     
    774774
    775775        return apply_filters('shortcut_link', $link);
    776776}
     777
     778// return the site_url option, using https if is_ssl() is true
     779// if $scheme is 'http' or 'https' it will override is_ssl()
     780function site_url($path = '', $scheme = null) {
     781        // should the list of allowed schemes be maintained elsewhere?
     782        if ( !in_array($scheme, array('http', 'https')) )
     783                $scheme = ( is_ssl() ? 'https' : 'http' );
     784
     785        $url = str_replace( 'http://', "{$scheme}://", get_option('siteurl') );
     786
     787        if ( !empty($path) && is_string($path) && strpos($path, '..') === false )
     788                $url .= '/' . ltrim($path, '/');
     789
     790        return $url;
     791}
     792
     793function admin_url($path = '') {
     794        global $_wp_admin_url;
     795
     796        $url = site_url() . '/wp-admin/';
     797
     798        if ( !empty($path) && is_string($path) && strpos($path, '..') === false )
     799                $url .= ltrim($path, '/');
     800
     801        return $url;
     802}
     803
     804function includes_url($path = '') {
     805        global $_wp_includes_url;
     806
     807        $url = site_url() . '/' . WPINC . '/';
     808
     809        if ( !empty($path) && is_string($path) && strpos($path, '..') === false )
     810                $url .= ltrim($path, '/');
     811
     812        return $url;
     813}
     814
    777815?>
  • wp-includes/general-template.php

     
    11391139        if ( defined('WP_INSTALLING') ) {
    11401140                $_file = "./$file.css";
    11411141        } else {
    1142                 $_file = get_option( 'siteurl' ) . "/wp-admin/$file.css";
     1142                $_file = admin_url("$file.css");
    11431143        }
    11441144        $_file = add_query_arg( 'version', get_bloginfo( 'version' ),  $_file );
    11451145
  • wp-includes/pluggable.php

     
    469469 */
    470470function wp_validate_auth_cookie($cookie = '') {
    471471        if ( empty($cookie) ) {
    472                 if ( empty($_COOKIE[AUTH_COOKIE]) )
     472                if ( is_ssl() )
     473                        $cookie_name = SECURE_AUTH_COOKIE;
     474                else
     475                        $cookie_name = AUTH_COOKIE;
     476
     477                if ( empty($_COOKIE[$cookie_name]) )
    473478                        return false;
    474                 $cookie = $_COOKIE[AUTH_COOKIE];
     479                $cookie = $_COOKIE[$cookie_name];
    475480        }
    476481
    477482        $cookie_elements = explode('|', $cookie);
     
    514519 *
    515520 * @param int $user_id User ID
    516521 * @param int $expiration Cookie expiration in seconds
     522 * @param bool $secure Whether the cookie is for https delivery only or not.  Not used by default.  For plugin use.
    517523 * @return string Authentication cookie contents
    518524 */
    519 function wp_generate_auth_cookie($user_id, $expiration) {
     525function wp_generate_auth_cookie($user_id, $expiration, $secure = false) {
    520526        $user = get_userdata($user_id);
    521527
    522528        $key = wp_hash($user->user_login . '|' . $expiration);
     
    524530
    525531        $cookie = $user->user_login . '|' . $expiration . '|' . $hash;
    526532
    527         return apply_filters('auth_cookie', $cookie, $user_id, $expiration);
     533        return apply_filters('auth_cookie', $cookie, $user_id, $expiration, $secure);
    528534}
    529535endif;
    530536
     
    550556                $expire = 0;
    551557        }
    552558
    553         $cookie = wp_generate_auth_cookie($user_id, $expiration);
     559        if ( is_ssl() ) {
     560                $secure = true;
     561                $cookie_name = SECURE_AUTH_COOKIE;
     562        } else {
     563                $secure = false;
     564                $cookie_name = AUTH_COOKIE;
     565        }
    554566
    555         do_action('set_auth_cookie', $cookie, $expire);
     567        $cookie = wp_generate_auth_cookie($user_id, $expiration, $secure);
    556568
    557         setcookie(AUTH_COOKIE, $cookie, $expire, COOKIEPATH, COOKIE_DOMAIN);
     569        do_action('set_auth_cookie', $cookie, $expire, $secure);
     570
     571        setcookie($cookie_name, $cookie, $expire, COOKIEPATH, COOKIE_DOMAIN, $secure);
    558572        if ( COOKIEPATH != SITECOOKIEPATH )
    559                 setcookie(AUTH_COOKIE, $cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN);
     573                setcookie($cookie_name, $cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN, $secure);
    560574}
    561575endif;
    562576
     
    569583function wp_clear_auth_cookie() {
    570584        setcookie(AUTH_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN);
    571585        setcookie(AUTH_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN);
     586        setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN);
     587        setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN);
    572588
    573589        // Old cookies
    574590        setcookie(USER_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN);
     
    604620 */
    605621function auth_redirect() {
    606622        // Checks if a user is logged in, if not redirects them to the login page
    607         if ( (!empty($_COOKIE[AUTH_COOKIE]) &&
    608                                 !wp_validate_auth_cookie($_COOKIE[AUTH_COOKIE])) ||
    609                         (empty($_COOKIE[AUTH_COOKIE])) ) {
    610                 nocache_headers();
    611623
    612                 wp_redirect(get_option('siteurl') . '/wp-login.php?redirect_to=' . urlencode($_SERVER['REQUEST_URI']));
    613                 exit();
     624        if ( is_ssl() || (defined('FORCE_SSL_LOGIN') && FORCE_SSL_LOGIN) )
     625                $secure = true;
     626        else
     627                $secure = false;
     628
     629        // If https is required and request is http, redirect
     630        if ( $secure && !is_ssl() ) {
     631                if ( false !== strpos($_SERVER['REQUEST_URI'], 'http') ) {
     632                        wp_redirect(str_replace('http://', 'https://', $_SERVER['REQUEST_URI']));
     633                        exit();
     634                } else {
     635                        wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
     636                        exit();                 
     637                }
    614638        }
     639
     640        if ( wp_validate_auth_cookie() )
     641                return;  // The cookie is good so we're done
     642
     643        // The cookie is no good so force login
     644        nocache_headers();
     645
     646        $login_url = get_option('siteurl') . '/wp-login.php?redirect_to=' . urlencode($_SERVER['REQUEST_URI']);
     647
     648        //  Redirect to https if connection is secure
     649        if ( $secure )
     650                $login_url = str_replace('http://', 'https://', $login_url);
     651        wp_redirect($login_url);
     652        exit();
    615653}
    616654endif;
    617655
  • wp-includes/script-loader.php

     
    77require( ABSPATH . WPINC . '/functions.wp-styles.php' );
    88
    99function wp_default_scripts( &$scripts ) {
    10         $scripts->base_url = get_option( 'siteurl' );
     10        $scripts->base_url = site_url();
    1111        $scripts->default_version = get_bloginfo( 'version' );
    1212
    1313        $scripts->add( 'common', '/wp-admin/js/common.js', array('jquery'), '20080318' );
     
    5050
    5151        $scripts->add( 'wp-lists', '/wp-includes/js/wp-lists.js', array('wp-ajax-response'), '20080411' );
    5252        $scripts->localize( 'wp-lists', 'wpListL10n', array(
    53                 'url' => get_option( 'siteurl' ) . '/wp-admin/admin-ajax.php'
     53                'url' => admin_url('admin-ajax.php')
    5454        ) );
    5555
    5656        $scripts->add( 'scriptaculous-root', '/wp-includes/js/scriptaculous/scriptaculous.js', array('prototype'), '1.8.0');
     
    129129                $scripts->add( 'upload', '/wp-admin/js/upload.js', array('jquery'), '20070518' );
    130130                $scripts->add( 'postbox', '/wp-admin/js/postbox.js', array('jquery'), '20080128' );
    131131                $scripts->localize( 'postbox', 'postboxL10n', array(
    132                         'requestFile' => get_option( 'siteurl' ) . '/wp-admin/admin-ajax.php',
     132                        'requestFile' => admin_url('admin-ajax.php'),
    133133                ) );
    134134                $scripts->add( 'slug', '/wp-admin/js/slug.js', array('jquery'), '20080208' );
    135135                $scripts->localize( 'slug', 'slugL10n', array(
    136                         'requestFile' => get_option( 'siteurl' ) . '/wp-admin/admin-ajax.php',
     136                        'requestFile' => admin_url('admin-ajax.php'),
    137137                        'save' => __('Save'),
    138138                        'cancel' => __('Cancel'),
    139139                ) );
     
    204204}
    205205
    206206function wp_default_styles( &$styles ) {
    207         $styles->base_url = get_option( 'siteurl' );
     207        $styles->base_url = site_url();
    208208        $styles->default_version = get_bloginfo( 'version' );
    209209        $styles->text_direction = 'rtl' == get_bloginfo( 'text_direction' ) ? 'rtl' : 'ltr';
    210210
     
    258258                'autosaveInterval' => AUTOSAVE_INTERVAL,
    259259                'previewPageText' => __('Preview this Page'),
    260260                'previewPostText' => __('Preview this Post'),
    261                 'requestFile' => get_option( 'siteurl' ) . '/wp-admin/admin-ajax.php',
     261                'requestFile' => admin_url('admin-ajax.php'),
    262262                'savingText' => __('Saving Draft&#8230;')
    263263        ) );
    264264}
  • wp-settings.php

     
    311311
    312312/**
    313313 * It is possible to define this in wp-config.php
     314 * @since 2.6
     315 */
     316if ( !defined('SECURE_AUTH_COOKIE') )
     317        define('SECURE_AUTH_COOKIE', 'wordpress_sec_' . COOKIEHASH);
     318
     319/**
     320 * It is possible to define this in wp-config.php
    314321 * @since 2.3.0
    315322 */
    316323if ( !defined('TEST_COOKIE') )
  • wp-admin/users.php

     
    396396
    397397<?php
    398398        if ( get_option('users_can_register') )
    399                 echo '<p>' . sprintf(__('Users can <a href="%1$s">register themselves</a> or you can manually create users here.'), get_option('siteurl').'/wp-register.php') . '</p>';
     399                echo '<p>' . sprintf(__('Users can <a href="%1$s">register themselves</a> or you can manually create users here.'), site_url('wp-register.php')) . '</p>';
    400400        else
    401                 echo '<p>' . sprintf(__('Users cannot currently <a href="%1$s">register themselves</a>, but you can manually create users here.'), get_option('siteurl').'/wp-admin/options-general.php#users_can_register') . '</p>';
     401                echo '<p>' . sprintf(__('Users cannot currently <a href="%1$s">register themselves</a>, but you can manually create users here.'), admin_url('options-general.php#users_can_register')) . '</p>';
    402402?>
    403403<form action="#add-new-user" method="post" name="adduser" id="adduser" class="add:users: validate">
    404404<?php wp_nonce_field('add-user') ?>
  • wp-admin/includes/dashboard.php

     
    225225        }
    226226
    227227        if ( $widget_feed_link )
    228                 $links[] = '<img class="rss-icon" src="' . get_option( 'siteurl' ) . '/' . WPINC . '/images/rss.png" alt="' . __( 'rss icon' ) . '" /> <a href="' . clean_url( $widget_feed_link ) . '">' . __( 'RSS' ) . '</a>';
     228                $links[] = '<img class="rss-icon" src="' . includes_url('images/rss.png') . '" alt="' . __( 'rss icon' ) . '" /> <a href="' . clean_url( $widget_feed_link ) . '">' . __( 'RSS' ) . '</a>';
    229229
    230230        $links = apply_filters( "wp_dashboard_widget_links_$widget_id", $links );
    231231
  • wp-admin/post.php

     
    159159        }
    160160
    161161        $sendback = wp_get_referer();
    162         if (strpos($sendback, 'post.php') !== false) $sendback = get_option('siteurl') .'/wp-admin/post-new.php';
    163         elseif (strpos($sendback, 'attachments.php') !== false) $sendback = get_option('siteurl') .'/wp-admin/attachments.php';
     162        if (strpos($sendback, 'post.php') !== false) $sendback = admin_url('post-new.php');
     163        elseif (strpos($sendback, 'attachments.php') !== false) $sendback = admin_url('attachments.php');
    164164        $sendback = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $sendback);
    165165        wp_redirect($sendback);
    166166        exit();
  • wp-admin/admin.php

     
    2626
    2727wp_reset_vars(array('profile', 'redirect', 'redirect_url', 'a', 'popuptitle', 'popupurl', 'text', 'trackback', 'pingback'));
    2828
    29 wp_admin_css_color('classic', __('Classic'), get_option( 'siteurl' ) . "/wp-admin/css/colors-classic.css", array('#07273E', '#14568A', '#D54E21', '#2683AE'));
    30 wp_admin_css_color('fresh', __('Fresh'), get_option( 'siteurl' ) . "/wp-admin/css/colors-fresh.css", array('#464646', '#CEE1EF', '#D54E21', '#2683AE'));
     29wp_admin_css_color('classic', __('Classic'), admin_url("css/colors-classic.css"), array('#07273E', '#14568A', '#D54E21', '#2683AE'));
     30wp_admin_css_color('fresh', __('Fresh'), admin_url("css/colors-fresh.css"), array('#464646', '#CEE1EF', '#D54E21', '#2683AE'));
    3131
    3232wp_enqueue_script( 'common' );
    3333wp_enqueue_script( 'jquery-color' );
  • wp-admin/custom-header.php

     
    189189<div id="desc"><?php bloginfo('description');?></div>
    190190</div>
    191191<?php if ( !defined( 'NO_HEADER_TEXT' ) ) { ?>
    192 <form method="post" action="<?php echo get_option('siteurl') ?>/wp-admin/themes.php?page=custom-header&amp;updated=true">
     192<form method="post" action="<?php echo admin_url('themes.php?page=custom-header&amp;updated=true') ?>">
    193193<input type="button" value="<?php _e('Hide Text'); ?>" onclick="hide_text()" id="hidetext" />
    194194<input type="button" value="<?php _e('Select a Text Color'); ?>" onclick="colorSelect($('textcolor'), 'pickcolor')" id="pickcolor" /><input type="button" value="<?php _e('Use Original Color'); ?>" onclick="colorDefault()" id="defaultcolor" />
    195195<?php wp_nonce_field('custom-header') ?>
  • wp-admin/comment.php

     
    7878
    7979<table width="100%">
    8080<tr>
    81 <td><input type='button' class="button" value='<?php _e('No'); ?>' onclick="self.location='<?php echo get_option('siteurl'); ?>/wp-admin/edit-comments.php';" /></td>
     81<td><input type='button' class="button" value='<?php _e('No'); ?>' onclick="self.location='<?php echo admin_url('edit-comments.php'); ?>" /></td>
    8282<td class="textright"><input type='submit' class="button" value='<?php echo $button; ?>' /></td>
    8383</tr>
    8484</table>
     
    146146        else if ( '' != wp_get_original_referer() && false == $noredir )
    147147                wp_redirect( wp_get_original_referer() );
    148148        else
    149                 wp_redirect( get_option('siteurl') . '/wp-admin/edit-comments.php' );
     149                wp_redirect( admin_url('edit-comments.php') );
    150150
    151151        die;
    152152        break;
     
    171171        if ( '' != wp_get_referer() && false == $noredir )
    172172                wp_redirect( wp_get_referer() );
    173173        else
    174                 wp_redirect( get_option('siteurl') . '/wp-admin/edit.php?p=' . absint( $comment->comment_post_ID ) . '#comments' );
     174                wp_redirect( admin_url('edit.php?p=' . absint( $comment->comment_post_ID ) . '#comments') );
    175175
    176176        exit();
    177177        break;
     
    200200        if ( '' != wp_get_referer() && false == $noredir )
    201201                wp_redirect( wp_get_referer() );
    202202        else
    203                 wp_redirect( get_option('siteurl') . '/wp-admin/edit.php?p=' . absint( $comment->comment_post_ID ) . '#comments' );
     203                wp_redirect( admin_url('edit.php?p=' . absint( $comment->comment_post_ID ) . '#comments') );
    204204
    205205        exit();
    206206        break;
  • wp-admin/admin-header.php

     
    8585        <a href="http://gears.google.com/" target="_blank" style="font-weight:normal;"><?php _e('More information...'); ?></a></p>
    8686        <p><?php _e('After installing and enabling it, most of the WordPress images, scripts and CSS files will be stored on this computer. This will speed up page loading.'); ?></p>
    8787        <p><strong><?php _e('Please make sure you are not using a public or shared computer.'); ?></strong></p>
    88         <div class="submit"><button onclick="window.location = 'http://gears.google.com/?action=install&return=<?php echo get_option('siteurl') . '/wp-admin/'; ?>';" class="button"><?php _e('Install Now'); ?></button>
     88        <div class="submit"><button onclick="window.location = 'http://gears.google.com/?action=install&return=<?php echo admin_url() ?>';" class="button"><?php _e('Install Now'); ?></button>
    8989        <button class="button" style="margin-left:10px;" onclick="document.getElementById('gears-info-box').style.display='none';">Cancel</button></div>
    9090        </div>
    9191
     
    109109
    110110<?php } ?>
    111111
    112 <div id="user_info"><p><?php printf(__('Howdy, <a href="%1$s">%2$s</a>!'), 'profile.php', $user_identity) ?> | <a href="<?php echo get_option('siteurl'); ?>/wp-login.php?action=logout" title="<?php _e('Log Out') ?>"><?php _e('Log Out'); ?></a> | <?php _e('<a href="http://codex.wordpress.org/">Help</a>') ?> | <?php _e('<a href="http://wordpress.org/support/">Forums</a>') ?> | <?php if ( $gears_compat ) { ?><span id="gears-menu"><a href="#" onclick="wpGears.message(1);return false;"><?php _e('Speed up!') ?></a></span><?php } ?></p></div>
     112<div id="user_info"><p><?php printf(__('Howdy, <a href="%1$s">%2$s</a>!'), 'profile.php', $user_identity) ?> | <a href="<?php echo site_url('wp-login.php?action=logout') ?>" title="<?php _e('Log Out') ?>"><?php _e('Log Out'); ?></a> | <?php _e('<a href="http://codex.wordpress.org/">Help</a>') ?> | <?php _e('<a href="http://wordpress.org/support/">Forums</a>') ?> | <?php if ( $gears_compat ) { ?><span id="gears-menu"><a href="#" onclick="wpGears.message(1);return false;"><?php _e('Speed up!') ?></a></span><?php } ?></p></div>
    113113
    114114<?php
    115115require(ABSPATH . 'wp-admin/menu-header.php');
  • wp-admin/edit.php

     
    2020        }
    2121
    2222        $sendback = wp_get_referer();
    23         if (strpos($sendback, 'post.php') !== false) $sendback = get_option('siteurl') .'/wp-admin/post-new.php';
    24         elseif (strpos($sendback, 'attachments.php') !== false) $sendback = get_option('siteurl') .'/wp-admin/attachments.php';
     23        if (strpos($sendback, 'post.php') !== false) $sendback = admin_url('post-new.php');
     24        elseif (strpos($sendback, 'attachments.php') !== false) $sendback = admin_url('attachments.php');
    2525        $sendback = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $sendback);
    2626
    2727        wp_redirect($sendback);
  • wp-admin/page.php

     
    148148        }
    149149
    150150        $sendback = wp_get_referer();
    151         if (strpos($sendback, 'page.php') !== false) $sendback = get_option('siteurl') .'/wp-admin/page.php';
    152         elseif (strpos($sendback, 'attachments.php') !== false) $sendback = get_option('siteurl') .'/wp-admin/attachments.php';
     151        if (strpos($sendback, 'page.php') !== false) $sendback = admin_url('page.php');
     152        elseif (strpos($sendback, 'attachments.php') !== false) $sendback = admin_url('attachments.php');
    153153        $sendback = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $sendback);
    154154        wp_redirect($sendback);
    155155        exit();
  • wp-admin/edit-pages.php

     
    2020        }
    2121
    2222        $sendback = wp_get_referer();
    23         if (strpos($sendback, 'page.php') !== false) $sendback = get_option('siteurl') .'/wp-admin/page-new.php';
    24         elseif (strpos($sendback, 'attachments.php') !== false) $sendback = get_option('siteurl') .'/wp-admin/attachments.php';
     23        if (strpos($sendback, 'page.php') !== false) $sendback = admin_url('page-new.php');
     24        elseif (strpos($sendback, 'attachments.php') !== false) $sendback = admin_url('attachments.php');
    2525        $sendback = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $sendback);
    2626
    2727        wp_redirect($sendback);
  • wp-admin/themes.php

     
    5757<h2><?php _e('Current Theme'); ?></h2>
    5858<div id="current-theme">
    5959<?php if ( $ct->screenshot ) : ?>
    60 <img src="<?php echo get_option('siteurl') . '/' . $ct->stylesheet_dir . '/' . $ct->screenshot; ?>" alt="<?php _e('Current theme preview'); ?>" />
     60<img src="<?php echo site_url($ct->stylesheet_dir . '/' . $ct->screenshot); ?>" alt="<?php _e('Current theme preview'); ?>" />
    6161<?php endif; ?>
    6262<h3><?php printf(_c('%1$s %2$s by %3$s|1: theme title, 2: theme version, 3: theme author'), $ct->title, $ct->version, $ct->author) ; ?></h3>
    6363<p class="description"><?php echo $ct->description; ?></p>
     
    126126?>
    127127                <a href="<?php echo $activate_link; ?>" class="<?php echo $thickbox_class; ?> screenshot">
    128128<?php if ( $screenshot ) : ?>
    129                         <img src="<?php echo ( $tpage == 'stage' ) ? $screenshot : get_option('siteurl') . '/' . $stylesheet_dir . '/' . $screenshot; ?>" alt="" />
     129                        <img src="<?php echo ( $tpage == 'stage' ) ? $screenshot : site_url($stylesheet_dir . '/' . $screenshot); ?>" alt="" />
    130130<?php endif; ?>
    131131                </a>
    132132                <h3><a class="<?php echo $thickbox_class; ?>" href="<?php echo $activate_link; ?>"><?php echo $title; ?></a></h3>