Make WordPress Core


Ignore:
Timestamp:
05/06/2015 04:20:54 PM (10 years ago)
Author:
boonebgorges
Message:

Attachment URLs should only be forced to SSL on the front end.

Detecting SSL status on the Dashboard introduces problems when writing content
that is saved to the database and then displayed on the front end, where SSL
may be optional (or impossible, due to self-signed certificates). The new
approach parallels the logic in get_home_url() for forcing HTTPS.

See [31614] #15928 for background.

Fixes #32112 for 4.2 branch.

Location:
branches/4.2
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/4.2

  • branches/4.2/src/wp-includes/post.php

    r32116 r32384  
    49934993    }
    49944994
    4995     /*
    4996      * If currently on SSL, prefer HTTPS URLs when we know they're supported by the domain
    4997      * (which is to say, when they share the domain name of the current SSL page).
    4998      */
    4999     if ( is_ssl() && 'https' !== substr( $url, 0, 5 ) && parse_url( $url, PHP_URL_HOST ) === $_SERVER['HTTP_HOST'] ) {
    5000         $url = set_url_scheme( $url, 'https' );
     4995    // On SSL front-end, URLs should be HTTPS.
     4996    if ( is_ssl() && ! is_admin() && 'wp-login.php' !== $GLOBALS['pagenow'] ) {
     4997        $url = set_url_scheme( $url );
    50014998    }
    50024999
Note: See TracChangeset for help on using the changeset viewer.