WordPress.org

Make WordPress Core

Changeset 8730


Ignore:
Timestamp:
08/25/08 20:40:34 (7 years ago)
Author:
ryan
Message:

Do secure redirect only for admin destinations. see #7561

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/pluggable.php

    r8728 r8730  
    694694 
    695695    // If https is required and request is http, redirect 
    696     if ( $secure && !is_ssl() ) { 
     696    if ( $secure && !is_ssl() && false !== strpos($_SERVER['REQUEST_URI'], 'wp-admin') ) { 
    697697        if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) { 
    698698            wp_redirect(preg_replace('|^http://|', 'https://', $_SERVER['REQUEST_URI'])); 
     
    706706    if ( $user_id = wp_validate_auth_cookie() ) { 
    707707        // If the user wants ssl but the session is not ssl, redirect. 
    708         if ( !$secure && get_user_option('use_ssl', $user_id) ) { 
     708        if ( !$secure && get_user_option('use_ssl', $user_id) && false !== strpos($_SERVER['REQUEST_URI'], 'wp-admin') ) { 
    709709            if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) { 
    710710                wp_redirect(preg_replace('|^http://|', 'https://', $_SERVER['REQUEST_URI'])); 
  • trunk/wp-login.php

    r8701 r8730  
    424424        $redirect_to = $_REQUEST['redirect_to']; 
    425425        // Redirect to https if user wants ssl 
    426         if ( $secure_cookie ) 
     426        if ( $secure_cookie && false !== strpos($redirect_to, 'wp-admin') ) 
    427427            $redirect_to = preg_replace('|^http://|', 'https://', $redirect_to); 
    428428    } else { 
Note: See TracChangeset for help on using the changeset viewer.