WordPress.org

Make WordPress Core

Changeset 8730


Ignore:
Timestamp:
08/25/2008 08:40:34 PM (10 years ago)
Author:
ryan
Message:

Do secure redirect only for admin destinations. see #7561

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/pluggable.php

    r8728 r8730  
    694694
    695695    // If https is required and request is http, redirect
    696     if ( $secure && !is_ssl() ) {
     696    if ( $secure && !is_ssl() && false !== strpos($_SERVER['REQUEST_URI'], 'wp-admin') ) {
    697697        if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) {
    698698            wp_redirect(preg_replace('|^http://|', 'https://', $_SERVER['REQUEST_URI']));
     
    706706    if ( $user_id = wp_validate_auth_cookie() ) {
    707707        // If the user wants ssl but the session is not ssl, redirect.
    708         if ( !$secure && get_user_option('use_ssl', $user_id) ) {
     708        if ( !$secure && get_user_option('use_ssl', $user_id) && false !== strpos($_SERVER['REQUEST_URI'], 'wp-admin') ) {
    709709            if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) {
    710710                wp_redirect(preg_replace('|^http://|', 'https://', $_SERVER['REQUEST_URI']));
  • trunk/wp-login.php

    r8701 r8730  
    424424        $redirect_to = $_REQUEST['redirect_to'];
    425425        // Redirect to https if user wants ssl
    426         if ( $secure_cookie )
     426        if ( $secure_cookie && false !== strpos($redirect_to, 'wp-admin') )
    427427            $redirect_to = preg_replace('|^http://|', 'https://', $redirect_to);
    428428    } else {
Note: See TracChangeset for help on using the changeset viewer.