diff --git src/wp-includes/post.php src/wp-includes/post.php index f97318e..8d36baf 100644 --- src/wp-includes/post.php +++ src/wp-includes/post.php @@ -4944,6 +4944,13 @@ function wp_get_attachment_url( $post_id = 0 ) { $url = get_the_guid( $post->ID ); } + // URLs should use HTTPS scheme if using SSL to avoid insecure content errors. + if ( is_ssl() || ( is_admin() && force_ssl_admin() ) ) { + $url = set_url_scheme( $url, 'https'); + } + + return $url; + /** * Filter the attachment URL. * diff --git tests/phpunit/tests/post/attachments.php tests/phpunit/tests/post/attachments.php index d079654..6eef38a 100644 --- tests/phpunit/tests/post/attachments.php +++ tests/phpunit/tests/post/attachments.php @@ -278,4 +278,78 @@ class Tests_Post_Attachments extends WP_UnitTestCase { $this->assertEquals( $attachment->post_parent, $post_id ); } + /** + * @ticket 15928 + */ + public function test_wp_get_attachment_url_on_dashboard_with_force_ssl_admin() { + $filename = ( DIR_TESTDATA . '/images/test-image.jpg' ); + $contents = file_get_contents( $filename ); + + $upload = wp_upload_bits( basename( $filename ), null, $contents ); + $this->assertTrue( empty( $upload['error'] ) ); + + // Set attachment ID + $attachment_id = $this->_make_attachment( $upload ); + + // Remember initial settings + $force_ssl_admin = force_ssl_admin(); + + // Force SSL in the admin + force_ssl_admin( true ); + + // Should return scheme HTTPS in admin when SSL forced + set_current_screen( 'dashboard' ); + $url = wp_get_attachment_url( $attachment_id ); + $this->assertSame( $url, set_url_scheme( $url, 'https' ) ); + + force_ssl_admin( $force_ssl_admin ); + } + + /** + * @ticket 15928 + */ + public function test_wp_get_attachment_url_on_front_end_with_https_off() { + $filename = ( DIR_TESTDATA . '/images/test-image.jpg' ); + $contents = file_get_contents( $filename ); + + $upload = wp_upload_bits( basename( $filename ), null, $contents ); + $this->assertTrue( empty( $upload['error'] ) ); + + // Set attachment ID + $attachment_id = $this->_make_attachment( $upload ); + + $is_ssl = is_ssl(); + $_SERVER['HTTPS'] = 'off'; + + // Test non-admin pages + set_current_screen( 'front' ); + $url = wp_get_attachment_url( $attachment_id ); + $this->assertSame( $url, set_url_scheme( $url, 'http' ) ); + + $_SERVER['HTTPS'] = $is_ssl ? 'on' : 'off'; + } + + /** + * @ticket 15928 + */ + public function test_wp_get_attachment_url_on_front_end_with_https_on() { + $filename = ( DIR_TESTDATA . '/images/test-image.jpg' ); + $contents = file_get_contents( $filename ); + + $upload = wp_upload_bits( basename( $filename ), null, $contents ); + $this->assertTrue( empty( $upload['error'] ) ); + + // Set attachment ID + $attachment_id = $this->_make_attachment( $upload ); + + $is_ssl = is_ssl(); + $_SERVER['HTTPS'] = 'on'; + + // Test non-admin pages + set_current_screen( 'front' ); + $url = wp_get_attachment_url( $attachment_id ); + $this->assertSame( $url, set_url_scheme( $url, 'https' ) ); + + $_SERVER['HTTPS'] = $is_ssl ? 'on' : 'off'; + } }