HTTPS check does not work on 1&1 servers in canonical.php.

[d4manek]

In canonical.php, the function redirect_canonical() includes the following line to detect and build an HTTPS url:

$requested_url = ( !empty($_SERVERHTTPS? ) && strtolower($_SERVERHTTPS?) == 'on' ) ? '​https://' : '​http://';

On 1and1.com, this logic does not work because $_SERVERHTTPS? is set to '1' instead of 'on'. It would be better to use the built-in WordPress function is_ssl() in this function, which appears to correctly handle all hosting sites. The fix would look like this:

$requested_url = is_ssl() ? '​https://' : '​http://';

[dancole]

I put d4manek's solution into patch form. Just for reference: ​is_ssl(). Looks like the developers tried to standardize this in 2.7.1, e.g. #8641, but this location was missed.

[miqrogroove]

Looks like a good patch to me. Let's get it in line for test & commit.

[nacin]

I noticed another one of these in wp-app.php the other day. It looks like we also use it in wp_guess_url() and wp-login.php.

Should probably patch them all to use is_ssl().

[nacin]

Anyone willing? Should be a quick patch

[nacin]

(In [13427]) Use is_ssl() in place of manual SERVERHTTPS? == 'on' checks. fixes #11885