Make WordPress Core

Opened 14 years ago

Closed 14 years ago

#11885 closed defect (bug) (fixed)

HTTPS check does not work on 1&1 servers in canonical.php.

Reported by: d4manek's profile d4manek Owned by: nacin's profile nacin
Milestone: 3.0 Priority: normal
Severity: normal Version: 2.9.1
Component: Canonical Keywords: needs-patch
Focuses: Cc:


In canonical.php, the function redirect_canonical() includes the following line to detect and build an HTTPS url:

$requested_url = ( !empty($_SERVERHTTPS? ) && strtolower($_SERVERHTTPS?) == 'on' ) ? 'https://' : 'http://';

On, this logic does not work because $_SERVERHTTPS? is set to '1' instead of 'on'. It would be better to use the built-in WordPress function is_ssl() in this function, which appears to correctly handle all hosting sites. The fix would look like this:

$requested_url = is_ssl() ? 'https://' : 'http://';

Attachments (1)

11885.diff (548 bytes) - added by dancole 14 years ago.

Download all attachments as: .zip

Change History (8)

14 years ago

#1 @dancole
14 years ago

  • Owner set to dancole
  • Status changed from new to assigned

I put d4manek's solution into patch form. Just for reference: is_ssl(). Looks like the developers tried to standardize this in 2.7.1, e.g. #8641, but this location was missed.

#2 @dancole
14 years ago

  • Keywords has-patch added

#3 @miqrogroove
14 years ago

  • Component changed from General to Canonical
  • Milestone changed from Unassigned to 3.0

Looks like a good patch to me. Let's get it in line for test & commit.

#4 @nacin
14 years ago

I noticed another one of these in wp-app.php the other day. It looks like we also use it in wp_guess_url() and wp-login.php.

Should probably patch them all to use is_ssl().

#5 @nacin
14 years ago

  • Owner changed from dancole to nacin
  • Status changed from assigned to reviewing

#6 @nacin
14 years ago

  • Keywords needs-patch added; has-patch removed

Anyone willing? Should be a quick patch

#7 @nacin
14 years ago

  • Resolution set to fixed
  • Status changed from reviewing to closed

(In [13427]) Use is_ssl() in place of manual SERVERHTTPS? == 'on' checks. fixes #11885

Note: See TracTickets for help on using tickets.