WordPress.org

Make WordPress Core

Opened 7 years ago

Closed 7 years ago

#13328 closed defect (bug) (fixed)

Forced SSL Admin has broken preview links

Reported by: filosofo Owned by: nacin
Milestone: 3.1 Priority: normal
Severity: normal Version: 3.0
Component: Administration Keywords: needs-patch
Focuses: Cc:

Description

If you have forced SSL admin, then your cookies are only for https and the preview link, which uses http, is unauthenticated, producing a 404 response.

Patch uses https scheme for the preview link when it's being used in the admin.

Attachments (2)

use_https_preview.diff (711 bytes) - added by filosofo 7 years ago.
13328.brute-force.diff (1.1 KB) - added by nacin 7 years ago.

Download all attachments as: .zip

Change History (10)

#1 @hakre
7 years ago

+1 and Patch still applies clean!

#2 @nacin
7 years ago

  • Milestone changed from Awaiting Triage to 3.1

#3 @ryan
7 years ago

How about a set_url_scheme() type function?

#4 @nacin
7 years ago

  • Keywords needs-patch added; has-patch removed
  • Owner set to nacin
  • Status changed from new to accepted

This doesn't work for custom post types.

?p=123 does not redirect, it 404s. You need ?p=123&post_type=actual_post_type for it to work.

#5 @nacin
7 years ago

I was going to add post_type=$post_type, but this also won't work if the permalink is filtered in some way.

I think the safest way is a brute force str_replace for now.

#6 @nacin
7 years ago

filosofo informs me in IRC that ?p=123 not serving/redirecting is a regression.

Going to investigate that. In the meantime, here's one of those patches I don't want to be associated with.

#7 @filosofo
7 years ago

Actually, this would be a regression: "?p=123 does not redirect, it 404s"

But trunk, using pretty permalinks, redirects a request like that for a draft post to the correct draft url, post_type arg included. So it seems to work (non-SSL).

#8 @ryan
7 years ago

  • Resolution set to fixed
  • Status changed from accepted to closed

(In [16903]) Use https for preview links if is_ssl(). Props nacin, filosofo. fixes #13328

Note: See TracTickets for help on using tickets.