Opened 15 years ago
Closed 14 years ago
#14835 closed defect (bug) (fixed)
Theme header_image fails to load when not in HTTPS
Reported by: |
|
Owned by: | |
---|---|---|---|
Milestone: | 3.1 | Priority: | normal |
Severity: | minor | Version: | 3.0 |
Component: | Themes | Keywords: | has-patch |
Focuses: | Cc: |
Description
Server Setup: Linux, Firefox/Chrome, Apache
My server uses a self-generated SSL certificate. A firefox/chrome browser profile will challenge the user first time the mysite is accessed using HTTPS to allow an insecure certificate.
Wordpress general access uses HTTP. Wordpress admin uses HTTPS.
Using Twenty Ten theme (and others) I select a new header image. This sets header_image to
https://../wp-content/themes/twentyten/images/headers/sunset.jpg
in the mods_Twenty Ten.
The header_image will silently fail to load when a user has not previously accepted the private security certificate of my site.
It is retrieved in wp-includes/theme.php get_header_image().
The programmatic fix for this seems to be store references to common widgets using only HTTP and not HTTPS.
Non programmatic fixes (I implemented #2 below):
1) Generate a certificate by a public CA.
2) Modify mods_Twenty Ten using mysql:
use wordpress;
select option_name,option_value from wp_options where option_name="mods_Twenty Ten";
UPDATE wp_options SET option_value='a:2:{s:12:"header_image";s:79:"http://.../wp-content/themes/twentyten/images/header/sunset.jpg";s:18:"nav_menu_locations";a:1:{s:7:"primary";i:16;}}' WHERE option_name="mods_Twenty Ten";
Attachments (2)
Change History (10)
#3
@
15 years ago
Indeed, the backend must get the propper HTTP/HTTPS setting for frontend prior storing the address to the header image into the database.
Since we're storing an absolute value here (and I'm not sure we can avoid that because it might be either an image in the theme versus an upload), we probably just need to do an http/https check, pick which to serve based on is_ssl().