#14873 closed defect (bug) (fixed)
HTTPS related issue with ms-settings.php
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | 3.9 | Priority: | normal |
| Severity: | normal | Version: | 2.9 |
| Component: | Bootstrap/Load | Keywords: | has-patch dev-feedback |
| Focuses: | multisite | Cc: |
Description (last modified by )
ms-settings.php hard-codes "http://" in a few places. This didn't impact me, but I can see that it might impact someone.
Hopefully, a developer can take a look at the code and verify that, in fact, it has to change. Seems like it does since hard-coding "http:" isn't a good practice, but I don't want to claim it since I haven't seen the need for it personally.
Here's the updated code that needs to replace the code in ms-settings.php starting at line 83 and ending at line 105:
$protocol = is_ssl() ? 'https://' : 'http://';
if ( ! defined( 'WP_INSTALLING' ) && is_subdomain_install() && ! is_object( $current_blog ) ) {
if ( defined( 'NOBLOGREDIRECT' ) ) {
$destination = NOBLOGREDIRECT;
if ( '%siteurl%' == $destination )
$destination = $protocol . $current_site->domain . $current_site->path;
} else {
$destination = $protocol . $current_site->domain . $current_site->path . 'wp-signup.php?new=' . str_replace( '.' . $current_site->domain, '', $domain );
}
header( 'Location: ' . $destination );
die();
}
if ( ! defined( 'WP_INSTALLING' ) ) {
if ( $current_site && ! $current_blog ) {
if ( $current_site->domain != $_SERVER[ 'HTTP_HOST' ] ) {
header( 'Location: ' . $protocol . $current_site->domain . $current_site->path );
exit;
}
$current_blog = get_blog_details( array( 'domain' => $current_site->domain, 'path' => $current_site->path ), false );
}
if ( ! $current_blog || ! $current_site )
ms_not_installed();
}
Attachments (2)
Change History (9)
#1
@
15 years ago
- Component changed from General to Multisite
- Keywords has-patch added
uploaded a patch form of the reporters changes.
Note: See
TracTickets for help on using
tickets.
Updated ms-settings.php with HTTPS fix