WordPress.org

Make WordPress Core

Opened 4 years ago

Last modified 3 months ago

#14873 new defect (bug)

HTTPS related issue with ms-settings.php

Reported by: mareck Owned by:
Milestone: Future Release Priority: normal
Severity: normal Version: 2.9
Component: Bootstrap/Load Keywords: has-patch dev-feedback
Focuses: multisite Cc:

Description (last modified by dd32)

ms-settings.php hard-codes "http://" in a few places. This didn't impact me, but I can see that it might impact someone.

Hopefully, a developer can take a look at the code and verify that, in fact, it has to change. Seems like it does since hard-coding "http:" isn't a good practice, but I don't want to claim it since I haven't seen the need for it personally.

Here's the updated code that needs to replace the code in ms-settings.php starting at line 83 and ending at line 105:

        $protocol = is_ssl() ? 'https://' : 'http://';

        if ( ! defined( 'WP_INSTALLING' ) && is_subdomain_install() && ! is_object( $current_blog ) ) {
                if ( defined( 'NOBLOGREDIRECT' ) ) {
                        $destination = NOBLOGREDIRECT;
                        if ( '%siteurl%' == $destination )
                                $destination = $protocol . $current_site->domain . $current_site->path;
                } else {
                        $destination = $protocol . $current_site->domain . $current_site->path . 'wp-signup.php?new=' . str_replace( '.' . $current_site->domain, '', $domain );
                }
                header( 'Location: ' . $destination );
                die();
        }

        if ( ! defined( 'WP_INSTALLING' ) ) {
                if ( $current_site && ! $current_blog ) {
                        if ( $current_site->domain != $_SERVER[ 'HTTP_HOST' ] ) {
                                header( 'Location: ' . $protocol . $current_site->domain . $current_site->path );
                                exit;
                        }
                        $current_blog = get_blog_details( array( 'domain' => $current_site->domain, 'path' => $current_site->path ), false );
                }
                if ( ! $current_blog || ! $current_site )
                        ms_not_installed();
        }

Attachments (2)

ms-settings.php (5.4 KB) - added by mareck 4 years ago.
Updated ms-settings.php with HTTPS fix
14873.diff (1.4 KB) - added by dd32 4 years ago.
mareck's file in patch form.

Download all attachments as: .zip

Change History (8)

mareck4 years ago

Updated ms-settings.php with HTTPS fix

dd324 years ago

mareck's file in patch form.

comment:1 dd324 years ago

  • Component changed from General to Multisite
  • Keywords has-patch added

uploaded a patch form of the reporters changes.

comment:2 dd323 years ago

  • Description modified (diff)

comment:3 nacin3 years ago

Moving to SSL checks elsewhere broke some things, see r17005.

comment:4 nacin3 years ago

  • Keywords 3.2-early added
  • Milestone changed from Awaiting Review to Future Release
  • Version set to 2.9

Needs testing. Should be okay. (Famous last words.) Setting to 2.9 as this came from MU.

comment:5 wonderboymusic19 months ago

  • Keywords dev-feedback added; 3.2-early removed

comment:6 jeremyfelt3 months ago

  • Component changed from Multisite to Bootstrap/Load
  • Focuses multisite added
Note: See TracTickets for help on using tickets.