WordPress.org

Make WordPress Core

Opened 5 years ago

Last modified 10 months ago

#14873 closed defect (bug)

HTTPS related issue with ms-settings.php — at Initial Version

Reported by: mareck Owned by:
Milestone: 3.9 Priority: normal
Severity: normal Version: 2.9
Component: Bootstrap/Load Keywords: has-patch dev-feedback
Focuses: multisite Cc:

Description

ms-settings.php hard-codes "http://" in a few places. This didn't impact me, but I can see that it might impact someone.

Hopefully, a developer can take a look at the code and verify that, in fact, it has to change. Seems like it does since hard-coding "http:" isn't a good practice, but I don't want to claim it since I haven't seen the need for it personally.

Here's the updated code that needs to replace the code in ms-settings.php starting at line 83 and ending at line 105:

$protocol = is_ssl() ? 'https://' : 'http://';

if ( ! defined( 'WP_INSTALLING' ) && is_subdomain_install() && ! is_object( $current_blog ) ) {

if ( defined( 'NOBLOGREDIRECT' ) ) {

$destination = NOBLOGREDIRECT;
if ( '%siteurl%' == $destination )

$destination = $protocol . $current_site->domain . $current_site->path;

} else {

$destination = $protocol . $current_site->domain . $current_site->path . 'wp-signup.php?new=' . str_replace( '.' . $current_site->domain, , $domain );

}
header( 'Location: ' . $destination );
die();

}

if ( ! defined( 'WP_INSTALLING' ) ) {

if ( $current_site && ! $current_blog ) {

if ( $current_site->domain != $_SERVER[ 'HTTP_HOST' ] ) {

header( 'Location: ' . $protocol . $current_site->domain . $current_site->path );
exit;

}
$current_blog = get_blog_details( array( 'domain' => $current_site->domain, 'path' => $current_site->path ), false );

}

if ( ! $current_blog
! $current_site )

ms_not_installed();

}


Change History (2)

@mareck5 years ago

Updated ms-settings.php with HTTPS fix

@dd324 years ago

mareck's file in patch form.

Note: See TracTickets for help on using tickets.