WordPress.org

Make WordPress Core

Opened 4 years ago

Last modified 9 months ago

#14873 closed defect (bug)

HTTPS related issue with ms-settings.php — at Version 2

Reported by: mareck Owned by:
Milestone: 3.9 Priority: normal
Severity: normal Version: 2.9
Component: Bootstrap/Load Keywords: has-patch dev-feedback
Focuses: multisite Cc:

Description (last modified by dd32)

ms-settings.php hard-codes "http://" in a few places. This didn't impact me, but I can see that it might impact someone.

Hopefully, a developer can take a look at the code and verify that, in fact, it has to change. Seems like it does since hard-coding "http:" isn't a good practice, but I don't want to claim it since I haven't seen the need for it personally.

Here's the updated code that needs to replace the code in ms-settings.php starting at line 83 and ending at line 105:

        $protocol = is_ssl() ? 'https://' : 'http://';

        if ( ! defined( 'WP_INSTALLING' ) && is_subdomain_install() && ! is_object( $current_blog ) ) {
                if ( defined( 'NOBLOGREDIRECT' ) ) {
                        $destination = NOBLOGREDIRECT;
                        if ( '%siteurl%' == $destination )
                                $destination = $protocol . $current_site->domain . $current_site->path;
                } else {
                        $destination = $protocol . $current_site->domain . $current_site->path . 'wp-signup.php?new=' . str_replace( '.' . $current_site->domain, '', $domain );
                }
                header( 'Location: ' . $destination );
                die();
        }

        if ( ! defined( 'WP_INSTALLING' ) ) {
                if ( $current_site && ! $current_blog ) {
                        if ( $current_site->domain != $_SERVER[ 'HTTP_HOST' ] ) {
                                header( 'Location: ' . $protocol . $current_site->domain . $current_site->path );
                                exit;
                        }
                        $current_blog = get_blog_details( array( 'domain' => $current_site->domain, 'path' => $current_site->path ), false );
                }
                if ( ! $current_blog || ! $current_site )
                        ms_not_installed();
        }

Change History (4)

@mareck4 years ago

Updated ms-settings.php with HTTPS fix

@dd324 years ago

mareck's file in patch form.

comment:1 @dd324 years ago

  • Component changed from General to Multisite
  • Keywords has-patch added

uploaded a patch form of the reporters changes.

comment:2 @dd324 years ago

  • Description modified (diff)
Note: See TracTickets for help on using tickets.