WordPress.org

Make WordPress Core

Opened 3 years ago

Closed 3 years ago

#17876 closed defect (bug) (duplicate)

WP_CONTENT_URL breaking FORCE_ADMIN_SSL in administration

Reported by: beautomated Owned by:
Milestone: Priority: normal
Severity: minor Version: 3.1.3
Component: Administration Keywords:
Focuses: Cc:

Description

WP_CONTENT_URL isn't converting to https:// when the FORCE_ADMIN_SSL is enabled and the user is in the wp-admin folder. This causes various plugins that include CSS and JS in the admin area to break the security causing browser havoc. I think that when WP_CONTENT_URL is set it should first check if is_admin() and FORCE_ADMIN_SSL are both true, and if so use https:// instead. To reproduce this issue, set FORCE_ADMIN_SSL to true and install the free Defensio antispam plugin, then log into wp-admin and see the http:// CSS link in the source code. This plugin example uses WP_PLUGIN_URL in its source. Thank you.

Change History (1)

comment:1 ocean903 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.