Opened 14 years ago
Closed 14 years ago
#17876 closed defect (bug) (duplicate)
WP_CONTENT_URL breaking FORCE_ADMIN_SSL in administration
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Priority: | normal | |
| Severity: | minor | Version: | 3.1.3 |
| Component: | Administration | Keywords: | |
| Focuses: | Cc: |
Description
WP_CONTENT_URL isn't converting to https:// when the FORCE_ADMIN_SSL is enabled and the user is in the wp-admin folder. This causes various plugins that include CSS and JS in the admin area to break the security causing browser havoc. I think that when WP_CONTENT_URL is set it should first check if is_admin() and FORCE_ADMIN_SSL are both true, and if so use https:// instead. To reproduce this issue, set FORCE_ADMIN_SSL to true and install the free Defensio antispam plugin, then log into wp-admin and see the http:// CSS link in the source code. This plugin example uses WP_PLUGIN_URL in its source. Thank you.
Change History (1)
Note: See
TracTickets for help on using
tickets.
#13941