Patch for is_ssl, ssl_redirect and general http/https logic / bug
|Reported by:||MarcusPope||Owned by:|
WP core uses several different methods for determining if the site is using SSL, and whether to redirect to an SSL scheme. Additionally some of those cases use complete logic checks and some only use partial checks.
This patch refactors the copy-pasted logic throughout several files and offers a unified approach to getting the correct scheme.
I've also removed parenthesis from is_ssl in code comments to reduce the number of false positive results when grepping for usage of is_ssl in the code.
site-info.php mistakenly reports the homepage url scheme as the scheme currently being used to browse the page and not the intended scheme of the site.
feed.php now operates on fallback assumption that if http is not "on" server_port could still properly catch a correct ssl session.
corrected inappropriate use of "schema" for scheme variable in functions.php
And it provides a central place for implementing future hooks related to http/https selection logic.
Not sure if component:security is the best choice, but http seemed to apply more to http.php than the ssl/non-ssl scheme selection.
Change History (13)
comment:2 @johnbillion — 4 years ago
- Cc johnbillion@… added
- Type changed from defect (bug) to enhancement