Make WordPress Core

Opened 3 years ago

Closed 3 years ago

#20996 closed defect (bug) (duplicate)

wp_get_attachment_url() ignoring HTTPS

Reported by: xsign.dll Owned by:
Milestone: Priority: normal
Severity: normal Version: 3.4
Component: Security Keywords:
Focuses: Cc:


SSL is ignored in wp_get_attachment_url() so that a HTTPS website gets invalidated by unsecure content.

Steps to reproduce:

  1. Add to wp-config.php: define('FORCE_SSL_ADMIN', true);
  2. Use e.g. the_post_thumbnail() in a theme. This function calls wp_get_attachment_url()
  3. Visit website via HTTPS => Browser error occurs

Hotfix below. Add to function.php

# Correct SSL Bug
function correct_url_ssl($url)
  if( function_exists('is_ssl') && is_ssl() )
    return str_replace('http://', 'https://', $url);
  return $url;
add_filter('wp_get_attachment_url', 'correct_url_ssl');

Kind regards,

  1. Wolf


Change History (1)

#1 @SergeyBiryukov
3 years ago

  • Keywords needs-patch removed
  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.