WordPress.org

Make WordPress Core

Opened 4 years ago

Closed 4 years ago

#33887 closed defect (bug) (duplicate)

Multisite update from SSL network fails on non SSL domains

Reported by: typify Owned by:
Milestone: Priority: normal
Severity: normal Version: 4.3
Component: Upgrade/Install Keywords: has-patch needs-testing https dev-feedback
Focuses: administration, multisite Cc:

Description

I run some multisite installations where each sub-site has its own domain name. The main domain name runs on a secure SSL connection. This is not the case for all sub-websites.

After installing an update, the network upgrade option fails for sub-sites that do not support SSL. For example, my main website is https://www.primarysite.com. Then I have another website in that installation by the name of http://www.secondarysite.com. Clicking network upgrade results in:

"SSL: certificate subject name 'www.secondarysite.com' does not match target host name 'www.primarysite.com'"

I would expect the script to connect to the non-SSL version since that is stored in the options and sites tables.

Attachments (2)

33887.patch (1.4 KB) - added by akibjorklund 4 years ago.
33887-alternative.diff (1.0 KB) - added by flixos90 4 years ago.
alternative patch, solving the issue in set_url_scheme() only

Download all attachments as: .zip

Change History (13)

#1 @netweb
4 years ago

@typify Thanks for the ticket and welcome to Trac.

I can also confirm I've got this same issue on one of my multi-network multisite installs myself, primary site is SSL, another site in the network is not SSL, attempting to upgrade the network results in the error you list above.

@johnbillion As you've been playing in SSL land this past few days could you take a look please?

Happy to test anything, add more details, detailed repro steps etc if it cannot be reproduced.

@akibjorklund
4 years ago

#2 @akibjorklund
4 years ago

  • Keywords has-patch needs-testing added

We have this issue on one site as well.

The problem is that set_url_scheme(), which is called by get_site_url() – twice, once for displaying the root URL and second time for getting the actual connect URL – forces the protocol to be SSL if upgrade.php is called with SSL.

My initial solution would be to add a scheme 'original'. That would be a special case and would not alter the protocol in any way.

I've attached a patch for this approach.

Related: We happen to use the plugin WordPress MU Domain Mapping on the site and that also filters the admin_url to force https when is_ssl() returns true. By disabling the plugin temporarily and using my patch, I was able to upgrade the database.

#3 @mensmaximus
4 years ago

I have solved this issue by adding two filters to /mu-plugins/ms-functions.php

<?php
add_filter( 'network_admin_url', 'mmx_network_admin_url', 1, 2 );
function mmx_network_admin_url( $url, $path ){
    $url = "https://my_master_domain/wp-admin/network/" . $path;
    return $url;
}

add_filter( 'admin_url', 'mmx_admin_url', 1, 3 );
function mmx_admin_url( $url, $path, $blog_id ) {
    $blog_id = ( $blog_id ) ? $blog_id : get_current_blog_id();
    if ( preg_match( '|^http(s)?://|', $url) ) {
        $blog_details = get_blog_details( $blog_id );
        $url = $blog_details->siteurl . '/wp-admin/' . $path;
    }
    return $url;
}

This fixes network upgrade issues as well as the wrong site urls in the admin panel

#4 @johnbillion
4 years ago

  • Keywords https added

@flixos90
4 years ago

alternative patch, solving the issue in set_url_scheme() only

#5 @flixos90
4 years ago

  • Keywords dev-feedback added

I just stumbled across the same issue.

I came up with a different solution in 33887-alternative.diff which solves the problem by only changing the set_url_scheme() function. This way we don't need to change the parameter everywhere where we want the original version of the URL.

My approach is to rely on whether we're currently switched in a multisite installation and then rely on the scheme of the original URL if possible (since we cannot rely on is_ssl() here). I still took force_ssl_admin() into account since I feel this is a global setting, but correct me if I'm wrong.

#6 @here
4 years ago

Related / duplicate of #31405 noted by @thomaswm (thanks!)

#7 @johnbillion
4 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed

Duplicate of #31405.

This ticket was mentioned in Slack in #core-multisite by websupporter. View the logs.


4 years ago

#9 @richard12
4 years ago

  • Resolution duplicate deleted
  • Status changed from closed to reopened

#10 @richard12
4 years ago

Hi, I came across this exact same problem recently. I have multisite subfolders and some are mapped with non ssl domains. I have ssl on the main site. I simply changed the home and the site URL to http, upgraded the network and the returned them to https after the update.
That seemed to work ok for me
Richard

#11 @jeremyfelt
4 years ago

  • Resolution set to duplicate
  • Status changed from reopened to closed

Hi @richard12. This ticket has been closed as a duplicate of #31405. Please see that ticket for some other conversation around the issue.

Note: See TracTickets for help on using tickets.