Insert attachment should not always https

[hnle]

In [35804], WP_CONTENT_URL began to reflect current url scheme.

so, Image url when insert from editor with https (and front is http) will have https.

but some case like using Self-signed certificate, or like local-only ssl admin, admin only ssl... ―― they are not recommended but some user using it ―― the image cannot show in front (non-admin user:viewer)

If wp_get_attachment_url's response filtered like below, it will well but it need some conditional branching.

<?php
add_filter('wp_get_attachment_url',function($url) {
  return set_url_scheme($url ,'http');
});

(p.s. is this a plugin territory?)

[joemcgill]

Hi @hnle,

Thanks for the report. This definitely looks like a bug. WP_CONTENT_URL is used in wp_upload_dir() to build the URL to the uplods directory, which is then used throughout many functions in core. The one that is affecting you is get_image_tag(), which is used to build the HTML for an image before inserting it into a post.

Related history can be found in #15928.

[johnbillion]

@hnle Would you let us know the following please?

1. What's the value of the "WordPress Address" and "Site Address" fields on the Settings screen?
2. Are you using the FORCE_SSL_ADMIN constant in your wp-config.php file?
3. Are you using the WP_HOME or WP_SITEURL constants in your wp- config.php file?

[hnle]

@johnbillion
Oh... my current test environment (latest trunk) is multisite...
but its site not using FORCE_SSL_ADMIN (so self input https) and no using their const, and their site-url, home are both like http://subdomain.example.com. (I think it is edge case)

in other side, in the current public env (4.4 stable) which using FORCE_SSL_ADMIN looks not have this issue.

[johnbillion]

In 36061:

Revert [35804]. This change has unintended side effects, notably that media URLs in the admin area now unexpectedly use the https scheme. A more comprehensive approach will be taken in 4.5.

See #13941, #35120