Make WordPress Core

Opened 9 years ago

Last modified 5 years ago

#35182 new defect (bug)

Site icon URLs don't respect SSL in admin

Reported by: kasparsd's profile kasparsd Owned by:
Milestone: Priority: normal
Severity: normal Version: 4.4
Component: Administration Keywords: has-patch dev-feedback https
Focuses: Cc:

Description

It appears that the following check in wp_get_attachment_url():

if ( is_ssl() && ! is_admin() && 'wp-login.php' !== $GLOBALS['pagenow'] ) {
        $url = set_url_scheme( $url );
}

prevents get_site_icon_url() from using SSL for serving the icon links in the head, which results in non-HTTPS icon URLs on all admin pages:

http://kaspars.net/wp-content/uploads/2015/12/site-icon-url-https.png

Attachments (1)

35182.diff (406 bytes) - added by kasparsd 9 years ago.
Ensure the correct URL when served via SSL

Download all attachments as: .zip

Change History (7)

@kasparsd
9 years ago

Ensure the correct URL when served via SSL

#1 @kasparsd
9 years ago

  • Keywords has-patch dev-feedback added

#2 @joemcgill
9 years ago

  • Keywords https added

Hi @kasparsd,

Thanks for the report. I believe this is the same root issue affecting #34109.

#3 @kasparsd
9 years ago

Yes, looks like it @joemcgill.

However, the attachment URLs are different because they might be inserted in post content, etc., while in this case we can safely assume that during is_ssl() the URLs should be HTTPS since they are used for HTML output only.

#4 @ocean90
9 years ago

#36119 was marked as a duplicate.

#5 @johnbillion
9 years ago

#36153 was marked as a duplicate.

This ticket was mentioned in Slack in #core by binarykitten. View the logs.


9 years ago

Note: See TracTickets for help on using tickets.