WordPress.org

Make WordPress Core

#39230 closed feature request (wontfix)

esc_url test if target url is available in https and dynamically updates the scheme.

Reported by: marksabbath Owned by:
Milestone: Priority: normal
Severity: normal Version: 4.7
Component: Formatting Keywords:
Focuses: Cc:

Description

While using esc_url, if a scheme isn't provided, it will hardcode "http://". My suggestion would be checking if the esc_url target is accessible via https (check with wp_remote_get) and if it is successful, add the https scheme instead of using only http.

Attachments (1)

39230.diff (873 bytes) - added by marksabbath 20 months ago.
Patch to add this feature.

Download all attachments as: .zip

Change History (2)

@marksabbath
20 months ago

Patch to add this feature.

#1 @dd32
20 months ago

  • Milestone Awaiting Review deleted
  • Resolution set to wontfix
  • Status changed from new to closed

Welcome to Trac @marksabbath

Performing a remote HTTP request on every call to esc_url() without a scheme present isn't a performance option we'd ever go with in WordPress - you have to consider that a request could be triggered multiple times on every pageload.

http is the default lowest-common-denominator scheme which can be assumed here though, so it makes sense as-is to me. This branch is really only there for the case where it's not present - but realistic, it should already be present in the URL, whatever code is passing without a scheme parameter should probably be setting that upon save validation or some such IMHO.

I'm closing this as wontfix, simply due to the performance concerns

Note: See TracTickets for help on using tickets.