Make WordPress Core

Opened 2 years ago

Closed 2 years ago

Last modified 2 years ago

#46453 closed defect (bug) (invalid)

REQUEST_URI doesn't contain http string for ssl validation

Reported by: LogixTree Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: General Keywords:
Focuses: Cc:


Hi guys,
I just came around very strange issue. I have been looking at the following code.

if ( force_ssl_admin() && ! is_ssl() ) {
        if ( 0 === strpos( $_SERVER['REQUEST_URI'], 'http' ) ) {
                wp_safe_redirect( set_url_scheme( $_SERVER['REQUEST_URI'], 'https' ) );
        } else {
                wp_safe_redirect( 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );

Clearly, We are looking for http string to find out if it's ssl or not.
But under the PHP config. We don't have any http or https string.

Whenever we try to login. It just hang on redirects and end up many redirect.
I tried bypass by adding filter

add_filter('secure_auth_redirect', '__return_false');

But seems like same coding is under wp-login.php.

Attachments (1)

Screenshot_127.png (7.0 KB) - added by LogixTree 2 years ago.

Download all attachments as: .zip

Change History (4)

#1 follow-up: @LogixTree
2 years ago

  • Resolution set to invalid
  • Status changed from new to closed

#2 in reply to: ↑ 1 @LogixTree
2 years ago

Replying to LogixTree:
Cloudflare was coming in between with it's flexible ssl. Apologies for confusion.

#3 @desrosj
2 years ago

  • Milestone Awaiting Review deleted
  • Version 5.1 deleted
Note: See TracTickets for help on using tickets.