Make WordPress Core

Opened 17 months ago

Closed 17 months ago

Last modified 17 months ago

#46453 closed defect (bug) (invalid)

REQUEST_URI doesn't contain http string for ssl validation

Reported by: LogixTree Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: General Keywords:
Focuses: Cc:


Hi guys,
I just came around very strange issue. I have been looking at the following code.

if ( force_ssl_admin() && ! is_ssl() ) {
        if ( 0 === strpos( $_SERVER['REQUEST_URI'], 'http' ) ) {
                wp_safe_redirect( set_url_scheme( $_SERVER['REQUEST_URI'], 'https' ) );
        } else {
                wp_safe_redirect( 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );

Clearly, We are looking for http string to find out if it's ssl or not.
But under the PHP config. We don't have any http or https string.

Whenever we try to login. It just hang on redirects and end up many redirect.
I tried bypass by adding filter

add_filter('secure_auth_redirect', '__return_false');

But seems like same coding is under wp-login.php.

Attachments (1)

Screenshot_127.png (7.0 KB) - added by LogixTree 17 months ago.

Download all attachments as: .zip

Change History (4)

#1 follow-up: @LogixTree
17 months ago

  • Resolution set to invalid
  • Status changed from new to closed

#2 in reply to: ↑ 1 @LogixTree
17 months ago

Replying to LogixTree:
Cloudflare was coming in between with it's flexible ssl. Apologies for confusion.

#3 @desrosj
17 months ago

  • Milestone Awaiting Review deleted
  • Version 5.1 deleted
Note: See TracTickets for help on using tickets.