WordPress.org

Make WordPress Core

Opened 5 months ago

Closed 5 months ago

Last modified 4 months ago

#46453 closed defect (bug) (invalid)

REQUEST_URI doesn't contain http string for ssl validation

Reported by: LogixTree Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: General Keywords:
Focuses: Cc:

Description

Hi guys,
I just came around very strange issue. I have been looking at the following code.

<?php
if ( force_ssl_admin() && ! is_ssl() ) {
        if ( 0 === strpos( $_SERVER['REQUEST_URI'], 'http' ) ) {
                wp_safe_redirect( set_url_scheme( $_SERVER['REQUEST_URI'], 'https' ) );
                exit();
        } else {
                wp_safe_redirect( 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
                exit();
        }
}

Clearly, We are looking for http string to find out if it's ssl or not.
But under the PHP config. We don't have any http or https string.
https://logixtree.in/wp-content/uploads/2019/03/Screenshot_127.png

Whenever we try to login. It just hang on redirects and end up many redirect.
I tried bypass by adding filter

<?php
add_filter('secure_auth_redirect', '__return_false');

But seems like same coding is under wp-login.php.

Attachments (1)

Screenshot_127.png (7.0 KB) - added by LogixTree 5 months ago.

Download all attachments as: .zip

Change History (4)

#1 follow-up: @LogixTree
5 months ago

  • Resolution set to invalid
  • Status changed from new to closed

#2 in reply to: ↑ 1 @LogixTree
5 months ago

Replying to LogixTree:
Cloudflare was coming in between with it's flexible ssl. Apologies for confusion.

#3 @desrosj
4 months ago

  • Milestone Awaiting Review deleted
  • Version 5.1 deleted
Note: See TracTickets for help on using tickets.