WordPress.org

Make WordPress Core

Opened 8 months ago

Closed 8 months ago

#46673 closed defect (bug) (maybelater)

Update esc_url function (default https).

Reported by: aksl95 Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Formatting Keywords:
Focuses: Cc:
PR Number:

Description

Hello,

If by default the link doesn't contain a protocol, WordPress adds http. Today I think it's better to use https.

I think this is a position to take because in both cases (http or https) the redirection may be bad.

This ticket follows the modification of the protocol in the menu (#46312).

Attachments (1)

46673.diff (824 bytes) - added by aksl95 8 months ago.
Update esc_url function

Download all attachments as: .zip

Change History (4)

@aksl95
8 months ago

Update esc_url function

#1 @SergeyBiryukov
8 months ago

  • Component changed from General to Formatting

This ticket was mentioned in Slack in #core by mukeshpanchal27. View the logs.


8 months ago

#3 @johnbillion
8 months ago

  • Milestone Awaiting Review deleted
  • Resolution set to maybelater
  • Status changed from new to closed

Thanks for the patch @aksl95 , but this isn't a good idea because it's easy to break a link by setting its scheme to https when the site doesn't support HTTPS. Conversely, any website available over HTTPS is also available over HTTP and likely will be for the foreseeable future.

Note: See TracTickets for help on using tickets.