Opened 6 years ago
Closed 2 weeks ago
#46673 closed defect (bug) (duplicate)
Update esc_url function (default https).
Reported by: |
|
Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | |
Component: | Formatting | Keywords: | |
Focuses: | Cc: |
Description
Hello,
If by default the link doesn't contain a protocol, WordPress adds http. Today I think it's better to use https.
I think this is a position to take because in both cases (http or https) the redirection may be bad.
This ticket follows the modification of the protocol in the menu (#46312).
Attachments (1)
Change History (7)
This ticket was mentioned in Slack in #core by mukeshpanchal27. View the logs.
6 years ago
#3
follow-up:
↓ 6
@
6 years ago
- Milestone Awaiting Review deleted
- Resolution set to maybelater
- Status changed from new to closed
Thanks for the patch @aksl95 , but this isn't a good idea because it's easy to break a link by setting its scheme to https
when the site doesn't support HTTPS. Conversely, any website available over HTTPS is also available over HTTP and likely will be for the foreseeable future.
#4
@
4 years ago
- Resolution maybelater deleted
- Status changed from closed to reopened
Can this be reviewed?
Issues:
1- Having the http://
hardcoded makes less sense here, it doesn't look up to $protocols.
2- There's no way to use this function if I want to have https://
as default instead.
3- I'm also not sure about
" any website available over HTTPS is also available over HTTP and likely will be for the foreseeable future."
I would suggest then that it pops the first allowed $protocols.
#6
in reply to:
↑ 3
@
2 weeks ago
- Resolution set to duplicate
- Status changed from reopened to closed
Duplicate of #52886.
I'm closing this as the duplicate because it already was closed, but the discussion should continue on #52866.
it's easy to break a link by setting its scheme to
https
when the site doesn't support HTTPS.
I agree that https://
hardcoded in the function could create broken links. However, the other ticket gives the example of social links, which should support HTTPS. I like the idea of using $protocols
.
Update esc_url function