WordPress.org

Make WordPress Core

Opened 7 years ago

Closed 7 years ago

Last modified 7 years ago

#8641 closed enhancement (fixed)

Improvements to is_ssl()

Reported by: johnbillion Owned by: johnbillion
Milestone: 2.7.1 Priority: normal
Severity: normal Version: 2.7
Component: Security Keywords: is_ssl, ssl, https, has-patch
Focuses: Cc:

Description

It appears that some server setups (particularly those running suexec on Apache < 2 ) don't populate the $_SERVER['HTTPS'] environment variable, or populate it with '1' instead of 'on'. This means that a site can be running on SSL but is_ssl() returns false.

Patch coming up to add support for differing values of $_SERVER['HTTPS'].

Attachments (1)

8641.diff (678 bytes) - added by johnbillion 7 years ago.
Improvements to is_ssl()

Download all attachments as: .zip

Change History (5)

@johnbillion7 years ago

Improvements to is_ssl()

comment:1 @johnbillion7 years ago

  • Keywords has-patch added

Patch.

is_ssl() now returns true if $_SERVER['HTTPS'] == '1'.

If the $_SERVER['HTTPS'] environment variable is not set, it then checks the port. If $_SERVER['SERVER_PORT'] == '443' then the function returns true.

Several other CMS' detect SSL like this, including Trac and CubeCart.

Tested and confirmed as working on a server where the HTTPS environment variable was not set but the server was running on SSL (port 443).

Left the milestone as 2.8 but could we get this into 2.7.1?

comment:2 @ryan7 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [10217]) is_ssl() improvements. Props johnbillion. fixes #8641 for trunk

comment:3 @ryan7 years ago

  • Milestone changed from 2.8 to 2.7.1

comment:4 @ryan7 years ago

(In [10218]) is_ssl() improvements. Props johnbillion. fixes #8641 for 2.7

Note: See TracTickets for help on using tickets.