Make WordPress Core

Opened 7 years ago

Closed 7 years ago

Last modified 7 years ago

#8641 closed enhancement (fixed)

Improvements to is_ssl()

Reported by: johnbillion Owned by: johnbillion
Milestone: 2.7.1 Priority: normal
Severity: normal Version: 2.7
Component: Security Keywords: is_ssl, ssl, https, has-patch
Focuses: Cc:


It appears that some server setups (particularly those running suexec on Apache < 2 ) don't populate the $_SERVER['HTTPS'] environment variable, or populate it with '1' instead of 'on'. This means that a site can be running on SSL but is_ssl() returns false.

Patch coming up to add support for differing values of $_SERVER['HTTPS'].

Attachments (1)

8641.diff (678 bytes) - added by johnbillion 7 years ago.
Improvements to is_ssl()

Download all attachments as: .zip

Change History (5)

7 years ago

Improvements to is_ssl()

#1 @johnbillion
7 years ago

  • Keywords has-patch added


is_ssl() now returns true if $_SERVER['HTTPS'] == '1'.

If the $_SERVER['HTTPS'] environment variable is not set, it then checks the port. If $_SERVER['SERVER_PORT'] == '443' then the function returns true.

Several other CMS' detect SSL like this, including Trac and CubeCart.

Tested and confirmed as working on a server where the HTTPS environment variable was not set but the server was running on SSL (port 443).

Left the milestone as 2.8 but could we get this into 2.7.1?

#2 @ryan
7 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [10217]) is_ssl() improvements. Props johnbillion. fixes #8641 for trunk

#3 @ryan
7 years ago

  • Milestone changed from 2.8 to 2.7.1

#4 @ryan
7 years ago

(In [10218]) is_ssl() improvements. Props johnbillion. fixes #8641 for 2.7

Note: See TracTickets for help on using tickets.