<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[32384] branches/4.2: Attachment URLs should only be forced to SSL on the front end.</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta" style="font-size: 105%">
<dt style="float: left; width: 6em; font-weight: bold">Revision</dt> <dd><a style="font-weight: bold" href="https://core.trac.wordpress.org/changeset/32384">32384</a><script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","description":"Review this Commit","action":{"@type":"ViewAction","url":"https://core.trac.wordpress.org/changeset/32384","name":"Review Commit"}}</script></dd>
<dt style="float: left; width: 6em; font-weight: bold">Author</dt> <dd>boonebgorges</dd>
<dt style="float: left; width: 6em; font-weight: bold">Date</dt> <dd>2015-05-06 16:20:54 +0000 (Wed, 06 May 2015)</dd>
</dl>
<pre style='padding-left: 1em; margin: 2em 0; border-left: 2px solid #ccc; line-height: 1.25; font-size: 105%; font-family: sans-serif'>Attachment URLs should only be forced to SSL on the front end.
Detecting SSL status on the Dashboard introduces problems when writing content
that is saved to the database and then displayed on the front end, where SSL
may be optional (or impossible, due to self-signed certificates). The new
approach parallels the logic in `get_home_url()` for forcing HTTPS.
See <a href="https://core.trac.wordpress.org/changeset/31614">[31614]</a> <a href="https://core.trac.wordpress.org/ticket/15928">#15928</a> for background.
Fixes <a href="https://core.trac.wordpress.org/ticket/32112">#32112</a> for 4.2 branch.</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#branches42srcwpincludespostphp">branches/4.2/src/wp-includes/post.php</a></li>
<li><a href="#branches42testsphpunittestspostattachmentsphp">branches/4.2/tests/phpunit/tests/post/attachments.php</a></li>
</ul>
<h3>Property Changed</h3>
<ul>
<li><a href="#branches42">branches/4.2/</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<span class="cx" style="display: block; padding: 0 10px">Index: branches/4.2
</span><span class="cx" style="display: block; padding: 0 10px">===================================================================
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">--- branches/4.2 2015-05-06 16:18:11 UTC (rev 32383)
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+++ branches/4.2 2015-05-06 16:20:54 UTC (rev 32384)
</ins><a id="branches42"></a>
<div class="propset"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Property changes: branches/4.2</h4>
<pre class="diff"><span>
</span></pre></div>
<a id="svnmergeinfo"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: svn:mergeinfo</h4></div>
<span class="cx" style="display: block; padding: 0 10px"> /branches/3.1:18031
</span><span class="cx" style="display: block; padding: 0 10px"> /branches/3.3:20543
</span><span class="cx" style="display: block; padding: 0 10px"> /branches/3.4:21757
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-/trunk:18512,32322,32326
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+/trunk:18512,32322,32326,32342
</ins><span class="cx" style="display: block; padding: 0 10px">\ No newline at end of property
</span><a id="branches42srcwpincludespostphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: branches/4.2/src/wp-includes/post.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- branches/4.2/src/wp-includes/post.php 2015-05-06 16:18:11 UTC (rev 32383)
+++ branches/4.2/src/wp-includes/post.php 2015-05-06 16:20:54 UTC (rev 32384)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -4992,12 +4992,9 @@
</span><span class="cx" style="display: block; padding: 0 10px"> $url = get_the_guid( $post->ID );
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- /*
- * If currently on SSL, prefer HTTPS URLs when we know they're supported by the domain
- * (which is to say, when they share the domain name of the current SSL page).
- */
- if ( is_ssl() && 'https' !== substr( $url, 0, 5 ) && parse_url( $url, PHP_URL_HOST ) === $_SERVER['HTTP_HOST'] ) {
- $url = set_url_scheme( $url, 'https' );
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ // On SSL front-end, URLs should be HTTPS.
+ if ( is_ssl() && ! is_admin() && 'wp-login.php' !== $GLOBALS['pagenow'] ) {
+ $url = set_url_scheme( $url );
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span></span></pre></div>
<a id="branches42testsphpunittestspostattachmentsphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: branches/4.2/tests/phpunit/tests/post/attachments.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- branches/4.2/tests/phpunit/tests/post/attachments.php 2015-05-06 16:18:11 UTC (rev 32383)
+++ branches/4.2/tests/phpunit/tests/post/attachments.php 2015-05-06 16:20:54 UTC (rev 32384)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -409,9 +409,9 @@
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><span class="cx" style="display: block; padding: 0 10px"> * @ticket 15928
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- public function test_wp_get_attachment_url_should_not_force_https_when_https_is_on_but_url_has_a_different_domain() {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ public function test_wp_get_attachment_url_should_not_force_https_when_administering_over_https_but_siteurl_is_not_https() {
</ins><span class="cx" style="display: block; padding: 0 10px"> $siteurl = get_option( 'siteurl' );
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- update_option( 'siteurl', set_url_scheme( $siteurl, 'https' ) );
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ update_option( 'siteurl', set_url_scheme( $siteurl, 'http' ) );
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> $filename = ( DIR_TESTDATA . '/images/test-image.jpg' );
</span><span class="cx" style="display: block; padding: 0 10px"> $contents = file_get_contents( $filename );
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -422,21 +422,47 @@
</span><span class="cx" style="display: block; padding: 0 10px"> // Set attachment ID
</span><span class="cx" style="display: block; padding: 0 10px"> $attachment_id = $this->_make_attachment( $upload );
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- // Save server data for cleanup.
</del><span class="cx" style="display: block; padding: 0 10px"> $is_ssl = is_ssl();
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $http_host = $_SERVER['HTTP_HOST'];
-
</del><span class="cx" style="display: block; padding: 0 10px"> $_SERVER['HTTPS'] = 'on';
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ set_current_screen( 'dashboard' );
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- // Set server host to something random.
- $_SERVER['HTTP_HOST'] = 'some.otherhostname.com';
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $url = wp_get_attachment_url( $attachment_id );
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $url = wp_get_attachment_url( $attachment_id );
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ // Cleanup.
+ $_SERVER['HTTPS'] = $is_ssl ? 'on' : 'off';
+ set_current_screen( 'front' );
+
</ins><span class="cx" style="display: block; padding: 0 10px"> $this->assertSame( set_url_scheme( $url, 'http' ), $url );
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ }
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ /**
+ * @ticket 15928
+ */
+ public function test_wp_get_attachment_url_should_force_https_when_administering_over_https_and_siteurl_is_https() {
+ // Must set the upload_url_path to fake out `wp_upload_dir()`.
+ $siteurl = get_option( 'siteurl' );
+ update_option( 'upload_url_path', set_url_scheme( $siteurl, 'https' ) . '/uploads' );
+
+ $filename = ( DIR_TESTDATA . '/images/test-image.jpg' );
+ $contents = file_get_contents( $filename );
+
+ $upload = wp_upload_bits( basename( $filename ), null, $contents );
+ $this->assertTrue( empty( $upload['error'] ) );
+
+ // Set attachment ID
+ $attachment_id = $this->_make_attachment( $upload );
+
+ $is_ssl = is_ssl();
+ $_SERVER['HTTPS'] = 'on';
+ set_current_screen( 'dashboard' );
+
+ $url = wp_get_attachment_url( $attachment_id );
+
</ins><span class="cx" style="display: block; padding: 0 10px"> // Cleanup.
</span><span class="cx" style="display: block; padding: 0 10px"> $_SERVER['HTTPS'] = $is_ssl ? 'on' : 'off';
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $_SERVER['HTTP_HOST'] = $http_host;
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ set_current_screen( 'front' );
+
+ $this->assertSame( set_url_scheme( $url, 'https' ), $url );
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> public function test_wp_attachment_is() {
</span></span></pre>
</div>
</div>
</body>
</html>