[wp-trac] [WordPress Trac] #14835: Theme header_image fails to load when not in HTTPS

WordPress Trac wp-trac at lists.automattic.com
Fri Sep 10 14:01:55 UTC 2010


#14835: Theme header_image fails to load when not in HTTPS
--------------------------+-------------------------------------------------
 Reporter:  dturvene      |       Owner:                 
     Type:  defect (bug)  |      Status:  new            
 Priority:  normal        |   Milestone:  Awaiting Review
Component:  Themes        |     Version:  3.0            
 Severity:  minor         |    Keywords:                 
--------------------------+-------------------------------------------------
 Server Setup: Linux, Firefox/Chrome, Apache

 My server uses a self-generated SSL certificate.  A firefox/chrome browser
 profile will challenge the user first time the mysite is accessed using
 HTTPS to allow an insecure certificate.

 Wordpress general access uses HTTP.  Wordpress admin uses HTTPS.

 Using Twenty Ten theme (and others) I select a new header image.  This
 sets header_image to

 https://../wp-content/themes/twentyten/images/headers/sunset.jpg

 in the mods_Twenty Ten.

 The header_image will silently fail to load when a user has not previously
 accepted the private security certificate of my site.
 It is retrieved in wp-includes/theme.php get_header_image().

 The programmatic fix for this seems to be store references to common
 widgets using only HTTP and not HTTPS.

 Non programmatic fixes (I implemented #2 below):

 1) Generate a certificate by a public CA.

 2) Modify mods_Twenty Ten using mysql:

 use wordpress;

 select option_name,option_value from wp_options where
 option_name="mods_Twenty Ten";

 UPDATE wp_options SET option_value='a:2:{s:12:"header_image";s:79:"http
 ://.../wp-
 content/themes/twentyten/images/header/sunset.jpg";s:18:"nav_menu_locations";a:1:{s:7:"primary";i:16;}}'
 WHERE option_name="mods_Twenty Ten";

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/14835>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list