[wp-trac] [WordPress Trac] #16822: FORCE_SSL_LOGIN causes wp-login.php to have an incorrect https link

WordPress Trac wp-trac at lists.automattic.com
Wed Mar 16 09:44:24 UTC 2011


#16822: FORCE_SSL_LOGIN causes wp-login.php to have an incorrect https link
--------------------------+------------------------------
 Reporter:  dbvista       |       Owner:
     Type:  defect (bug)  |      Status:  new
 Priority:  normal        |   Milestone:  Awaiting Review
Component:  Security      |     Version:  3.1
 Severity:  normal        |  Resolution:
 Keywords:                |
--------------------------+------------------------------
Changes (by jamk):

 * cc: jamk (added)
 * version:   => 3.1


Comment:

 The same problem (URLs pointing to back to the site are https instead of
 http) occurs with FORCE_SSL_ADMIN turned on. In my case (WP3.1 with
 multisites in subdomains) both links in the wp-login.php page link into
 https://mysite.com instead of http://mysite.com. By both link I mean the
 WordPress logo in the middle (which seems to always point to the root of
 my website aka "main site" instead of the subdirectory) and the link in
 the upper left corner inside the <p id="backtoblog"> tag.

 Changes to wp-login.php should be made to check whether http or https
 should be used in these places:
  http://core.trac.wordpress.org/browser/trunk/wp-login.php#L89
  http://core.trac.wordpress.org/browser/trunk/wp-login.php#L137

 OR the check should be used in the two functions used:
  apply_filters('login_headerurl', network_home_url() );

  bloginfo('url');

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/16822#comment:2>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list