[wp-trac] [WordPress Trac] #19037: Patch for is_ssl, ssl_redirect and general http/https logic / bug

WordPress Trac wp-trac at lists.automattic.com
Mon Oct 24 17:16:28 UTC 2011


#19037: Patch for is_ssl, ssl_redirect and general http/https logic / bug
--------------------------+-----------------------------
 Reporter:  MarcusPope    |      Owner:
     Type:  defect (bug)  |     Status:  new
 Priority:  normal        |  Milestone:  Awaiting Review
Component:  Security      |    Version:  3.2.1
 Severity:  normal        |   Keywords:  has-patch
--------------------------+-----------------------------
 WP core uses several different methods for determining if the site is
 using SSL, and whether to redirect to an SSL scheme.  Additionally some of
 those cases use complete logic checks and some only use partial checks.

 This patch refactors the copy-pasted logic throughout several files and
 offers a unified approach to getting the correct scheme.

 I've also removed parenthesis from is_ssl in code comments to reduce the
 number of false positive results when grepping for usage of is_ssl in the
 code.

 site-info.php mistakenly reports the homepage url scheme as the scheme
 currently being used to browse the page and not the intended scheme of the
 site.

 feed.php now operates on fallback assumption that if http is not "on"
 server_port could still properly catch a correct ssl session.

 corrected inappropriate use of "schema" for scheme variable in
 functions.php

 And it provides a central place for implementing future hooks related to
 http/https selection logic.

 Not sure if component:security is the best choice, but http seemed to
 apply more to http.php than the ssl/non-ssl scheme selection.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/19037>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list