[wp-trac] [WordPress Trac] #19037: Patch for is_ssl, ssl_redirect and general http/https logic / bug

WordPress Trac wp-trac at lists.automattic.com
Mon Oct 24 17:16:28 UTC 2011

#19037: Patch for is_ssl, ssl_redirect and general http/https logic / bug
 Reporter:  MarcusPope    |      Owner:
     Type:  defect (bug)  |     Status:  new
 Priority:  normal        |  Milestone:  Awaiting Review
Component:  Security      |    Version:  3.2.1
 Severity:  normal        |   Keywords:  has-patch
 WP core uses several different methods for determining if the site is
 using SSL, and whether to redirect to an SSL scheme.  Additionally some of
 those cases use complete logic checks and some only use partial checks.

 This patch refactors the copy-pasted logic throughout several files and
 offers a unified approach to getting the correct scheme.

 I've also removed parenthesis from is_ssl in code comments to reduce the
 number of false positive results when grepping for usage of is_ssl in the

 site-info.php mistakenly reports the homepage url scheme as the scheme
 currently being used to browse the page and not the intended scheme of the

 feed.php now operates on fallback assumption that if http is not "on"
 server_port could still properly catch a correct ssl session.

 corrected inappropriate use of "schema" for scheme variable in

 And it provides a central place for implementing future hooks related to
 http/https selection logic.

 Not sure if component:security is the best choice, but http seemed to
 apply more to http.php than the ssl/non-ssl scheme selection.

Ticket URL: <http://core.trac.wordpress.org/ticket/19037>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list