[wp-trac] [WordPress Trac] #15928: wp_get_attachment_url does not check for HTTPS

WordPress Trac wp-trac at lists.automattic.com
Mon Jun 18 13:58:17 UTC 2012


#15928: wp_get_attachment_url does not check for HTTPS
-------------------------------------+-----------------------------
 Reporter:  atetlaw                  |       Owner:
     Type:  defect (bug)             |      Status:  assigned
 Priority:  normal                   |   Milestone:  Future Release
Component:  Permalinks               |     Version:  3.0.3
 Severity:  normal                   |  Resolution:
 Keywords:  has-patch needs-testing  |
-------------------------------------+-----------------------------

Comment (by noah.williamsson):

 Replying to [comment:19 johnbillion]:
 > Quick fix for anyone who is experiencing this issue and doesn't want to
 patch their install:
 > {{{
 > function fix_ssl_attachment_url( $url ) {
 >
 >       if ( is_ssl() )
 >               $url = str_replace( 'http://', 'https://', $url );
 >       return $url;
 >
 > }
 > add_filter( 'wp_get_attachment_url', 'fix_ssl_attachment_url' );
 > }}}

 Maybe I'm missing something here, but assuming the attached resource is
 hosted on the same domain as the blog itself, why even bother with the
 scheme and the SSL check at all?

 Wouldn't it make more sense to just drop the scheme altogether in favor of
 a relative URI, such as {{{/blog/wp-content/uploads/...}}} (root-relative)
 or {{{//example.com/blog/wp-content/uploads/...}}} (protocol-relative)?
 That would cause the resource to be loaded over the same protocol as the
 the page that is embedding it.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/15928#comment:23>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list