[wp-trac] [WordPress Trac] #9207: redirect_to wp-admin Should Force SSL If FORCE_SSL_ADMIN is enabled
WordPress Trac
wp-trac at lists.automattic.com
Sun Dec 27 13:13:00 UTC 2009
#9207: redirect_to wp-admin Should Force SSL If FORCE_SSL_ADMIN is enabled
--------------------------+-------------------------------------------------
Reporter: g30rg3x | Owner: hakre
Type: defect (bug) | Status: accepted
Priority: normal | Milestone: 3.0
Component: Security | Version: 2.9
Severity: normal | Keywords: has-patch reporter-feedback
--------------------------+-------------------------------------------------
Changes (by hakre):
* severity: trivial => normal
* component: Optimization => Security
* priority: lowest => normal
* version: => 2.9
* milestone: Future Release => 3.0
* keywords: needs-patch => has-patch reporter-feedback
* type: enhancement => defect (bug)
Comment:
Attached you find a patch against current head that solves the problem.
The routines were infact already in there, only the FORCE_SSL_ADMIN define
was not reflected properly. While doing the review I used the time as well
to make the code simpler (and therefore less errorprone).
I already tested the patch and it would be great if the original reporter
still is available to test if this is fit for the reported case.
The case infact is a bug because it should have been redirected properly
already as far I was able to read the code (see the user wants ssl
scenario). So this is not optimization nor an enhancement. I relate this
to security because SSL is a security layer.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/9207#comment:8>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list