[wp-trac] [WordPress Trac] #14873: HTTPS related issue with ms-settings.php

WordPress Trac wp-trac at lists.automattic.com
Tue Sep 14 18:23:26 UTC 2010 

#14873: HTTPS related issue with ms-settings.php
--------------------------+-------------------------------------------------
 Reporter:  mareck        |       Owner:                 
     Type:  defect (bug)  |      Status:  new            
 Priority:  normal        |   Milestone:  Awaiting Review
Component:  General       |     Version:                 
 Severity:  normal        |    Keywords:                 
--------------------------+-------------------------------------------------
 ms-settings.php hard-codes "http://" in a few places.  This didn't impact
 me, but I can see that it might impact someone.

 Hopefully, a developer can take a look at the code and verify that, in
 fact, it has to change.  Seems like it does since hard-coding "http:"
 isn't a good practice, but I don't want to claim it since I haven't seen
 the need for it personally.

 Here's the updated code that needs to replace the code in ms-settings.php
 starting at line 83 and ending at line 105:

         $protocol = is_ssl() ? 'https://' : 'http://';

         if ( ! defined( 'WP_INSTALLING' ) && is_subdomain_install() && !
 is_object( $current_blog ) ) {
                 if ( defined( 'NOBLOGREDIRECT' ) ) {
                         $destination = NOBLOGREDIRECT;
                         if ( '%siteurl%' == $destination )
                                 $destination = $protocol .
 $current_site->domain . $current_site->path;
                 } else {
                         $destination = $protocol . $current_site->domain .
 $current_site->path . 'wp-signup.php?new=' . str_replace( '.' .
 $current_site->domain, '', $domain );
                 }
                 header( 'Location: ' . $destination );
                 die();
         }

         if ( ! defined( 'WP_INSTALLING' ) ) {
                 if ( $current_site && ! $current_blog ) {
                         if ( $current_site->domain != $_SERVER[
 'HTTP_HOST' ] ) {
                                 header( 'Location: ' . $protocol .
 $current_site->domain . $current_site->path );
                                 exit;
                         }
                         $current_blog = get_blog_details( array( 'domain'
 => $current_site->domain, 'path' => $current_site->path ), false );
                 }
                 if ( ! $current_blog || ! $current_site )
                         ms_not_installed();
         }

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/14873>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list