[wp-trac] [WordPress Trac] #14873: HTTPS related issue with ms-settings.php
WordPress Trac
wp-trac at lists.automattic.com
Fri Jan 14 19:36:36 UTC 2011
#14873: HTTPS related issue with ms-settings.php
--------------------------+------------------------------
Reporter: mareck | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Multisite | Version:
Severity: normal | Resolution:
Keywords: has-patch |
--------------------------+------------------------------
Description changed by dd32:
Old description:
> ms-settings.php hard-codes "http://" in a few places. This didn't impact
> me, but I can see that it might impact someone.
>
> Hopefully, a developer can take a look at the code and verify that, in
> fact, it has to change. Seems like it does since hard-coding "http:"
> isn't a good practice, but I don't want to claim it since I haven't seen
> the need for it personally.
>
> Here's the updated code that needs to replace the code in ms-settings.php
> starting at line 83 and ending at line 105:
>
> $protocol = is_ssl() ? 'https://' : 'http://';
>
> if ( ! defined( 'WP_INSTALLING' ) && is_subdomain_install() && !
> is_object( $current_blog ) ) {
> if ( defined( 'NOBLOGREDIRECT' ) ) {
> $destination = NOBLOGREDIRECT;
> if ( '%siteurl%' == $destination )
> $destination = $protocol .
> $current_site->domain . $current_site->path;
> } else {
> $destination = $protocol . $current_site->domain
> . $current_site->path . 'wp-signup.php?new=' . str_replace( '.' .
> $current_site->domain, '', $domain );
> }
> header( 'Location: ' . $destination );
> die();
> }
>
> if ( ! defined( 'WP_INSTALLING' ) ) {
> if ( $current_site && ! $current_blog ) {
> if ( $current_site->domain != $_SERVER[
> 'HTTP_HOST' ] ) {
> header( 'Location: ' . $protocol .
> $current_site->domain . $current_site->path );
> exit;
> }
> $current_blog = get_blog_details( array( 'domain'
> => $current_site->domain, 'path' => $current_site->path ), false );
> }
> if ( ! $current_blog || ! $current_site )
> ms_not_installed();
> }
New description:
ms-settings.php hard-codes "http://" in a few places. This didn't impact
me, but I can see that it might impact someone.
Hopefully, a developer can take a look at the code and verify that, in
fact, it has to change. Seems like it does since hard-coding "http:"
isn't a good practice, but I don't want to claim it since I haven't seen
the need for it personally.
Here's the updated code that needs to replace the code in ms-settings.php
starting at line 83 and ending at line 105:
{{{
$protocol = is_ssl() ? 'https://' : 'http://';
if ( ! defined( 'WP_INSTALLING' ) && is_subdomain_install() && !
is_object( $current_blog ) ) {
if ( defined( 'NOBLOGREDIRECT' ) ) {
$destination = NOBLOGREDIRECT;
if ( '%siteurl%' == $destination )
$destination = $protocol .
$current_site->domain . $current_site->path;
} else {
$destination = $protocol . $current_site->domain .
$current_site->path . 'wp-signup.php?new=' . str_replace( '.' .
$current_site->domain, '', $domain );
}
header( 'Location: ' . $destination );
die();
}
if ( ! defined( 'WP_INSTALLING' ) ) {
if ( $current_site && ! $current_blog ) {
if ( $current_site->domain != $_SERVER[
'HTTP_HOST' ] ) {
header( 'Location: ' . $protocol .
$current_site->domain . $current_site->path );
exit;
}
$current_blog = get_blog_details( array( 'domain'
=> $current_site->domain, 'path' => $current_site->path ), false );
}
if ( ! $current_blog || ! $current_site )
ms_not_installed();
}
}}}
--
--
Ticket URL: <http://core.trac.wordpress.org/ticket/14873#comment:2>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list