[wp-trac] [WordPress Trac] #17876: WP_CONTENT_URL breaking FORCE_ADMIN_SSL in administration
WordPress Trac
wp-trac at lists.automattic.com
Thu Jun 23 19:58:43 UTC 2011
#17876: WP_CONTENT_URL breaking FORCE_ADMIN_SSL in administration
----------------------------+-----------------------------
Reporter: beautomated | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Administration | Version: 3.1.3
Severity: minor | Keywords:
----------------------------+-----------------------------
WP_CONTENT_URL isn't converting to https:// when the FORCE_ADMIN_SSL is
enabled and the user is in the wp-admin folder. This causes various
plugins that include CSS and JS in the admin area to break the security
causing browser havoc. I think that when WP_CONTENT_URL is set it should
first check if is_admin() and FORCE_ADMIN_SSL are both true, and if so use
https:// instead. To reproduce this issue, set FORCE_ADMIN_SSL to true and
install the free Defensio antispam plugin, then log into wp-admin and see
the http:// CSS link in the source code. This plugin example uses
WP_PLUGIN_URL in its source. Thank you.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/17876>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list