[wp-trac] [WordPress Trac] #16822: FORCE_SSL_LOGIN causes wp-login.php to have an incorrect https link
WordPress Trac
wp-trac at lists.automattic.com
Wed Mar 16 09:44:24 UTC 2011
#16822: FORCE_SSL_LOGIN causes wp-login.php to have an incorrect https link
--------------------------+------------------------------
Reporter: dbvista | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: 3.1
Severity: normal | Resolution:
Keywords: |
--------------------------+------------------------------
Changes (by jamk):
* cc: jamk (added)
* version: => 3.1
Comment:
The same problem (URLs pointing to back to the site are https instead of
http) occurs with FORCE_SSL_ADMIN turned on. In my case (WP3.1 with
multisites in subdomains) both links in the wp-login.php page link into
https://mysite.com instead of http://mysite.com. By both link I mean the
WordPress logo in the middle (which seems to always point to the root of
my website aka "main site" instead of the subdirectory) and the link in
the upper left corner inside the <p id="backtoblog"> tag.
Changes to wp-login.php should be made to check whether http or https
should be used in these places:
http://core.trac.wordpress.org/browser/trunk/wp-login.php#L89
http://core.trac.wordpress.org/browser/trunk/wp-login.php#L137
OR the check should be used in the two functions used:
apply_filters('login_headerurl', network_home_url() );
bloginfo('url');
--
Ticket URL: <http://core.trac.wordpress.org/ticket/16822#comment:2>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list