[wp-trac] [WordPress Trac] #15928: wp_get_attachment_url does not check for HTTPS
WordPress Trac
wp-trac at lists.automattic.com
Fri Oct 14 17:01:32 UTC 2011
#15928: wp_get_attachment_url does not check for HTTPS
-------------------------------------------------+-----------------------
Reporter: atetlaw | Owner: marfarma
Type: defect (bug) | Status: accepted
Priority: normal | Milestone: 3.3
Component: Permalinks | Version: 3.0.3
Severity: normal | Resolution:
Keywords: has-patch needs-testing 2nd-opinion |
-------------------------------------------------+-----------------------
Changes (by marfarma):
* cc: marfarma (added)
* keywords: has-patch needs-testing => has-patch needs-testing 2nd-opinion
* status: new => accepted
* owner: => marfarma
Comment:
If you're running admin under SSL, when you add an image or media to a
post with "Insert into post", the <img src> will be an HTTPS URL because
wp_get_attachment_url returns HTTPS when called in an SSL context.
The public then viewing the site over HTTP will encounter HTTPS links. If
you are using a self-signed SSL certificate they'll get broken images in
most browsers. I'm not sure if this is queued up for the 3.3 release,
since it's not committed.
But whenever it's released, there should be an active decision to proceed.
Either actively decide to proceed - and warn users of self-signed
certificates, or fix the newly created 'insert into post' issue -
potentially through content_save_pre and content_edit_pre filters. See my
related discussion here:
https://plus.google.com/u/0/110903788122203327516/posts/EbgeoAKNVQd?hl=en
--
Ticket URL: <http://core.trac.wordpress.org/ticket/15928#comment:5>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list