[wp-trac] [WordPress Trac] #19037: Patch for is_ssl, ssl_redirect and general http/https logic / bug
WordPress Trac
wp-trac at lists.automattic.com
Mon Oct 24 17:16:28 UTC 2011
#19037: Patch for is_ssl, ssl_redirect and general http/https logic / bug
--------------------------+-----------------------------
Reporter: MarcusPope | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: 3.2.1
Severity: normal | Keywords: has-patch
--------------------------+-----------------------------
WP core uses several different methods for determining if the site is
using SSL, and whether to redirect to an SSL scheme. Additionally some of
those cases use complete logic checks and some only use partial checks.
This patch refactors the copy-pasted logic throughout several files and
offers a unified approach to getting the correct scheme.
I've also removed parenthesis from is_ssl in code comments to reduce the
number of false positive results when grepping for usage of is_ssl in the
code.
site-info.php mistakenly reports the homepage url scheme as the scheme
currently being used to browse the page and not the intended scheme of the
site.
feed.php now operates on fallback assumption that if http is not "on"
server_port could still properly catch a correct ssl session.
corrected inappropriate use of "schema" for scheme variable in
functions.php
And it provides a central place for implementing future hooks related to
http/https selection logic.
Not sure if component:security is the best choice, but http seemed to
apply more to http.php than the ssl/non-ssl scheme selection.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/19037>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list