[wp-trac] [WordPress Trac] #15928: wp_get_attachment_url does not check for HTTPS
WordPress Trac
wp-trac at lists.automattic.com
Fri Jul 6 08:19:49 UTC 2012
#15928: wp_get_attachment_url does not check for HTTPS
-------------------------------------+-----------------------------
Reporter: atetlaw | Owner:
Type: defect (bug) | Status: assigned
Priority: normal | Milestone: Future Release
Component: Permalinks | Version: 3.0.3
Severity: normal | Resolution:
Keywords: has-patch needs-testing |
-------------------------------------+-----------------------------
Comment (by johnbillion):
Replying to [comment:23 noah.williamsson]:
> Maybe I'm missing something here, but assuming the attached resource is
hosted on the same domain as the blog itself, why even bother with the
scheme and the SSL check at all?
You almost answered this in the question itself when you said "assuming
the attached resource is hosted on the same domain as the blog itself".
It's quite possible to run a site where the SSL pages are served from a
different domain (eg. secure.example.com). In fact, one site of mine is
served from three different domains. example.com for the main site,
secure.example.com for SSL pages, and admin.example.com for wp-admin over
SSL.
Don't forget too that `wp_get_attachment_url()` might not always be used
in the context of a web page. For example, it could be used in an email
message, or in an API response. A relative URL is probably not desirable
or even correct in these cases.
As an update to my code above, in WordPress 3.4 you can now use this
simplified code (as long as your SSL domain is the same as your non-SSL
domain):
{{{
add_filter( 'wp_get_attachment_url', 'set_url_scheme' );
}}}
--
Ticket URL: <http://core.trac.wordpress.org/ticket/15928#comment:24>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list