[wp-trac] [WordPress Trac] #20996: wp_get_attachment_url() ignoring HTTPS
WordPress Trac
wp-trac at lists.automattic.com
Sun Jun 17 01:27:02 UTC 2012
#20996: wp_get_attachment_url() ignoring HTTPS
--------------------------+-----------------------------
Reporter: xsign.dll | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: 3.4
Severity: normal | Keywords: needs-patch
--------------------------+-----------------------------
SSL is ignored in wp_get_attachment_url() so that a HTTPS website gets
invalidated by unsecure content.
Steps to reproduce:
1. Add to wp-config.php: define('FORCE_SSL_ADMIN', true);
2. Use e.g. the_post_thumbnail() in a theme. This function calls
wp_get_attachment_url()
3. Visit website via HTTPS => Browser error occurs
Hotfix below. Add to function.php
{{{
# Correct SSL Bug
function correct_url_ssl($url)
{
if( function_exists('is_ssl') && is_ssl() )
{
return str_replace('http://', 'https://', $url);
}
return $url;
}
add_filter('wp_get_attachment_url', 'correct_url_ssl');
}}}
Kind regards,
F. Wolf
xsigndll.com
--
Ticket URL: <http://core.trac.wordpress.org/ticket/20996>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list