[wp-trac] [WordPress Trac] #20996: wp_get_attachment_url() ignoring HTTPS

WordPress Trac wp-trac at lists.automattic.com
Sun Jun 17 01:27:02 UTC 2012


#20996: wp_get_attachment_url() ignoring HTTPS
--------------------------+-----------------------------
 Reporter:  xsign.dll     |      Owner:
     Type:  defect (bug)  |     Status:  new
 Priority:  normal        |  Milestone:  Awaiting Review
Component:  Security      |    Version:  3.4
 Severity:  normal        |   Keywords:  needs-patch
--------------------------+-----------------------------
 SSL is ignored in wp_get_attachment_url() so that a HTTPS website gets
 invalidated by unsecure content.

 Steps to reproduce:

 1. Add to wp-config.php: define('FORCE_SSL_ADMIN', true);
 2. Use e.g. the_post_thumbnail() in a theme. This function calls
 wp_get_attachment_url()
 3. Visit website via HTTPS => Browser error occurs



 Hotfix below. Add to function.php
 {{{
 # Correct SSL Bug
 function correct_url_ssl($url)
 {
   if( function_exists('is_ssl') && is_ssl() )
   {
     return str_replace('http://', 'https://', $url);
   }
   return $url;
 }
 add_filter('wp_get_attachment_url', 'correct_url_ssl');
 }}}

 Kind regards,
 F. Wolf
 xsigndll.com

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/20996>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list