[wp-trac] [WordPress Trac] #15928: wp_get_attachment_url does not check for HTTPS
WordPress Trac
wp-trac at lists.automattic.com
Mon Jun 18 13:58:17 UTC 2012
#15928: wp_get_attachment_url does not check for HTTPS
-------------------------------------+-----------------------------
Reporter: atetlaw | Owner:
Type: defect (bug) | Status: assigned
Priority: normal | Milestone: Future Release
Component: Permalinks | Version: 3.0.3
Severity: normal | Resolution:
Keywords: has-patch needs-testing |
-------------------------------------+-----------------------------
Comment (by noah.williamsson):
Replying to [comment:19 johnbillion]:
> Quick fix for anyone who is experiencing this issue and doesn't want to
patch their install:
> {{{
> function fix_ssl_attachment_url( $url ) {
>
> if ( is_ssl() )
> $url = str_replace( 'http://', 'https://', $url );
> return $url;
>
> }
> add_filter( 'wp_get_attachment_url', 'fix_ssl_attachment_url' );
> }}}
Maybe I'm missing something here, but assuming the attached resource is
hosted on the same domain as the blog itself, why even bother with the
scheme and the SSL check at all?
Wouldn't it make more sense to just drop the scheme altogether in favor of
a relative URI, such as {{{/blog/wp-content/uploads/...}}} (root-relative)
or {{{//example.com/blog/wp-content/uploads/...}}} (protocol-relative)?
That would cause the resource to be loaded over the same protocol as the
the page that is embedding it.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/15928#comment:23>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list