[wp-trac] [WordPress Trac] #15928: wp_get_attachment_url does not check for HTTPS
WordPress Trac
noreply at wordpress.org
Mon Apr 29 20:39:30 UTC 2013
#15928: wp_get_attachment_url does not check for HTTPS
-------------------------------------+-----------------------------
Reporter: atetlaw | Owner:
Type: defect (bug) | Status: assigned
Priority: normal | Milestone: Future Release
Component: Permalinks | Version: 3.0.3
Severity: normal | Resolution:
Keywords: has-patch needs-testing |
-------------------------------------+-----------------------------
Comment (by planetzuda):
Replying to [comment:34 ccolotti]:
> Why has this not been fixed in the core code yet?
because what you consider a needed "fix" endangers your customers
security on your site by MITM attacks. MITM stands for Man In The Middle.
> I am seeing this issue and wondering if they are related: #24220
>
> VERY annoying to have images served up as HTTPS JUST because you are
administrating with HTTPS. That's not needed! Will the above fix work,
but it will be wiped out on a WP update so this should just get resolved
:/
--
Ticket URL: <http://core.trac.wordpress.org/ticket/15928#comment:36>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list