[wp-trac] [WordPress Trac] #15928: wp_get_attachment_url does not check for HTTPS
WordPress Trac
noreply at wordpress.org
Mon Apr 29 21:50:09 UTC 2013
#15928: wp_get_attachment_url does not check for HTTPS
-------------------------------------+-----------------------------
Reporter: atetlaw | Owner:
Type: defect (bug) | Status: assigned
Priority: normal | Milestone: Future Release
Component: Permalinks | Version: 3.0.3
Severity: normal | Resolution:
Keywords: has-patch needs-testing |
-------------------------------------+-----------------------------
Comment (by ccolotti):
Replying to [comment:44 ryansatterfield]:
> Why don't you just make the entire site https?
> Replying to [comment:43 ccolotti]:
> > Replying to [comment:40 johnbillion]:
> > > Replying to [comment:39 ryansatterfield]:
> > > > Your site is either purely https or purely http. Even if you think
it is half and half, it isn't. If you use http mixed with https, you've
broken the http strict transport security, thus making it easier for
hackers to get information transmitted over https.
> > > ccolotti is talking about the WordPress admin area. You can have
admin over SSL with a site over HTTP. In this situation, WordPress
currently incorrectly inserts a images into your post content using the
HTTPS scheme instead of HTTP.
> >
> > SO I have to ask again....can this be resolved so the images are not
incorrectly inserted? This is still ongoing with 3.5.1
Becuase there is no need to make an entire site HTTPS that is a basic blog
site. That's not the answer to the bug if you ask me. I don't want to
serve all HTTPS it's not a requirement for this site. I just simply want
to ADMINISTER via HTTPS and not have the images all served up that way.
This seems like it should just work properly but nobody is taking a moment
to look at.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/15928#comment:45>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list