[wp-trac] [WordPress Trac] #20534: Featured Image (Post Thumbnail) SSL Issue
WordPress Trac
noreply at wordpress.org
Fri Nov 22 17:08:46 UTC 2013
#20534: Featured Image (Post Thumbnail) SSL Issue
-------------------------------------+------------------------------
Reporter: justindgivens | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Post Thumbnails | Version: 2.9
Severity: major | Resolution:
Keywords: needs-testing has-patch |
-------------------------------------+------------------------------
Changes (by janpeters):
* cc: janpeters (added)
* severity: normal => major
Comment:
The last patch doesn't work anymore with WordPress 3.7.X
Please find the fixed diff against the wp-include/media.php of WP 3.7.1
below.
Due to the security implications I increased the severity to major. As
this issue opens a potential vector for causing Man in the Middle attacks
on https sites due to http included content.
Brgds
Jan
{{{
512c512,518
< if ( $image = image_downsize($attachment_id, $size) )
---
> if ( $image = image_downsize($attachment_id, $size) ) {
> if( is_admin() ) {
> $image[0] = set_url_scheme( $image[0] , 'admin' );
> }
> else {
> $image[0] = set_url_scheme( $image[0] );
> }
513a520
> }
522c529,535
< if ( $src && $width && $height )
---
> if ( $src && $width && $height ) {
> if( is_admin() ) {
> $src = set_url_scheme( $src , 'admin' );
> }
> else {
> $src = set_url_scheme( $src );
> }
523a537
> }
}}}
--
Ticket URL: <http://core.trac.wordpress.org/ticket/20534#comment:10>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list