[wp-trac] [WordPress Trac] #15928: wp_get_attachment_url does not check for HTTPS

WordPress Trac noreply at wordpress.org
Mon Aug 11 10:39:36 UTC 2014

#15928: wp_get_attachment_url does not check for HTTPS
 Reporter:  atetlaw                            |       Owner:
     Type:  defect (bug)                       |      Status:  assigned
 Priority:  normal                             |   Milestone:  Future
Component:  Permalinks                         |  Release
 Severity:  normal                             |     Version:  3.0.3
 Keywords:  has-patch needs-testing 4.1-early  |  Resolution:
                                               |     Focuses:

Comment (by mampf):

 15928.3.patch] '''won't work''' on ssl-''optional'' sites. Either check
 the protocol using is_ssl() or use protocol-relative links as suggested.

 The problem is, that these functions used:
 content_url( 'uploads' );
 will not return  {{{https://}}}, if the site is ssl-''optional''.

 Please keep that in mind. As this is a patch implying security (mixed
 content, content in a ssl session loaded without encryption), please
 revise it. I'd there propose to remove the "has-patch" tag of this ticket.

Ticket URL: <https://core.trac.wordpress.org/ticket/15928#comment:70>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list