[wp-trac] [WordPress Trac] #15928: wp_get_attachment_url does not check for HTTPS
WordPress Trac
noreply at wordpress.org
Mon Aug 11 10:39:36 UTC 2014
#15928: wp_get_attachment_url does not check for HTTPS
-----------------------------------------------+---------------------------
Reporter: atetlaw | Owner:
Type: defect (bug) | Status: assigned
Priority: normal | Milestone: Future
Component: Permalinks | Release
Severity: normal | Version: 3.0.3
Keywords: has-patch needs-testing 4.1-early | Resolution:
| Focuses:
-----------------------------------------------+---------------------------
Comment (by mampf):
[https://core.trac.wordpress.org/attachment/ticket/15928/15928.3.patch
15928.3.patch] '''won't work''' on ssl-''optional'' sites. Either check
the protocol using is_ssl() or use protocol-relative links as suggested.
The problem is, that these functions used:
{{{
get_site_url();
content_url( 'uploads' );
}}}
will not return {{{https://}}}, if the site is ssl-''optional''.
Please keep that in mind. As this is a patch implying security (mixed
content, content in a ssl session loaded without encryption), please
revise it. I'd there propose to remove the "has-patch" tag of this ticket.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/15928#comment:70>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list