[wp-trac] [WordPress Trac] #15928: wp_get_attachment_url does not check for HTTPS
WordPress Trac
noreply at wordpress.org
Sun Nov 23 04:02:36 UTC 2014
#15928: wp_get_attachment_url does not check for HTTPS
--------------------------+-----------------------------
Reporter: atetlaw | Owner: boonebgorges
Type: defect (bug) | Status: accepted
Priority: normal | Milestone: Future Release
Component: Permalinks | Version: 3.0.3
Severity: normal | Resolution:
Keywords: needs-patch | Focuses:
--------------------------+-----------------------------
Comment (by joemcgill):
After talking over the issue with Boone, my understanding is that we need
a solution that will result in the following:
`wp_get_attachment_url()` should respect the scheme from which it was
called, unless doing so would result in a broken url by to creating an
https url when the attachment can't actually load over https.
[attachment: 15928.9.patch] deals with the problem of potentially broken
urls by passing the site url to `wp_remote_get()` to see if the site can
be successfully loaded over SSL, and if not, will fall back to using an
http scheme.
The associated unit tests have also been updated.
Note: I also have an update to the content filter proposed in [attachment:
15928.8.patch], but have not included it because filtering the content
based on `is_ssl()` seems like overkill if we go with this method.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/15928#comment:87>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list