[wp-trac] [WordPress Trac] #15928: wp_get_attachment_url does not check for HTTPS

WordPress Trac noreply at wordpress.org
Sun Nov 23 04:02:36 UTC 2014


#15928: wp_get_attachment_url does not check for HTTPS
--------------------------+-----------------------------
 Reporter:  atetlaw       |       Owner:  boonebgorges
     Type:  defect (bug)  |      Status:  accepted
 Priority:  normal        |   Milestone:  Future Release
Component:  Permalinks    |     Version:  3.0.3
 Severity:  normal        |  Resolution:
 Keywords:  needs-patch   |     Focuses:
--------------------------+-----------------------------

Comment (by joemcgill):

 After talking over the issue with Boone, my understanding is that we need
 a solution that will result in the following:

 `wp_get_attachment_url()` should respect the scheme from which it was
 called, unless doing so would result in a broken url by to creating an
 https url when the attachment can't actually load over https.

 [attachment: 15928.9.patch] deals with the problem of potentially broken
 urls by passing the site url to `wp_remote_get()` to see if the site can
 be successfully loaded over SSL, and if not, will fall back to using an
 http scheme.

 The associated unit tests have also been updated.

 Note: I also have an update to the content filter proposed in [attachment:
 15928.8.patch], but have not included it because filtering the content
 based on `is_ssl()` seems like overkill if we go with this method.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/15928#comment:87>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list