[wp-trac] [WordPress Trac] #32112: wp_get_attachment_url returns https when it should not

WordPress Trac noreply at wordpress.org
Sat Apr 25 07:40:39 UTC 2015


#32112: wp_get_attachment_url returns https when it should not
--------------------------+------------------------------
 Reporter:  zabatonni     |       Owner:
     Type:  defect (bug)  |      Status:  new
 Priority:  normal        |   Milestone:  Awaiting Review
Component:  Media         |     Version:  4.2
 Severity:  normal        |  Resolution:
 Keywords:  close         |     Focuses:
--------------------------+------------------------------

Comment (by zabatonni):

 Replying to [comment:11 Serindu]:
 > Replying to [comment:4 boonebgorges]:
 > > Replying to [comment:3 zabatonni]:
 > > > Yes, its in Add media so it influences all wysiwyg and meta boxes.
 Before it worked depending that WP_CONTENT_URL constant.
 > >
 > > Gotcha. The previous behavior was that you'd be at https://site.tld
 /wp-admin, and your images would be inserted with http://site.tld/ `src`
 attributes. This was a bug, because it meant that the security of your
 https request was compromised by the presence of non-https resources.
 > >
 > > The question, then, is front-end behavior. The decision in #15928 was
 that it's better to fix the bug just described and deliver https assets on
 the front end. Is this fix causing side effects for you? In other words,
 what is the harm in delivering images over HTTPS when it's possible to do
 so? You can, of course, change this behavior with a rewrite rule, or with
 a filter on `'the_content'`, for the purposes of your own site, but I'm
 wondering whether there's some general reason why HTTPS assets would be
 harmful in these cases.
 >
 > This change completely breaks media for sites using self-signed
 certificates.
 >
 > Since my users don't need to log in or otherwise provide sensitive
 information I use a self-signed cert to provide encryption when I log in.
 This change breaks media content for my users unless they manually accept
 my certificate or I manually go and fix generated links.
 >
 > Can you be more explicit about how I can workaround this problem?



 {{{
 add_filter('wp_get_attachment_src',YOURFN',10,1);
 }}}

 and the in your function do something like

 {{{
 func($url) {
 return str_replace('https','http',$url);
 }
 }}}

 or use wp functions to change scheme.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/32112#comment:12>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list