[wp-trac] [WordPress Trac] #32112: wp_get_attachment_url returns https when it should not
WordPress Trac
noreply at wordpress.org
Wed Apr 29 16:08:13 UTC 2015
#32112: wp_get_attachment_url returns https when it should not
-------------------------------------+---------------------------
Reporter: zabatonni | Owner: boonebgorges
Type: defect (bug) | Status: assigned
Priority: normal | Milestone: 4.2.2
Component: Media | Version: 4.2
Severity: normal | Resolution:
Keywords: has-patch needs-testing | Focuses:
-------------------------------------+---------------------------
Comment (by boonebgorges):
@khlo Thanks for the thoughts. See #15928 for a bunch of painful back
story.
Briefly, I agree with you in theory that `wp_get_attachment_url()` "feels"
like it ought to produce a canonical, context-insensitive URL, based on
homeurl. The problem is that the function is widely used in themes to
generate links and `<img>` tags. In situations where it's possible to view
the site over SSL even though homeurl is non-SSL - as when SSL is
optional, or when SSL is enforced by server redirects - the use of
`wp_get_attachment_src()` can cause browser mixed-content warnings, as
well as links that unknowingly lead users out of the HTTPS context. This
was the original concern that led to #15928.
It's worth noting that other URL functions in WP - like `get_permalink()`
- are context-specific while `! is_admin()`, because they use
`get_home_url()` to generate the URL base. Maybe the correct course of
action here is for us to do the same thing in `wp_get_attachment_url()`.
See https://core.trac.wordpress.org/ticket/15928#comment:81 and related
discussion.
I think we can go with something modest for 4.2.x, as I've suggested in
2.diff.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/32112#comment:22>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list