[wp-trac] [WordPress Trac] #34109: Incorrect URL scheme for media in the admin area when using administration over HTTPS

WordPress Trac noreply at wordpress.org
Thu Oct 1 11:24:37 UTC 2015 

#34109: Incorrect URL scheme for media in the admin area when using administration
over HTTPS
--------------------------+------------------------------------------------
 Reporter:  johnbillion   |      Owner:
     Type:  defect (bug)  |     Status:  new
 Priority:  normal        |  Milestone:  Awaiting Review
Component:  Media         |    Version:
 Severity:  normal        |   Keywords:  needs-patch needs-unit-tests https
  Focuses:                |
  administration          |
--------------------------+------------------------------------------------
 It seems that we no longer have a ticket addressing this issue.

 On a site where `siteurl` and `home` use the `http` scheme but
 `FORCE_SSL_ADMIN` (or `force_ssl_admin()`) is set to true, media in the
 admin area is incorrectly served with the `http` scheme and therefore
 produces mixed content warnings. When `siteurl` uses the `https` scheme,
 media is served over `https` as expected.

 This affects the media library, the media manager, featured images,
 comments on attachments, actively editing an image on its attachment
 editing screen, and media-new.php.

 Curiously, the attachment editing screen itself isn't affected until you
 click 'Edit Image', which means there's most likely a bug there.

 This was previously tackled by #15928 ([31614]) for 4.2, but was reverted
 in #32112 ([32342]) for 4.2.2 because it resulted in media with the
 `https` scheme being inserted into post content, which is not desirable
 (eg. due to a self-signed cert or restrictions placed on access to the
 `https` host).

 It's likely that altering the behaviour of `wp_get_attachment_url()` will
 have unintended consequences (as above), so we might need to consider the
 introduction of a new function which is used specifically for media item
 URLs in the admin context. The introduction of a `$scheme` parameter to
 `wp_get_attachment_url()` ''might'' work, but probably not.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/34109>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list