[wp-trac] [WordPress Trac] #34109: Incorrect URL scheme for media in the admin area when using administration over HTTPS

WordPress Trac noreply at wordpress.org
Sun Mar 6 00:26:59 UTC 2016

#34109: Incorrect URL scheme for media in the admin area when using administration
over HTTPS
 Reporter:  johnbillion      |       Owner:
     Type:  defect (bug)     |      Status:  new
 Priority:  normal           |   Milestone:  4.5
Component:  Media            |     Version:
 Severity:  major            |  Resolution:
 Keywords:  https has-patch  |     Focuses:  administration

Comment (by jeremyfelt):

 Replying to [ticket:34109 johnbillion]:
 > This affects the media library, the media manager, featured images,
 comments on attachments, actively editing an image on its attachment
 editing screen, and media-new.php.

 Would it be a good idea to split this ticket up? This is likely not 4.5
 material if we're aiming to solve all cases, but we could tackle a few to
 start with.

 Things that are broken:
 * Insert Media screen, initial thumbnails
 * Attachment details pane once thumbnail is selected in Insert Media
 * Thumbnail Settings pane in Edit Image
 * The inserted image in the post editor
 * Image Details main image
 * Media Library (list view)
 * Media Library (grid view)

 Things that should stay the same with a patch:
 * Attachment display settings, link to media file should remain in the
 front end scope
 * Display settings, link to media file in Image Details should remain in
 the front end scope

 Things that are okay:
 * Some image previews are loaded in via `admin-ajax.php` and already match
 the scheme.
 * Edit Media through edit link on attachment page, fixed in 3.5 [22093].

 * If we patch `wp_get_attachment_image_src()`, we fix the list view in the
 Media Library. See [attachment:34109.diff] and [attachment:34109.2.diff]
 (I adjusted the check a bit so that `is_ssl()` without `force_ssl_admin()`
 would trigger the HTTPS URL as well)
 * If we patch `wp_get_attachment_url()` similar to
 `wp_get_attachment_image_src()`, we fix a bunch of things but also insert
 unexpected HTTPS URLs into content. See [attachment:34109_attachments-
 * If we patch `wp_save_image()` and some HTML output in
 `wp_image_editor()`, we fix some of the image editing experience. See
 * If we patch `wp_prepare_attachment_for_js()` directly, we fix the image
 itself, but then use the same URL when linking to the image in content.

 Replying to [ticket:34109 johnbillion]:
 > we might need to consider the introduction of a new function which is
 used specifically for media item URLs in the admin context.

 I think this makes sense. Otherwise we could end up playing whack-a-mole
 with edge cases.

 What are our options for displaying editor content in the admin with HTTPS
 URLs, but storing it with HTTP URLs when the front end is not HTTPS?

Ticket URL: <https://core.trac.wordpress.org/ticket/34109#comment:25>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list