[wp-trac] [WordPress Trac] #34109: Incorrect URL scheme for media in the admin area when using administration over HTTPS
WordPress Trac
noreply at wordpress.org
Tue Mar 8 02:50:11 UTC 2016
#34109: Incorrect URL scheme for media in the admin area when using administration
over HTTPS
-----------------------------+-----------------------------
Reporter: johnbillion | Owner: jeremyfelt
Type: defect (bug) | Status: assigned
Priority: normal | Milestone: 4.5
Component: Media | Version:
Severity: major | Resolution:
Keywords: https has-patch | Focuses: administration
-----------------------------+-----------------------------
Comment (by joemcgill):
@jeremyfelt: one thing that we need to keep in mind before patching
`wp_get_attachment_image_src()` is that we should only do so if the
hostname of the admin matches the hostname of the image `src`. Otherwise,
we risk changing schemes on images that are hosted offsite, or from sites
where the uploads directory is set up on a domain that isn't available
over HTTPS (see @dd32's comment on
[https://core.trac.wordpress.org/ticket/34945#comment:27 34945]).
Additionally, if we want to move the scheme check up to
`wp_get_attachment_url()` or `wp_upload_dir()` to catch more cases, we
could do a reverse check in `get_image_tag()` to set the scheme back to
match the scheme of `siteurl` before inserting content in the editor (see:
[https://core.trac.wordpress.org/attachment/ticket/25449/25449.2.diff
25449.2.diff]).
--
Ticket URL: <https://core.trac.wordpress.org/ticket/34109#comment:27>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list