[wp-trac] [WordPress Trac] #43552: SSL Websites using WordPress - Horizontal Admin Bar reverts to non-SSL links
WordPress Trac
noreply at wordpress.org
Wed Mar 14 19:53:38 UTC 2018
#43552: SSL Websites using WordPress - Horizontal Admin Bar reverts to non-SSL
links
-------------------------------+-----------------------------
Reporter: Laughter On Water | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Administration | Version: 4.9.4
Severity: normal | Keywords:
Focuses: administration |
-------------------------------+-----------------------------
Using SSL, Theme Twenty-Seventeen
When I'm at https://amateurethicist.com/wp-admin/< whatever > and I hover
over any of the vertical menus, I get the expected https linked
administrative links. (See green lines depicting correct function.)
When I go to any of the horizontal administrative menu or some of the
other links (see red lines depicting incorrect function) I am sent to non
SSL links.
I can't be sure, but it seems unintentional, since my browser goes
kerflooey when I try to go from https to http via an admin link to view
the posted page.
[[Image(https://c1.staticflickr.com/1/807/40101812644_88b204b3ae_b.jpg)]]
Yeah, it's SSL, but I'm not sure this is a true security issue as much as
it's an admin menu/core links thing. If this is a security issue, please
let me know and I'll post in the WP HackerOne area. I've included a list
of my site's general configurations just in case they'll help.
=== Diagnostic Glance 0.9.1 ===
WordPress Version: 4.9.4
== Listed Themes ==
[a] Twenty Seventeen - Version 1.4
1 themes present.
== Listed Plugins ==
[ ] Ad Codes Widget - Version 110709
[a] Advanced noCaptcha reCaptcha - Version 2.4
[a] Anti-spam - Version 4.4
[a] Black Studio TinyMCE Widget - Version 2.6.2
[a] BulletProof Security - Version 2.9
[a] Diagnostic Glance - Version 0.9.2
[a] Electric Studio Download Counter - Version 2.4
[a] Fast Secure Contact Form - Version 4.0.56
[a] Google Analyticator - Version 6.5.4
[a] Google XML Sitemaps - Version 4.0.9
[a] Redirection - Version 3.2
[a] Social Media Follow Buttons Bar - Version 4.29
[a] TinyMCE Advanced - Version 4.6.7
[ ] W3 Total Cache - Version 0.9.6
[a] Widget Logic - Version 5.9.0
[a] WPS Hide Login - Version 1.2.5.1
14 active plugins out of 16 present
== WordPress Config ==
Permalink Structure: /%year%/%monthnum%/%postname%/
Category Base: topics
Tag Base: tags
WP Max Memory Limit: 256M
WP Memory Limit: 40M
WP Max Upload Size: 64M
WP Cache: off
WP Debug: off
WP Debug Log: off
WP Debug Display: on
Display Errors: on
Log Errors: off
Error Log Path:
Concatenate Scripts: default*
Allow Multisite: default*
Disable Auto Updates: default*
Enable Core Updates: default*
Disallow File Edit: default*
Disallow File Mods: default*
*default - not explicitly set in wp-config.php,
so wp defaults apply.
== Hosting and System Config ==
Server: Apache
PHP Version: 7.0.28
MySQL Database Version: 5.6.34
PHP Memory Limit: 256M
PHP Max Upload Size: 64M
PHP Post Max Size: 65M
PHP SAPI: cgi-fcgi.
== PHP Extensions [ 49 Enabled ] ==
bcmath, bz2, calendar, cgi-fcgi,
Core, ctype, curl, date,
dom, exif, filter, ftp,
gd, gettext, hash, iconv,
imagick, imap, json, libxml,
mbstring, mcrypt, mysqli, mysqlnd,
openssl, pcntl, pcre, PDO,
pdo_mysql, pdo_sqlite, posix, pspell,
Reflection, session, SimpleXML, soap,
sockets, SPL, sqlite3, standard,
tokenizer, xml, xmlreader, xmlrpc,
xmlwriter, xsl, Zend OPcache, zip,
zlib
== Apache Module List Unavailable ==
You're running PHP as cgi-fcgi.
== General Site Statistics ==
Administrators: 1
Contributors: 1
Nones: 0
Total Users: 2
Published Pages: 2
Draft Pages: 0
Published Posts: 3
Draft Posts: 2
Comments in Moderation: 0
Comments Approved: 0
Comments Spam: 0
Comments Trash: 0
All Comments: 0
Images: 15
Other Media: 0
All Media: 15
--
Ticket URL: <https://core.trac.wordpress.org/ticket/43552>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list