[wp-trac] [WordPress Trac] #49515: SSL requirement during installation with SQL command through admin if mixed content
WordPress Trac
noreply at wordpress.org
Sat Aug 22 22:14:52 UTC 2020
#49515: SSL requirement during installation with SQL command through admin if mixed
content
--------------------------------------+---------------------------------
Reporter: bjornenio | Owner: (none)
Type: feature request | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Upgrade/Install | Version:
Severity: normal | Resolution:
Keywords: needs-patch dev-feedback | Focuses: ui, administration
--------------------------------------+---------------------------------
Comment (by zodiac1978):
Replying to [comment:3 WiZZarD_]:
> Ideally, you'd want to check for the capability of a secured connection,
not if the user is already using it.
My first minimal approach was to check if https is used and if **not**
display a warning. Additionally I was wrong and we could in fact use
`is_ssl` but without the load balancer fix. See:
https://developer.wordpress.org/reference/functions/is_ssl/
> My approach would be to test the given site-url for SSL capabilities, by
using something like [https://www.php.net/manual/en/function.fsockopen.php
fsockopen()]. If the url can be accessed through a secure connection ask
the user if it wants to use that instead. If it's not possible, just
proceed with the install.
That would be a better approach. Not just detect the missing https, but
detecting a possible https connection and offer a redirect to the https
version.
But what about people who forgot to install the SSL certificate (or there
is something wrong with it)? I think we should warn if there is no https
used in every case and offer a direct link to https if it is already
available.
The first one is easy as we could just use `is_ssl()`.
I was not successful in detecting a possible https connection. Maybe
someone can chime in with a code snippet.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/49515#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list