Upstream/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2025-01-08 17:38:26 +01:00
Code Issues Projects Releases Wiki Activity

In wp_get_attachment_url(), convert to HTTPS when possible.

Browse Source 
`wp_get_attachment_url()`, via `wp_upload_dir()`, uses 'siteurl' to generate
attachment URLs. When a site is SSL-optional on the front end - ie, 'siteurl'
is non-HTTPS, but SSL is available - a number of situations can arise where
non-HTTPS attachment URLs cause browser mixed-content warnings:

a) SSL is forced in the admin and `wp_get_attachment_url()` is used to generate the `<img>` tag for an inserted image. In these cases, the post content will contain non-HTTPS. Viewing/editing this post in the Dashboard will result in non-HTTPS images being served in an SSL environment.
b) `wp_get_attachment_url()` is used in a theme to generate an `<img>` `src` attribute on a public page. When viewing that page over SSL, the images will have HTTP URLs.

This changeset switches attachment URLs to HTTPS when it's determined that the
host supports SSL. This happens when 'siteurl' is non-SSL, but the current page
request *is* over SSL, and the host of the current request matches the host of
the URL being generated.

Props joemcgill, boonebgorges.
Fixes #15928.
Built from https://develop.svn.wordpress.org/trunk@31614


git-svn-id: http://core.svn.wordpress.org/trunk@31595 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Boone Gorges 2015-03-05 02:39:24 +00:00
parent 09ef640af4
commit 8c48f9400e
2 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
wp-includes/post.php
View File

@ -4980,6 +4980,14 @@ function wp_get_attachment_url( $post_id = 0 ) {
$url = get_the_guid( $post->ID );
}
/*
* If currently on SSL, prefer HTTPS URLs when we know they're supported by the domain
* (which is to say, when they share the domain name of the current SSL page).
*/
if ( is_ssl() && 'https' !== substr( $url, 0, 5 ) && parse_url( $url, PHP_URL_HOST ) === $_SERVER['HTTP_HOST'] ) {
$url = set_url_scheme( $url, 'https' );
}
/**
* Filter the attachment URL.
*

2
wp-includes/version.php
View File

@ -4,7 +4,7 @@
*
* @global string $wp_version
*/
$wp_version = '4.2-alpha-31613';
$wp_version = '4.2-alpha-31614';
/**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.