From 00e2cd0917c5f9e545549f97cfd315672da8a1cc Mon Sep 17 00:00:00 2001
From: Ryan Boren <ryan@git.wordpress.org>
Date: Mon, 25 Aug 2008 20:40:34 +0000
Subject: [PATCH] Do secure redirect only for admin destinations.  see #7561

git-svn-id: https://develop.svn.wordpress.org/trunk@8730 602fd350-edb4-49c9-b593-d223f7449a82
---
 wp-includes/pluggable.php | 4 ++--
 wp-login.php              | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/wp-includes/pluggable.php b/wp-includes/pluggable.php
index ea6ccacee1..8c53f7ac9b 100644
--- a/wp-includes/pluggable.php
+++ b/wp-includes/pluggable.php
@@ -693,7 +693,7 @@ function auth_redirect() {
 		$secure = false;
 
 	// If https is required and request is http, redirect
-	if ( $secure && !is_ssl() ) {
+	if ( $secure && !is_ssl() && false !== strpos($_SERVER['REQUEST_URI'], 'wp-admin') ) {
 		if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) {
 			wp_redirect(preg_replace('|^http://|', 'https://', $_SERVER['REQUEST_URI']));
 			exit();
@@ -705,7 +705,7 @@ function auth_redirect() {
 
 	if ( $user_id = wp_validate_auth_cookie() ) {
 		// If the user wants ssl but the session is not ssl, redirect.
-		if ( !$secure && get_user_option('use_ssl', $user_id) ) {
+		if ( !$secure && get_user_option('use_ssl', $user_id) && false !== strpos($_SERVER['REQUEST_URI'], 'wp-admin') ) {
 			if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) {
 				wp_redirect(preg_replace('|^http://|', 'https://', $_SERVER['REQUEST_URI']));
 				exit();
diff --git a/wp-login.php b/wp-login.php
index b93eafb504..54244116e8 100644
--- a/wp-login.php
+++ b/wp-login.php
@@ -423,7 +423,7 @@ default:
 	if ( isset( $_REQUEST['redirect_to'] ) ) {
 		$redirect_to = $_REQUEST['redirect_to'];
 		// Redirect to https if user wants ssl
-		if ( $secure_cookie )
+		if ( $secure_cookie && false !== strpos($redirect_to, 'wp-admin') )
 			$redirect_to = preg_replace('|^http://|', 'https://', $redirect_to);
 	} else {
 		$redirect_to = admin_url();