sergiotarxz
/
Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Attachment URLs should only be forced to SSL on the front end. 

Detecting SSL status on the Dashboard introduces problems when writing content
that is saved to the database and then displayed on the front end, where SSL
may be optional (or impossible, due to self-signed certificates). The new
approach parallels the logic in `get_home_url()` for forcing HTTPS.

See [31614] #15928 for background.

Fixes #32112 for trunk.

git-svn-id: https://develop.svn.wordpress.org/trunk@32342 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Boone Gorges 2015-05-04 13:09:14 +00:00
parent eea4111667
commit 93a4bf15e4
2 changed files with 39 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/wp-includes/post.php
View File

@ -4992,12 +4992,9 @@ function wp_get_attachment_url( $post_id = 0 ) {
$url = get_the_guid( $post->ID );
}
/*
* If currently on SSL, prefer HTTPS URLs when we know they're supported by the domain
* (which is to say, when they share the domain name of the current SSL page).
*/
if ( is_ssl() && 'https' !== substr( $url, 0, 5 ) && parse_url( $url, PHP_URL_HOST ) === $_SERVER['HTTP_HOST'] ) {
$url = set_url_scheme( $url, 'https' );
// On SSL front-end, URLs should be HTTPS.
if ( is_ssl() && ! is_admin() && 'wp-login.php' !== $GLOBALS['pagenow'] ) {
$url = set_url_scheme( $url );
}
/**

46
tests/phpunit/tests/post/attachments.php
View File

@ -409,9 +409,9 @@ class Tests_Post_Attachments extends WP_UnitTestCase {
/**
* @ticket 15928
*/
public function test_wp_get_attachment_url_should_not_force_https_when_https_is_on_but_url_has_a_different_domain() {
public function test_wp_get_attachment_url_should_not_force_https_when_administering_over_https_but_siteurl_is_not_https() {
$siteurl = get_option( 'siteurl' );
update_option( 'siteurl', set_url_scheme( $siteurl, 'https' ) );
update_option( 'siteurl', set_url_scheme( $siteurl, 'http' ) );
$filename = ( DIR_TESTDATA . '/images/test-image.jpg' );
$contents = file_get_contents( $filename );
@ -422,21 +422,47 @@ class Tests_Post_Attachments extends WP_UnitTestCase {
// Set attachment ID
$attachment_id = $this->_make_attachment( $upload );
// Save server data for cleanup.
$is_ssl = is_ssl();
$http_host = $_SERVER['HTTP_HOST'];
$_SERVER['HTTPS'] = 'on';
// Set server host to something random.
$_SERVER['HTTP_HOST'] = 'some.otherhostname.com';
set_current_screen( 'dashboard' );
$url = wp_get_attachment_url( $attachment_id );
$this->assertSame( set_url_scheme( $url, 'http' ), $url );
// Cleanup.
$_SERVER['HTTPS'] = $is_ssl ? 'on' : 'off';
$_SERVER['HTTP_HOST'] = $http_host;
set_current_screen( 'front' );
$this->assertSame( set_url_scheme( $url, 'http' ), $url );
}
/**
* @ticket 15928
*/
public function test_wp_get_attachment_url_should_force_https_when_administering_over_https_and_siteurl_is_https() {
// Must set the upload_url_path to fake out `wp_upload_dir()`.
$siteurl = get_option( 'siteurl' );
update_option( 'upload_url_path', set_url_scheme( $siteurl, 'https' ) . '/uploads' );
$filename = ( DIR_TESTDATA . '/images/test-image.jpg' );
$contents = file_get_contents( $filename );
$upload = wp_upload_bits( basename( $filename ), null, $contents );
$this->assertTrue( empty( $upload['error'] ) );
// Set attachment ID
$attachment_id = $this->_make_attachment( $upload );
$is_ssl = is_ssl();
$_SERVER['HTTPS'] = 'on';
set_current_screen( 'dashboard' );
$url = wp_get_attachment_url( $attachment_id );
// Cleanup.
$_SERVER['HTTPS'] = $is_ssl ? 'on' : 'off';
set_current_screen( 'front' );
$this->assertSame( set_url_scheme( $url, 'https' ), $url );
}
public function test_wp_attachment_is() {