Attachment URLs should only be forced to SSL on the front end.
Detecting SSL status on the Dashboard introduces problems when writing content that is saved to the database and then displayed on the front end, where SSL may be optional (or impossible, due to self-signed certificates). The new approach parallels the logic in `get_home_url()` for forcing HTTPS. See [31614] #15928 for background. Fixes #32112 for trunk. git-svn-id: https://develop.svn.wordpress.org/trunk@32342 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
parent
eea4111667
commit
93a4bf15e4
|
@ -4992,12 +4992,9 @@ function wp_get_attachment_url( $post_id = 0 ) {
|
||||||
$url = get_the_guid( $post->ID );
|
$url = get_the_guid( $post->ID );
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
// On SSL front-end, URLs should be HTTPS.
|
||||||
* If currently on SSL, prefer HTTPS URLs when we know they're supported by the domain
|
if ( is_ssl() && ! is_admin() && 'wp-login.php' !== $GLOBALS['pagenow'] ) {
|
||||||
* (which is to say, when they share the domain name of the current SSL page).
|
$url = set_url_scheme( $url );
|
||||||
*/
|
|
||||||
if ( is_ssl() && 'https' !== substr( $url, 0, 5 ) && parse_url( $url, PHP_URL_HOST ) === $_SERVER['HTTP_HOST'] ) {
|
|
||||||
$url = set_url_scheme( $url, 'https' );
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -409,9 +409,9 @@ class Tests_Post_Attachments extends WP_UnitTestCase {
|
||||||
/**
|
/**
|
||||||
* @ticket 15928
|
* @ticket 15928
|
||||||
*/
|
*/
|
||||||
public function test_wp_get_attachment_url_should_not_force_https_when_https_is_on_but_url_has_a_different_domain() {
|
public function test_wp_get_attachment_url_should_not_force_https_when_administering_over_https_but_siteurl_is_not_https() {
|
||||||
$siteurl = get_option( 'siteurl' );
|
$siteurl = get_option( 'siteurl' );
|
||||||
update_option( 'siteurl', set_url_scheme( $siteurl, 'https' ) );
|
update_option( 'siteurl', set_url_scheme( $siteurl, 'http' ) );
|
||||||
|
|
||||||
$filename = ( DIR_TESTDATA . '/images/test-image.jpg' );
|
$filename = ( DIR_TESTDATA . '/images/test-image.jpg' );
|
||||||
$contents = file_get_contents( $filename );
|
$contents = file_get_contents( $filename );
|
||||||
|
@ -422,21 +422,47 @@ class Tests_Post_Attachments extends WP_UnitTestCase {
|
||||||
// Set attachment ID
|
// Set attachment ID
|
||||||
$attachment_id = $this->_make_attachment( $upload );
|
$attachment_id = $this->_make_attachment( $upload );
|
||||||
|
|
||||||
// Save server data for cleanup.
|
|
||||||
$is_ssl = is_ssl();
|
$is_ssl = is_ssl();
|
||||||
$http_host = $_SERVER['HTTP_HOST'];
|
|
||||||
|
|
||||||
$_SERVER['HTTPS'] = 'on';
|
$_SERVER['HTTPS'] = 'on';
|
||||||
|
set_current_screen( 'dashboard' );
|
||||||
// Set server host to something random.
|
|
||||||
$_SERVER['HTTP_HOST'] = 'some.otherhostname.com';
|
|
||||||
|
|
||||||
$url = wp_get_attachment_url( $attachment_id );
|
$url = wp_get_attachment_url( $attachment_id );
|
||||||
$this->assertSame( set_url_scheme( $url, 'http' ), $url );
|
|
||||||
|
|
||||||
// Cleanup.
|
// Cleanup.
|
||||||
$_SERVER['HTTPS'] = $is_ssl ? 'on' : 'off';
|
$_SERVER['HTTPS'] = $is_ssl ? 'on' : 'off';
|
||||||
$_SERVER['HTTP_HOST'] = $http_host;
|
set_current_screen( 'front' );
|
||||||
|
|
||||||
|
$this->assertSame( set_url_scheme( $url, 'http' ), $url );
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @ticket 15928
|
||||||
|
*/
|
||||||
|
public function test_wp_get_attachment_url_should_force_https_when_administering_over_https_and_siteurl_is_https() {
|
||||||
|
// Must set the upload_url_path to fake out `wp_upload_dir()`.
|
||||||
|
$siteurl = get_option( 'siteurl' );
|
||||||
|
update_option( 'upload_url_path', set_url_scheme( $siteurl, 'https' ) . '/uploads' );
|
||||||
|
|
||||||
|
$filename = ( DIR_TESTDATA . '/images/test-image.jpg' );
|
||||||
|
$contents = file_get_contents( $filename );
|
||||||
|
|
||||||
|
$upload = wp_upload_bits( basename( $filename ), null, $contents );
|
||||||
|
$this->assertTrue( empty( $upload['error'] ) );
|
||||||
|
|
||||||
|
// Set attachment ID
|
||||||
|
$attachment_id = $this->_make_attachment( $upload );
|
||||||
|
|
||||||
|
$is_ssl = is_ssl();
|
||||||
|
$_SERVER['HTTPS'] = 'on';
|
||||||
|
set_current_screen( 'dashboard' );
|
||||||
|
|
||||||
|
$url = wp_get_attachment_url( $attachment_id );
|
||||||
|
|
||||||
|
// Cleanup.
|
||||||
|
$_SERVER['HTTPS'] = $is_ssl ? 'on' : 'off';
|
||||||
|
set_current_screen( 'front' );
|
||||||
|
|
||||||
|
$this->assertSame( set_url_scheme( $url, 'https' ), $url );
|
||||||
}
|
}
|
||||||
|
|
||||||
public function test_wp_attachment_is() {
|
public function test_wp_attachment_is() {
|
||||||
|
|
Loading…
Reference in New Issue