Media: When generating the base URL to be used in the `srcset` attribute, use an `https` scheme when the image base URL's host matches that of the current host, and the request is being served over HTTPS. This prevents mixed content warnings caused by `http` embedded media.

See #34945 Props joemcgill git-svn-id: https://develop.svn.wordpress.org/trunk@37022 602fd350-edb4-49c9-b593-d223f7449a82
2016-03-16 22:48:13 +00:00 · 2016-03-16 22:48:13 +00:00 · f1af2813d3
parent 40a3bac346
commit f1af2813d3
2 changed files with 49 additions and 0 deletions
--- a/src/wp-includes/media.php
+++ b/src/wp-includes/media.php
@ -1027,6 +1027,14 @@ function wp_calculate_image_srcset( $size_array, $image_src, $image_meta, $attac
 	$upload_dir = wp_get_upload_dir();
 	$image_baseurl = trailingslashit( $upload_dir['baseurl'] ) . $dirname;

+	/*
+	 * If currently on HTTPS, prefer HTTPS URLs when we know they're supported by the domain
+	 * (which is to say, when they share the domain name of the current request).
+	 */
+	if ( is_ssl() && 'https' !== substr( $image_baseurl, 0, 5 ) && parse_url( $image_baseurl, PHP_URL_HOST ) === $_SERVER['HTTP_HOST'] ) {
+		$image_baseurl = set_url_scheme( $image_baseurl, 'https' );
+	}
+
 	/*
 	 * Images that have been edited in WordPress after being uploaded will
 	 * contain a unique hash. Look for that hash and use it later to filter
--- a/tests/phpunit/tests/media.php
+++ b/tests/phpunit/tests/media.php
@ -1479,6 +1479,47 @@ EOF;
 		$expected   = sprintf( $content, $respimg, $respimg_https, $respimg_relative );
 		$actual     = wp_make_content_images_responsive( $unfiltered );

+		$this->assertSame( $expected, $actual );
+}
+
+	/**
+	 * @ticket 34945
+	 * @ticket 33641
+	 */
+	function test_wp_get_attachment_image_with_https_on() {
+		// Mock meta for the image.
+		$image_meta = array(
+			'width'  => 1200,
+			'height' => 600,
+			'file'   => 'test.jpg',
+			'sizes'  => array(
+				'thumbnail' => array(
+					'file'   => 'test-150x150.jpg',
+					'width'  => 150,
+					'height' => 150,
+				),
+				'medium'    => array(
+					'file'   => 'test-300x150.jpg',
+					'width'  => 300,
+					'height' => 150,
+				),
+				'large'     => array(
+					'file'   => 'test-1024x512.jpg',
+					'width'  => 1024,
+					'height' => 512,
+				),
+			)
+		);
+
+		// Test using the large file size.
+		$size_array = array( 1024, 512 );
+		$image_url  = 'http://' . WP_TESTS_DOMAIN . '/wp-content/uploads/' . $image_meta['sizes']['large']['file'];
+
+		$_SERVER['HTTPS'] = 'on';
+
+		$expected = 'https://' . WP_TESTS_DOMAIN . '/wp-content/uploads/test-300x150.jpg 300w, https://' . WP_TESTS_DOMAIN . '/wp-content/uploads/test-1024x512.jpg 1024w, https://' . WP_TESTS_DOMAIN . '/wp-content/uploads/test.jpg 1200w';
+		$actual   = wp_calculate_image_srcset( $size_array, $image_url, $image_meta );
+
 		$this->assertSame( $expected, $actual );
 	}
 }