Media: When generating the base URL to be used in the srcset attribute, use an https scheme when the image base URL's host matches that of the current host, and the request is being served over HTTPS. This prevents mixed content warnings caused by http embedded media.

See #34945 Props joemcgill git-svn-id: https://develop.svn.wordpress.org/trunk@37022 602fd350-edb4-49c9-b593-d223f7449a82
2016-03-16 22:48:13 +00:00 · 2016-03-16 22:48:13 +00:00 · f1af2813d3
commit f1af2813d3
parent 40a3bac346
2 changed files with 49 additions and 0 deletions
--- a/src/wp-includes/media.php
+++ b/src/wp-includes/media.php
@ -1027,6 +1027,14 @@ function wp_calculate_image_srcset( $size_array, $image_src, $image_meta, $attac
 	$upload_dir = wp_get_upload_dir();
 	$image_baseurl = trailingslashit( $upload_dir['baseurl'] ) . $dirname;

+	/*
+	 * If currently on HTTPS, prefer HTTPS URLs when we know they're supported by the domain
+	 * (which is to say, when they share the domain name of the current request).
+	 */
+	if ( is_ssl() && 'https' !== substr( $image_baseurl, 0, 5 ) && parse_url( $image_baseurl, PHP_URL_HOST ) === $_SERVER['HTTP_HOST'] ) {
+		$image_baseurl = set_url_scheme( $image_baseurl, 'https' );
+	}
+
 	/*
 	 * Images that have been edited in WordPress after being uploaded will
 	 * contain a unique hash. Look for that hash and use it later to filter
--- a/tests/phpunit/tests/media.php
+++ b/tests/phpunit/tests/media.php
@ -1479,6 +1479,47 @@ EOF;
 		$expected   = sprintf( $content, $respimg, $respimg_https, $respimg_relative );
 		$actual     = wp_make_content_images_responsive( $unfiltered );

+		$this->assertSame( $expected, $actual );
+}
+
+	/**
+	 * @ticket 34945
+	 * @ticket 33641
+	 */
+	function test_wp_get_attachment_image_with_https_on() {
+		// Mock meta for the image.
+		$image_meta = array(
+			'width'  => 1200,
+			'height' => 600,
+			'file'   => 'test.jpg',
+			'sizes'  => array(
+				'thumbnail' => array(
+					'file'   => 'test-150x150.jpg',
+					'width'  => 150,
+					'height' => 150,
+				),
+				'medium'    => array(
+					'file'   => 'test-300x150.jpg',
+					'width'  => 300,
+					'height' => 150,
+				),
+				'large'     => array(
+					'file'   => 'test-1024x512.jpg',
+					'width'  => 1024,
+					'height' => 512,
+				),
+			)
+		);
+
+		// Test using the large file size.
+		$size_array = array( 1024, 512 );
+		$image_url  = 'http://' . WP_TESTS_DOMAIN . '/wp-content/uploads/' . $image_meta['sizes']['large']['file'];
+
+		$_SERVER['HTTPS'] = 'on';
+
+		$expected = 'https://' . WP_TESTS_DOMAIN . '/wp-content/uploads/test-300x150.jpg 300w, https://' . WP_TESTS_DOMAIN . '/wp-content/uploads/test-1024x512.jpg 1024w, https://' . WP_TESTS_DOMAIN . '/wp-content/uploads/test.jpg 1200w';
+		$actual   = wp_calculate_image_srcset( $size_array, $image_url, $image_meta );
+
 		$this->assertSame( $expected, $actual );
 	}
 }