[wp-trac] [WordPress Trac] #15928: wp_get_attachment_url does not check for HTTPS
WordPress Trac
noreply at wordpress.org
Sun Nov 2 15:12:13 UTC 2014
#15928: wp_get_attachment_url does not check for HTTPS
-------------------------------------------------+-------------------------
Reporter: atetlaw | Owner:
Type: defect (bug) | Status: assigned
Priority: normal | Milestone: Future
Component: Permalinks | Release
Severity: normal | Version: 3.0.3
Keywords: needs-testing 4.1-early needs-patch | Resolution:
| Focuses:
-------------------------------------------------+-------------------------
Changes (by boonebgorges):
* keywords: has-patch needs-testing 4.1-early => needs-testing 4.1-early
needs-patch
Comment:
Thanks for the patch, joemcgill. The logic of the unit tests looks good to
me, though I'd prefer to have them broken into separate tests, as in
[attachment:15928.5.patch].
The patch is still missing the mark, though. If I understand correctly,
the root issue in this ticket is that you may be administering your site
over HTTPS, with your front-end viewable over HTTP. When writing a post,
you add an attachment, and some `<img>` markup gets inserted into your
post. But, since you're looking at the dashboard, the `src` element will
have the 'https' scheme saved in the post content.
I think the `set_url_scheme()` approach currently in the patch is probably
fine, but it's not enough. My gut feeling is that we should probably also
strip the scheme as suggested earlier (`//`) when building the `src`
attribute for the `img` tag put into the editor.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/15928#comment:74>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list