[wp-hackers] Fixing some SSL cases for 3.4

Marcus Pope Marcus.Pope at springbox.com
Fri Nov 4 00:22:14 UTC 2011


Oh man, I swear I did *not* just create a new profile with the name Pauli Price!!!

:D

Thanks Pauli, those tickets along with the other 500 or so created/fixed/pending on the subject sure are a pain to deal with.

But I wanted to say there are some webservers that cannot handle scheme-relative urls.  Not sure if wordpress is supported on anything other than apache and iis (which do support them fully) but if there is support for other webserver packages we should be cautious to implement.  

And to be devil's advocate here, there are a number of plugins that do call parse_url on the home_url's returned by wordpress.  And a smaller number of those logic branch on the "scheme" key in the returned hash array.  Granted it will only generate php notices to access the null scheme key, but it could change the logic branch in a detrimental way if scheme-less urls are used.

This little guy has over 25k downloads
http://wordpress.org/extend/plugins/wordpress-https/
As well as some admin/lockout issues raised in the 2.0 launch a couple days ago.  But I'm sure there are others like the BWP-Minify that could see some problems as well.

I have always been an advocate of the argument that it could be problematic for the community, so my concern here is that it's a last minute stake in the 3.3 game, that might need some more heads-up notice to developers if we were to do a scheme-less switch. 

But I have also always been a fall-back supporter of scheme-relative urls if root-relative urls were out of the question.

Thanks!

-----Original Message-----
From: wp-hackers-bounces at lists.automattic.com [mailto:wp-hackers-bounces at lists.automattic.com] On Behalf Of Pauli Price
Sent: Thursday, November 03, 2011 3:47 PM
To: wp-hackers at lists.automattic.com
Subject: [wp-hackers] Fixing some SSL cases for 3.4

Here¹s a transcript from #wordpress-dev.  Seeking guidance on how to move forward with this.  It¹s clear that we don¹t have a consensus yet.

Discussion happens here, on the wp-hackers?  Or on a trac ticket?
 
Is it appropriate to consolidate these tickets?  If so how?

======== transcript follows ==========

marfarma:
  I'd like to help resolve these related tickets for 3.4 - anybody working on them? #13941, #15928, #18017, #19023, #18005

trac-bot:
  http://core.trac.wordpress.org/ticket/13941 Future Release,
micropat->ryan, new, WP_CONTENT_URL should use site_url() to support 
micropat->HTTPS /
SSL
  http://core.trac.wordpress.org/ticket/15928 Future Release, atetlaw->(no owner), assigned, wp_get_attachment_url does not check for HTTPS
  http://core.trac.wordpress.org/ticket/18017 minor, Future Release,
jkudish->jkudish, new, set_url_scheme() function
  http://core.trac.wordpress.org/ticket/19023 high, Awaiting Review,
joostdevalk->nacin, reviewing, Images in Edit Comments break SSL
  http://core.trac.wordpress.org/ticket/18005 minor, Awaiting Review,
rfc1437->(no owner), reopened, mixed http/https installation and
add_custom_background / body_class

nacin:
  That's one chunk of tickets.
  Yeah, I'd definitely like to tackle all of that for 3.4.

marfarma:
  but all the same underlying problem

nacin:
  Indeed.

rboren:
  Fixing those SSL cases and using home_url() everywhere it is needed would be nice for 3.4.

rboren:
  And, dare I say it, introduce 'relative' as a scheme argument.

marfarma:
  relative -- isn't that a 'live-wire' topic?
  as in 'untouchable'

nacin:
  I'd like to do protocol-independent, at least.
  like //
  anyway,    

(nacin is now known as nacin|afk.)

rboren:
  It'd just be an arg for use by plugin and theme authors. No core movement to it.  Anyhow, just something we might want to discuss.

AaronCampbell:
  I like the idea of being able to do relative links when it makes sense

iamfriendly:
  where's the "+1 million" button?
  what do you mean I don't get a million votes?

======== transcript ends ==========

Pauli (aka: marfarma)
_______________________________________________
wp-hackers mailing list
wp-hackers at lists.automattic.com
http://lists.automattic.com/mailman/listinfo/wp-hackers


More information about the wp-hackers mailing list