[wp-hackers] Fixing some SSL cases for 3.4

Pauli Price pauli.price at gmail.com
Fri Nov 4 18:28:00 UTC 2011


"last minute stake in the 3.3 game"

This work is targeting 3.4, so not to worry.  The point is to put
http://wordpress.org/extend/plugins/wordpress-https/ out of business,
except for shared SSL certificate support.  That seems like enough of an
edge case that it can be delegated to a plugin.

Pauli


On Thu, Nov 3, 2011 at 8:22 PM, Marcus Pope <Marcus.Pope at springbox.com>wrote:

> Oh man, I swear I did *not* just create a new profile with the name Pauli
> Price!!!
>
> :D
>
> Thanks Pauli, those tickets along with the other 500 or so
> created/fixed/pending on the subject sure are a pain to deal with.
>
> But I wanted to say there are some webservers that cannot handle
> scheme-relative urls.  Not sure if wordpress is supported on anything other
> than apache and iis (which do support them fully) but if there is support
> for other webserver packages we should be cautious to implement.
>
> And to be devil's advocate here, there are a number of plugins that do
> call parse_url on the home_url's returned by wordpress.  And a smaller
> number of those logic branch on the "scheme" key in the returned hash
> array.  Granted it will only generate php notices to access the null scheme
> key, but it could change the logic branch in a detrimental way if
> scheme-less urls are used.
>
> This little guy has over 25k downloads
> http://wordpress.org/extend/plugins/wordpress-https/
> As well as some admin/lockout issues raised in the 2.0 launch a couple
> days ago.  But I'm sure there are others like the BWP-Minify that could see
> some problems as well.
>
> I have always been an advocate of the argument that it could be
> problematic for the community, so my concern here is that it's a last
> minute stake in the 3.3 game, that might need some more heads-up notice to
> developers if we were to do a scheme-less switch.
>
> But I have also always been a fall-back supporter of scheme-relative urls
> if root-relative urls were out of the question.
>
> Thanks!
>
> -----Original Message-----
> From: wp-hackers-bounces at lists.automattic.com [mailto:
> wp-hackers-bounces at lists.automattic.com] On Behalf Of Pauli Price
> Sent: Thursday, November 03, 2011 3:47 PM
> To: wp-hackers at lists.automattic.com
> Subject: [wp-hackers] Fixing some SSL cases for 3.4
>
> Here¹s a transcript from #wordpress-dev.  Seeking guidance on how to move
> forward with this.  It¹s clear that we don¹t have a consensus yet.
>
> Discussion happens here, on the wp-hackers?  Or on a trac ticket?
>
> Is it appropriate to consolidate these tickets?  If so how?
>
> ======== transcript follows ==========
>
> marfarma:
>  I'd like to help resolve these related tickets for 3.4 - anybody working
> on them? #13941, #15928, #18017, #19023, #18005
>
> trac-bot:
>  http://core.trac.wordpress.org/ticket/13941 Future Release,
> micropat->ryan, new, WP_CONTENT_URL should use site_url() to support
> micropat->HTTPS /
> SSL
>  http://core.trac.wordpress.org/ticket/15928 Future Release, atetlaw->(no
> owner), assigned, wp_get_attachment_url does not check for HTTPS
>  http://core.trac.wordpress.org/ticket/18017 minor, Future Release,
> jkudish->jkudish, new, set_url_scheme() function
>  http://core.trac.wordpress.org/ticket/19023 high, Awaiting Review,
> joostdevalk->nacin, reviewing, Images in Edit Comments break SSL
>  http://core.trac.wordpress.org/ticket/18005 minor, Awaiting Review,
> rfc1437->(no owner), reopened, mixed http/https installation and
> add_custom_background / body_class
>
> nacin:
>  That's one chunk of tickets.
>  Yeah, I'd definitely like to tackle all of that for 3.4.
>
> marfarma:
>  but all the same underlying problem
>
> nacin:
>  Indeed.
>
> rboren:
>  Fixing those SSL cases and using home_url() everywhere it is needed would
> be nice for 3.4.
>
> rboren:
>  And, dare I say it, introduce 'relative' as a scheme argument.
>
> marfarma:
>  relative -- isn't that a 'live-wire' topic?
>  as in 'untouchable'
>
> nacin:
>  I'd like to do protocol-independent, at least.
>  like //
>  anyway,
>
> (nacin is now known as nacin|afk.)
>
> rboren:
>  It'd just be an arg for use by plugin and theme authors. No core movement
> to it.  Anyhow, just something we might want to discuss.
>
> AaronCampbell:
>  I like the idea of being able to do relative links when it makes sense
>
> iamfriendly:
>  where's the "+1 million" button?
>  what do you mean I don't get a million votes?
>
> ======== transcript ends ==========
>
> Pauli (aka: marfarma)
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>


More information about the wp-hackers mailing list