Attachment URLs should only be forced to SSL on the front end.

Detecting SSL status on the Dashboard introduces problems when writing content
that is saved to the database and then displayed on the front end, where SSL
may be optional (or impossible, due to self-signed certificates). The new
approach parallels the logic in `get_home_url()` for forcing HTTPS.

See [31614] #15928 for background.

Fixes #32112 for trunk.

git-svn-id: https://develop.svn.wordpress.org/trunk@32342 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Boone Gorges
2015-05-04 13:09:14 +00:00
parent eea4111667
commit 93a4bf15e4
2 changed files with 39 additions and 16 deletions

View File

@@ -4992,12 +4992,9 @@ function wp_get_attachment_url( $post_id = 0 ) {
$url = get_the_guid( $post->ID );
}
/*
* If currently on SSL, prefer HTTPS URLs when we know they're supported by the domain
* (which is to say, when they share the domain name of the current SSL page).
*/
if ( is_ssl() && 'https' !== substr( $url, 0, 5 ) && parse_url( $url, PHP_URL_HOST ) === $_SERVER['HTTP_HOST'] ) {
$url = set_url_scheme( $url, 'https' );
// On SSL front-end, URLs should be HTTPS.
if ( is_ssl() && ! is_admin() && 'wp-login.php' !== $GLOBALS['pagenow'] ) {
$url = set_url_scheme( $url );
}
/**