Opened 15 years ago
Closed 15 years ago
#959 closed defect (bug) (fixed)
BP_PLUGIN_URL - "define" enhancement for partial SSL-enabled BP sites [Has Patch]
Reported by: | r-a-y | Owned by: | jason_jm |
---|---|---|---|
Milestone: | 1.1 | Priority: | major |
Severity: | Version: | ||
Component: | Keywords: | Security, SSL, plug-in, url | |
Cc: | jason_jm |
Description
I've just started implementing SSL on a WPMU site I'm working on.
The default BP_PLUGIN_URL define uses WP_PLUGIN_URL which doesn't correctly redirect SSL requests over to their HTTPS equivalents.
In bp-core.php, instead of WP_PLUGIN_URL:
define( 'BP_PLUGIN_URL', WP_PLUGIN_URL . '/buddypress' );
I recommend using plugins_url() instead:
define( 'BP_PLUGIN_URL', plugins_url($path = '/buddypress') );
---
plugins_url() correctly switches all BP wp_enqueue_scripts/styles over to HTTPS.
More info here:
http://wpengineer.com/wordpress-plugin-path/
Attachments (1)
Change History (7)
#2
@
15 years ago
- Summary changed from BP_PLUGIN_URL - "define" enhancement for SSL-enabled BP sites to BP_PLUGIN_URL - "define" enhancement for partial SSL-enabled BP sites
#3
@
15 years ago
- Cc jason_jm added
- Keywords SSL plug-in url added
- Owner set to jason_jm
- Status changed from new to accepted
I would like to take a look at this.
#4
@
15 years ago
- Summary changed from BP_PLUGIN_URL - "define" enhancement for partial SSL-enabled BP sites to BP_PLUGIN_URL - "define" enhancement for partial SSL-enabled BP sites [Has Patch]
- Type changed from enhancement to defect
R-a-y is right on this one.
==Trace of what goes on now==
[bp-core.php TRUNK @ 09.04.2009 ]
8: define( 'BP_PLUGIN_URL', WP_PLUGIN_URL . '/buddypress' );
[wp-settings.php TRUNK @ 09.04.2009]
410: if ( !defined('WP_PLUGIN_URL') )
411: define( 'WP_PLUGIN_URL', WP_CONTENT_URL . '/plugins' ); full url, no trailing slash
[wp-settings.php TRUNK @ 09.04.2009]
391: if ( !defined('WP_CONTENT_URL') )
392: define( 'WP_CONTENT_URL', get_option('siteurl') . '/wp-content'); full url - WP_CONTENT_DIR is defined further up
It is this call to "get_option('siteurl')" which obtains an hard-coded value from the database (put there during install time) to be http. The desired scheme may not always be http.
==R-A-Y's proposal==
Replacing the line in bp-core.php with the one recommended by R-A-Y should work well.
[bp-core.php PROPOSAL]
8: define( 'BP_PLUGIN_URL', plugins_url($path = '/buddypress');
plugins_url as of [TRUNK @ 09.04.2009] does a proper scheme lookup based on is_ssl().
==Patch==
Patch provided. Thanks R-A-Y!
I should note that although bp_core_get_root_domain() makes SSL sitewide, this enhancement is for sites not using SSL throughout the main site, but only on certain pages (eg. e-commerce sites - checkout pages, etc.).