WordPress.org

Ready to get started?Download WordPress

Forums

[closed] Trouble with HTTPS when uploading media in 3.5 (11 posts)

  1. TedFolkman
    Member
    Posted 1 year ago #

    Hello!

    I am having a new problem with WordPress 3.5 that I did not have with 3.4.2. I do all my site administration over SSL (my wp-config file has the following line: define('FORCE_SSL_ADMIN', true);). When I go to the dashboard I see the green padlock in the address bar, so I know my SSL certificate is working properly. With WP 3.5., when I go to my media library, instead of the green padlock I get a message saying that while my connection is encrypted, the page "includes other resources that are not secure" and that can be viewed by others while in transit or modified by an attacker. Yikes! If I click once on the button to take me back to the dashboard, I can navigate back to the dashboard, but the warning remains. But if I click on the dashboard button again, the green padlock returns.

    In case it is useful, I use the following theme: WooThemes Canvas v. 5.0.13, and the following plugins:

    Acronyms 2
    Antispam Bee
    BackWPup
    Broken Link Checker
    BulletProof Security
    Liveblog
    Login Lockdown
    NextScripts: Social Networks Auto-Poster
    Prevent Password Resetn
    Quick Page/Post Redirect Plugin
    Simple Footnotes
    WordPress SEO
    Wysija Newsletters

    Thank you!

  2. tomontoast
    Member
    Posted 1 year ago #

    Try to find out which resources are non secure by searching for http:// in your page source. That should weed out the culprit. Also try disabling plugins.

  3. TedFolkman
    Member
    Posted 1 year ago #

    Thanks for the tip. It looks like the media files themselves are the culprit. Here is an example:

    <td class="column-icon media-icon">				<a href="https://lettersblogatory.com/wp-admin/post.php?post=11674&action=edit" title="Edit “Marcus Junius Brutus”">
    					<img width="39" height="60" src="http://lettersblogatory.com/wp-content/uploads/2012/12/Brutus-99x150.jpg" class="attachment-80x60" alt="Marcus Junius Brutus" />				</a>

    I have the same problem with all plugins deactivated.

    Any thoughts as to why this is happening or how it can be fixed?

  4. tomontoast
    Member
    Posted 1 year ago #

    Well I'd say its not a problem because you know that those files can't be malicious and you won't be worried if they leak, technically its a bug so you should report it as a new ticket on trac http://core.trac.wordpress.org/newticket

  5. TedFolkman
    Member
    Posted 1 year ago #

    Thank you! I have reported it. I appreciate your help.

  6. tomontoast
    Member
    Posted 1 year ago #

  7. cederom
    Member
    Posted 1 year ago #

    The same problem here, please fix, the original bug is still present since 3.0.3 (2 years)??

  8. tomontoast
    Member
    Posted 1 year ago #

    Put this in functions.php as a quick fix:

    function fix_ssl_attachment_url( $url ) {
    
    	if ( is_ssl() )
    		$url = str_replace( 'http://', 'https://', $url );
    	return $url;
    
    }
    add_filter( 'wp_get_attachment_url', 'fix_ssl_attachment_url' );
  9. beginr
    Member
    Posted 1 year ago #

    @tomontoast Thank you so much! that code worked for me. :)

  10. beginr
    Member
    Posted 1 year ago #

    hey @tomontoast how would i do the same for any plugins?

    Thanx!

  11. beginr
    Member
    Posted 1 year ago #

    actually, I defined the site address in the wp-config file as stated in wordpress codex. Thanx anyway :)

Topic Closed

This topic has been closed to new replies.

About this Topic