Infinite redirect loop | WordPress.org

liorchaga
(@liorchaga)

12 years, 2 months ago
Hey,

Could be that I’m missing something, but there seems to be a bug when forcing admin SSL.
The scenario is opening the admin, previewing a draft (I’m not sure it must be a draft, but since I use permalinks for published posts, it only happened with drafts). The draft preview link is a secured link, e.g. https://mydomain.com/mysite?post_type=portfolio&p=3405&preview=true

Now what happens is there is an infinite redirect (301) loop for the same url.

The code that causes it is in inc\secure.php lines 1025-1030:
```
if ( ( $requiressl == true && ! $this->checkssl() ) || ( $requiressl != true && $this->checkssl() ) ) {

  $href = ( $_SERVER['SERVER_PORT'] == '443' ? 'http' : 'https' ) . '://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
  wp_redirect( $href, 301 );

}
```
for the draft preview, $requiressl is false, but checkssl() return true, and so the condition is met, and the $href is reconstructed with https (because we accessed it in port 443).

Replacing the code with the following solved me the bug:
```
if ( $requiressl == true && ! $this->checkssl() ) {

  $href = 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
  wp_redirect( $href, 301 );

}
else{
  if ( $requiressl != true && $this->checkssl() ){
    $href = 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
    wp_redirect( $href, 301 );
  }
}
```
Lior

https://wordpress.org/plugins/better-wp-security/

The topic ‘Infinite redirect loop’ is closed to new replies.

0 replies
1 participant
Last reply from: liorchaga
Last activity: 12 years, 2 months ago
Status: not resolved