SSL: get_permalink() should follow the config rules (3 posts)

  1. O Ofutur
    Posted 5 years ago #

    When using FORCE_SSL_ADMIN, WP is returning the wrong URLs when a plugin calls get_permalink().

    I've quickly looked in the code and for a post, get_post_permalink() is called, which relies on home_url() to return the correct URL.

    The problem seems to be that home_url() is not checking whether FORCE_SSL_ADMIN is enabled or not and builds a URL using the current context. Meaning that if a user administers a site using SSL, the permalinks sent to plugins (in the backend) are the secure ones which is not what is defined in the configuration.

    So is it a plugin problem (should use a different function) or is this a WP issue?

    Seems logical to me to just call get_permalink() to get a post's URL to manipulate in my plugin and to trust WP to return the correct one.

  2. yonisink
    Posted 5 years ago #

    I'm gonna bump this - its amazing to me that get_permalink is not reading SSL... Have to do a PHP str_replace.

  3. Mike Ems
    Posted 5 years ago #

    I'm not sure you understand the purpose of FORCE_SSL_ADMIN. The option allows you to force HTTPS on your administration panel, not the public WordPress site. Filtering get_permalink based on this option would not make sense. If you want your entire front-end to be HTTPS, simply change your home url to HTTPS and get_permalink will return a HTTPS URL.

    It's also worth noting that in 3.0+, if the current page is HTTPS, WordPress will change links to other posts and pages to HTTPS automatically.

Topic Closed

This topic has been closed to new replies.

About this Topic