Support » Requests and Feedback » SSL: get_permalink() should follow the config rules

  • When using FORCE_SSL_ADMIN, WP is returning the wrong URLs when a plugin calls get_permalink().

    I’ve quickly looked in the code and for a post, get_post_permalink() is called, which relies on home_url() to return the correct URL.

    The problem seems to be that home_url() is not checking whether FORCE_SSL_ADMIN is enabled or not and builds a URL using the current context. Meaning that if a user administers a site using SSL, the permalinks sent to plugins (in the backend) are the secure ones which is not what is defined in the configuration.

    So is it a plugin problem (should use a different function) or is this a WP issue?

    Seems logical to me to just call get_permalink() to get a post’s URL to manipulate in my plugin and to trust WP to return the correct one.

Viewing 2 replies - 1 through 2 (of 2 total)
  • I’m gonna bump this – its amazing to me that get_permalink is not reading SSL… Have to do a PHP str_replace.

    I’m not sure you understand the purpose of FORCE_SSL_ADMIN. The option allows you to force HTTPS on your administration panel, not the public WordPress site. Filtering get_permalink based on this option would not make sense. If you want your entire front-end to be HTTPS, simply change your home url to HTTPS and get_permalink will return a HTTPS URL.

    It’s also worth noting that in 3.0+, if the current page is HTTPS, WordPress will change links to other posts and pages to HTTPS automatically.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘SSL: get_permalink() should follow the config rules’ is closed to new replies.