Do secure redirect only for admin destinations. see #7561
git-svn-id: http://svn.automattic.com/wordpress/trunk@8730 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
@@ -423,7 +423,7 @@ default:
|
||||
if ( isset( $_REQUEST['redirect_to'] ) ) {
|
||||
$redirect_to = $_REQUEST['redirect_to'];
|
||||
// Redirect to https if user wants ssl
|
||||
if ( $secure_cookie )
|
||||
if ( $secure_cookie && false !== strpos($redirect_to, 'wp-admin') )
|
||||
$redirect_to = preg_replace('|^http://|', 'https://', $redirect_to);
|
||||
} else {
|
||||
$redirect_to = admin_url();
|
||||
|
||||
Reference in New Issue
Block a user