Last modified: 2014-09-05 05:52:24 UTC
The comment form of https://blog.wikimedia.org/ has an explicit action of http://blog.wikimedia.org/wp-comments-post.php
Perhaps it would be better to just force one protocol or the other. I'm not sure supporting both is necessary.
Is this a issue with our skin, or upstream in wordpress?
http://core.trac.wordpress.org/query?status=accepted&status=assigned&status=new&status=reopened&status=reviewing&description=~wp-comments-post.php&order=priority does not show anything in upstream bugtracker. Cannot see anythins suspicious in https://gerrit.wikimedia.org/r/gitweb?p=wikimedia/communications/WMBlog.git;a=blob;f=WMBlog.php;hb=refs/heads/master either.
That's http://git.wikimedia.org/blob/wikimedia%2Fcommunications%2FWP-Victor.git/9b57e64c52a961b313edc4f012a08003b049e04f/comments.php -- it uses get_option('siteurl') which has been deprecated[1] while it should be using site_url which is capable of returning HTTPS links[2]. That being said, there have been rumours that the template was supposed to be rewritten from scratch (I think the WMF even hired a Wordpress magician to do that?) and the blog moved somewhere else, so I'm not sure it's worth spending time on it. In case someone thinks it is, please feel free to use the linked Wordpress documentation below. == References == * [1] https://codex.wordpress.org/Function_Reference/get_option('siteurl') * [2] https://codex.wordpress.org/Function_Reference/site_url
Change 138533 had a related patch set uploaded by Withoutaname: Convert links to https or protocol-relative https://gerrit.wikimedia.org/r/138533
Change 138533 abandoned by Withoutaname: Convert links to https or protocol-relative https://gerrit.wikimedia.org/r/138533
On https: <form action="https://wikimediablog.wordpress.com/wp-comments-post.php" method="post" id="commentform" class="comment-form"> On http: <form action="http://blog.wikimedia.org/wp-comments-post.php" method="post" id="commentform" class="comment-form"> (why different domain?!).