Media: When generating the base URL to be used in the srcset attribute, use an https scheme when the image base URL's host matches that of the current host, and the request is being served over HTTPS. This prevents mixed content warnings caused by http embedded media.

See #34945
Props joemcgill

Built from https://develop.svn.wordpress.org/trunk@37022


git-svn-id: http://core.svn.wordpress.org/trunk@36989 1a063a9b-81f0-0310-95a4-ce76da25c4cd

wp-includes/media.php

@@ -1027,6 +1027,14 @@ function wp_calculate_image_srcset( $size_array, $image_src, $image_meta, $attac
 	$upload_dir = wp_get_upload_dir();
 	$image_baseurl = trailingslashit( $upload_dir['baseurl'] ) . $dirname;
 
+	/*
+	 * If currently on HTTPS, prefer HTTPS URLs when we know they're supported by the domain
+	 * (which is to say, when they share the domain name of the current request).
+	 */
+	if ( is_ssl() && 'https' !== substr( $image_baseurl, 0, 5 ) && parse_url( $image_baseurl, PHP_URL_HOST ) === $_SERVER['HTTP_HOST'] ) {
+		$image_baseurl = set_url_scheme( $image_baseurl, 'https' );
+	}
+
 	/*
 	 * Images that have been edited in WordPress after being uploaded will
 	 * contain a unique hash. Look for that hash and use it later to filter

wp-includes/version.php

@@ -4,7 +4,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '4.5-beta3-37021';
+$wp_version = '4.5-beta3-37022';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.