Skip to content

Fix HTTP URLs converted to HTTPS in core install#6229

Open
Copilot wants to merge 3 commits intomainfrom
copilot/fix-wp-core-install-url
Open

Fix HTTP URLs converted to HTTPS in core install#6229
Copilot wants to merge 3 commits intomainfrom
copilot/fix-wp-core-install-url

Conversation

Copy link
Contributor

Copilot AI commented Feb 4, 2026
edited
Loading

Fix for HTTP to HTTPS conversion issue in wp core install --prompt

Root Cause

When running wp core install --prompt with an HTTP URL, the URL is incorrectly converted to HTTPS in the database. The issue is in the WP_CLI::set_url_params() method in php/class-wp-cli.php.

When the URL scheme is 'https', it correctly sets $_SERVER['HTTPS'] = 'on', but when the scheme is 'http', it doesn't explicitly unset or handle $_SERVER['HTTPS']. If this variable is already set in the environment, WordPress's wp_guess_url() function will detect it and use HTTPS for the site URL.

Minimal Change Plan

  • Identify root cause in php/class-wp-cli.php
  • Fix set_url_params() to properly handle HTTP scheme by unsetting $_SERVER['HTTPS']
  • Add test cases for HTTP and HTTPS URL preservation
  • Improve test to properly simulate bug scenario with pre-existing HTTPS variable
  • Run tests to validate the fix (all passing)
  • Review and finalize changes

Changes Made

  1. php/class-wp-cli.php (3 lines changed)

    • Added else clause to unset $_SERVER['HTTPS'] when scheme is not HTTPS
    • This ensures WordPress's wp_guess_url() correctly detects HTTP URLs

  2. features/class-wp-cli.feature (18 lines added)

    • Added test scenario: "HTTP URL scheme clears pre-existing HTTPS server variable"
      • Now properly pre-populates $_SERVER['HTTPS'] to test the actual bug scenario
    • Added test scenario: "HTTPS URL scheme sets HTTPS server variable"

Test Results

  • ✅ All new tests passing (validates regression scenario)
  • ✅ PHPCS linting passed
  • ✅ PHPStan static analysis passed
  • ✅ Behat framework tests passed (14 scenarios, 93 steps)
  • ✅ Code review completed with no issues
  • ✅ Security scan completed with no issues
  • ✅ Manual verification confirms fix works

Security Summary

No security vulnerabilities were discovered or introduced by this change.

Original prompt

This section details on the original issue you should resolve

<issue_title>Using --prompt on 'wp core install' creates a https:// instead of http:// URL</issue_title>
<issue_description>## Bug Report

Describe the current, buggy behavior

When running wp core install --prompt and use an URL with http:// at the beginning, the URL will be changed to https:// in the database.

Describe how other contributors can replicate this bug

  • Prepare local install (server, database, download WP files)
  • Run wp core install --prompt
  • When asked for the URL, write a URL with http:// in the beginning, e.g. http://wp60.test
  • Finish the prompt
  • Check the options table in the database for home and siteurl entires: the URL should be https://wp60.test
  • When trying to open /wp-admin, it always redirects to https://

Describe what you would expect as the correct outcome

When stating an URL with http://, it should be added as http:// to the database and not be converted to https://.

Let us know what environment you are running this on

jessica@Jessicas-MBP wp60.test % wp cli info
OS:	Darwin 21.4.0 Darwin Kernel Version 21.4.0: Mon Feb 21 20:34:37 PST 2022; root:xnu-8020.101.4~2/RELEASE_X86_64 x86_64
Shell:	/bin/zsh
PHP binary:	/Applications/MAMP/bin/php/php8.1.0/bin/php
PHP version:	8.1.0
php.ini used:	/Applications/MAMP/bin/php/php8.1.0/conf/php.ini
MySQL binary:	/Applications/MAMP/Library/bin//mysql
MySQL version:	mysql  Ver 14.14 Distrib 5.7.34, for osx10.12 (x86_64) using  EditLine wrapper
SQL modes:
WP-CLI root dir:	phar://wp-cli.phar/vendor/wp-cli/wp-cli
WP-CLI vendor dir:	phar://wp-cli.phar/vendor
WP_CLI phar path:	/Users/jessica/Sites/wp60.test
WP-CLI packages dir:	/Users/jessica/.wp-cli/packages/
WP-CLI global config:
WP-CLI project config:
WP-CLI version:	2.6.0

Also running MAMP Pro 6.6 on macOS Monterey (12.3).

Provide additional context/Screenshots

See this Twitter thread, where @pixolin kindly tested this on his machine (different setup, but same problem): https://twitter.com/pixolin/status/1517132670899081216
</issue_description>

Comments on the Issue (you are @copilot in this section)

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

@codecov
Copy link

codecov bot commented Feb 4, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

@swissspidy
Fix HTTP to HTTPS conversion in wp core install --prompt
baffd05 
- Modified WP_CLI::set_url_params() to unset $_SERVER['HTTPS'] when scheme is not HTTPS
- Added tests to verify HTTP and HTTPS URL schemes are preserved correctly
- All tests passing

Co-authored-by: swissspidy <841956+swissspidy@users.noreply.github.com>
Copilot AI changed the title [WIP] Fix URL scheme when using --prompt with wp core install Fix HTTP URLs converted to HTTPS in core install Feb 4, 2026
Copilot AI requested a review from swissspidy February 4, 2026 16:21
@swissspidy swissspidy requested a review from Copilot February 4, 2026 19:10

This comment was marked as resolved.

Sign in to view

@swissspidy
Improve test to validate regression with pre-existing HTTPS variable
722f7b1 
The test now properly simulates the bug scenario by pre-populating $_SERVER['HTTPS']
before calling set_url() with an HTTP URL. This ensures the test would fail without
the unset() fix, properly guarding against regression.

Co-authored-by: swissspidy <841956+swissspidy@users.noreply.github.com>
@swissspidy

This comment was marked as resolved.

Sign in to view
gemini-code-assist[bot]

This comment was marked as resolved.

Sign in to view

@swissspidy swissspidy marked this pull request as ready for review February 7, 2026 14:00
@swissspidy swissspidy requested a review from a team as a code owner February 7, 2026 14:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@swissspidy swissspidy Awaiting requested review from swissspidy

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

@swissspidy swissspidy

Copilot code review Copilot

Labels

bug command:core command:core-install

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Using --prompt on 'wp core install' creates a https:// instead of http:// URL

2 participants

@swissspidy