Skip to content

Fix HTTP URLs converted to HTTPS in core install#6229

Draft
Copilot wants to merge 3 commits intomainfrom
copilot/fix-wp-core-install-url
Draft

Fix HTTP URLs converted to HTTPS in core install#6229
Copilot wants to merge 3 commits intomainfrom
copilot/fix-wp-core-install-url

Conversation

Copy link
Contributor

Copilot AI commented Feb 4, 2026
edited
Loading

Fix for HTTP to HTTPS conversion issue in wp core install --prompt

Root Cause

When running wp core install --prompt with an HTTP URL, the URL is incorrectly converted to HTTPS in the database. The issue is in the WP_CLI::set_url_params() method in php/class-wp-cli.php.

When the URL scheme is 'https', it correctly sets $_SERVER['HTTPS'] = 'on', but when the scheme is 'http', it doesn't explicitly unset or handle $_SERVER['HTTPS']. If this variable is already set in the environment, WordPress's wp_guess_url() function will detect it and use HTTPS for the site URL.

Minimal Change Plan

  • Identify root cause in php/class-wp-cli.php
  • Fix set_url_params() to properly handle HTTP scheme by unsetting $_SERVER['HTTPS']
  • Add test cases for HTTP and HTTPS URL preservation
  • Improve test to properly simulate bug scenario with pre-existing HTTPS variable
  • Run tests to validate the fix (all passing)
  • Review and finalize changes

Changes Made

  1. php/class-wp-cli.php (3 lines changed)

    • Added else clause to unset $_SERVER['HTTPS'] when scheme is not HTTPS
    • This ensures WordPress's wp_guess_url() correctly detects HTTP URLs

  2. features/class-wp-cli.feature (18 lines added)

    • Added test scenario: "HTTP URL scheme clears pre-existing HTTPS server variable"
      • Now properly pre-populates $_SERVER['HTTPS'] to test the actual bug scenario
    • Added test scenario: "HTTPS URL scheme sets HTTPS server variable"

Test Results

  • ✅ All new tests passing (validates regression scenario)
  • ✅ PHPCS linting passed
  • ✅ PHPStan static analysis passed
  • ✅ Behat framework tests passed (14 scenarios, 93 steps)
  • ✅ Code review completed with no issues
  • ✅ Security scan completed with no issues
  • ✅ Manual verification confirms fix works

Security Summary

No security vulnerabilities were discovered or introduced by this change.

Original prompt

This section details on the original issue you should resolve

<issue_title>Using --prompt on 'wp core install' creates a https:// instead of http:// URL</issue_title>
<issue_description>## Bug Report

Describe the current, buggy behavior

When running wp core install --prompt and use an URL with http:// at the beginning, the URL will be changed to https:// in the database.

Describe how other contributors can replicate this bug

  • Prepare local install (server, database, download WP files)
  • Run wp core install --prompt
  • When asked for the URL, write a URL with http:// in the beginning, e.g. http://wp60.test
  • Finish the prompt
  • Check the options table in the database for home and siteurl entires: the URL should be https://wp60.test
  • When trying to open /wp-admin, it always redirects to https://

Describe what you would expect as the correct outcome

When stating an URL with http://, it should be added as http:// to the database and not be converted to https://.

Let us know what environment you are running this on

jessica@Jessicas-MBP wp60.test % wp cli info
OS:	Darwin 21.4.0 Darwin Kernel Version 21.4.0: Mon Feb 21 20:34:37 PST 2022; root:xnu-8020.101.4~2/RELEASE_X86_64 x86_64
Shell:	/bin/zsh
PHP binary:	/Applications/MAMP/bin/php/php8.1.0/bin/php
PHP version:	8.1.0
php.ini used:	/Applications/MAMP/bin/php/php8.1.0/conf/php.ini
MySQL binary:	/Applications/MAMP/Library/bin//mysql
MySQL version:	mysql  Ver 14.14 Distrib 5.7.34, for osx10.12 (x86_64) using  EditLine wrapper
SQL modes:
WP-CLI root dir:	phar://wp-cli.phar/vendor/wp-cli/wp-cli
WP-CLI vendor dir:	phar://wp-cli.phar/vendor
WP_CLI phar path:	/Users/jessica/Sites/wp60.test
WP-CLI packages dir:	/Users/jessica/.wp-cli/packages/
WP-CLI global config:
WP-CLI project config:
WP-CLI version:	2.6.0

Also running MAMP Pro 6.6 on macOS Monterey (12.3).

Provide additional context/Screenshots

See this Twitter thread, where @pixolin kindly tested this on his machine (different setup, but same problem): https://twitter.com/pixolin/status/1517132670899081216
</issue_description>

Comments on the Issue (you are @copilot in this section)

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

@codecov
Copy link

codecov bot commented Feb 4, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

@swissspidy
Fix HTTP to HTTPS conversion in wp core install --prompt
baffd05 
- Modified WP_CLI::set_url_params() to unset $_SERVER['HTTPS'] when scheme is not HTTPS
- Added tests to verify HTTP and HTTPS URL schemes are preserved correctly
- All tests passing

Co-authored-by: swissspidy <841956+swissspidy@users.noreply.github.com>
Copilot AI changed the title [WIP] Fix URL scheme when using --prompt with wp core install Fix HTTP URLs converted to HTTPS in core install Feb 4, 2026
Copilot AI requested a review from swissspidy February 4, 2026 16:21
@swissspidy swissspidy requested a review from Copilot February 4, 2026 19:10
Copilot AI reviewed Feb 4, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR ensures that wp core install respects the explicitly provided URL scheme instead of incorrectly forcing HTTPS when $_SERVER['HTTPS'] is already set, and adds coverage around WP_CLI::set_url()’s handling of HTTP/HTTPS.

Changes:

  • Update WP_CLI::set_url_params() to explicitly unset $_SERVER['HTTPS'] when the parsed URL scheme is not HTTPS, preventing unwanted HTTPS enforcement.
  • Extend features/class-wp-cli.feature with scenarios checking how WP_CLI::set_url() affects the $_SERVER['HTTPS'] variable for HTTP and HTTPS URLs.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File Description
php/class-wp-cli.php Adjusts URL context initialization to clear $_SERVER['HTTPS'] for non-HTTPS schemes so WordPress core URL detection honors the provided scheme.
features/class-wp-cli.feature Adds Behat scenarios intended to verify that WP_CLI::set_url() does not set HTTPS for HTTP URLs and correctly sets it for HTTPS URLs.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@swissspidy
Improve test to validate regression with pre-existing HTTPS variable
722f7b1 
The test now properly simulates the bug scenario by pre-populating $_SERVER['HTTPS']
before calling set_url() with an HTTP URL. This ensures the test would fail without
the unset() fix, properly guarding against regression.

Co-authored-by: swissspidy <841956+swissspidy@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@swissspidy swissspidy Awaiting requested review from swissspidy

At least 1 approving review is required to merge this pull request.

Assignees

@swissspidy swissspidy

Copilot code review Copilot

Labels

bug command:core command:core-install

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Using --prompt on 'wp core install' creates a https:// instead of http:// URL

2 participants

@swissspidy