Today I noticed that the comment’s author pictures are broken. Some are visible, some are not.
Using Chrome’s Inspect Element function, I can see that the image URL starts with http://0.gravatar.com/avatar/. When I opened the image URL, Chrome shown “This site can’t be reached” error. My first instinct was replacing http with https. And voila… the the image loads.
Now I need to make this fix permanent on this blog. Digging through the sidebar source code, I found that the avatar image URL is produced by this function: get_avatar (codex URL). This function can be found inside file wp-includes\pluggable.php.
I proceed by adding this change at line 2415 (WordPress 4.8)
if (strpos($url,"gravatar")>=0) { $url = str_replace("http://","https://",$url); }
Then I realized that my changes could be overwritten by WordPress future updates. Luckily, this function is pluggable. I can just copy over the whole function into my theme’s functions.php. I need to put the function into a plugin and then activate it. This is the only way to override the default get_avatar function.
Since I felt that my approach of using str_replace is probably the worst :D, I Googled for this topic. As it turned out, someone asked about this topic 3 years ago. In that page I confirm that my approach is indeed bad. There is a parameter to indicate what protocol Gravatar will use.
get_avatar( $id, $size, null, false, array('scheme' => 'https') );
By default this parameter is set to null. So I just need to change it to ‘https’.
function get_avatar( $id_or_email, $size = 96, $default = '', $alt = '', $args = null ) { $defaults = array( // get_avatar_data() args. 'size' => 96, 'height' => null, 'width' => null, 'default' => get_option( 'avatar_default', 'mystery' ), 'force_default' => false, 'rating' => get_option( 'avatar_rating' ), 'scheme' => 'https', // 'scheme' => null, 'alt' => '', 'class' => null, 'force_display' => false, 'extra_attr' => '', ); // ... SNIPPED ... }
Finally, I bundled this function into a plugin called gravatar-secure. I didn’t bother to submit this plugin to WordPress Plugin Directory since it’s too simple 😀
So if you have similar issue to what I have, you can download the zip file below, extract and examine the source code. Once you’re sure my code is not malicious, you can upload the gravatar-secure folder into your WP’s plugins folder then activate the plugin.
Disclaimer: No guarantee, no warranty whatsoever. Do at your own risk.
loading...
About Hardono
Incoming Search
bugs, php, wordpress