nickdaugherty
commented
9 years ago We'll need to be sure things like if ( strpos( $domain, 'http://' ) ) don't trigger errors. With the new PHP Parser, we can probably limit the check to only spots outside a conditional.
We'd also want to be sure that the check only applied on the site's domain - we wouldn't want to flag something like $profile = 'http://twitter.com/username';
Since everything is moving to forced https we should flag when http is hardcoded. Things should always be protocol agnostic as much as possible. (Even if their primary domain is not HTTPS when previewing we will be forcing HTTPS)