Really Simple SSL - Version 2.5.25

Version Description

Fix: "switch mixed content fixer hook" option not visible on the multisites settings page
Tweak: several typo's and uppercasing

Release Info

Developer	RogierLankhorst
Plugin	Really Simple SSL
Version	2.5.25
Comparing to
See all releases

Code changes from version 2.5.24 to 2.5.25

Files changed (19) hide show

class-admin.php +43 -41
class-cache.php +1 -1
class-front-end.php +162 -155
class-help.php +1 -1
class-mixed-content-fixer.php +1 -1
class-multisite.php +16 -16
class-server.php +1 -1
force-deactivate.txt +1 -1
readme.txt +25 -21
rlrsssl-really-simple-ssl.php +6 -6
ssl-test-page.php +1 -1
testssl/cdn/ssl-test-page.html +1 -1
testssl/cloudflare/ssl-test-page.html +1 -1
testssl/cloudfront/ssl-test-page.html +1 -1
testssl/envhttps/ssl-test-page.html +1 -1
testssl/loadbalancer/ssl-test-page.html +1 -1
testssl/serverhttps1/ssl-test-page.html +1 -1
testssl/serverhttpson/ssl-test-page.html +1 -1
testssl/serverport443/ssl-test-page.html +1 -1

class-admin.php CHANGED Viewed

	@@ -1,5 +1,5 @@
1	<?php
2	- defined('ABSPATH') or die("you do not have ~~acces~~ to this page!");
3
4	class rsssl_admin extends rsssl_front_end {
5
	@@ -112,7 +112,7 @@ defined('ABSPATH') or die("you do not have acces to this page!");
112	}
113	}
114
115	- //when ~~ssl~~ is enabled, and not enabled by user, ask for activation.
116	add_action("admin_notices", array($this, 'show_notice_activate_ssl'),10);
117
118	add_action('plugins_loaded', array($this,'check_plugin_conflicts'),30);
	@@ -166,7 +166,7 @@ defined('ABSPATH') or die("you do not have acces to this page!");
166
167
168	/*
169	- checks if the user just clicked the "activate ~~ssl~~" button.
170	*/
171
172	private function clicked_activate_ssl() {
	@@ -216,7 +216,7 @@ defined('ABSPATH') or die("you do not have acces to this page!");
216	}
217
218	/*
219	- This message is shown when no ~~ssl~~ is not enabled by the user yet
220	*/
221
222	public function show_notice_activate_ssl(){
	@@ -241,7 +241,7 @@ defined('ABSPATH') or die("you do not have acces to this page!");
241	$current_url = "https://".$_SERVER["HTTP_HOST"].$_SERVER["REQUEST_URI"];
242	?>
243	<div id="message" class="error fade notice activate-ssl">
244	- <p><?php _e("No SSL was detected. If you do have an ~~ssl~~ certificate, try to reload this page over https by clicking this link:","really-simple-ssl");?> <a href="<?php echo $current_url?>"><?php _e("reload over https.","really-simple-ssl");?></a>
245	<?php _e("You can check your certificate on","really-simple-ssl");?> <a target="_blank" href="https://www.ssllabs.com/ssltest/">Qualys SSL Labs</a>
246	</p>
247	</div>
	@@ -255,7 +255,7 @@ defined('ABSPATH') or die("you do not have acces to this page!");
255	<p>
256	<ul>
257	<li><?php _e('Http references in your .css and .js files: change any http:// into //','really-simple-ssl');?></li>
258	- <li><?php _e('Images, stylesheets or scripts from a domain without an ~~ssl~~ certificate: remove them or move to your own server.','really-simple-ssl');?></li>
259	</ul>
260	</p>
261	<?php $this->show_pro(); ?>
	@@ -371,7 +371,7 @@ defined('ABSPATH') or die("you do not have acces to this page!");
371	}
372
373	/**
374	- * Creates an array of all domains where the plugin is active AND ~~ssl~~ is active, only used for multisite.
375	*
376	* @since 2.1
377	*
	@@ -381,7 +381,7 @@ defined('ABSPATH') or die("you do not have acces to this page!");
381
382	public function build_domain_list() {
383	if (!is_multisite()) return;
384	- //create list of all activated sites with ~~ssl~~
385	$this->sites = array();
386	$sites = $this->get_sites_bw_compatible();
387	if ($this->debug) $this->trace_log("building domain list for multisite...");
	@@ -440,7 +440,7 @@ defined('ABSPATH') or die("you do not have acces to this page!");
440	}
441
442	/**
443	- * Configures the site for ~~ssl~~
444	*
445	* @since 2.2
446	*
	@@ -709,7 +709,7 @@ defined('ABSPATH') or die("you do not have acces to this page!");
709
710
711	/**
712	- * Getting ~~Wordpress~~ to recognize setup as being ~~ssl~~ when no https server variable is available
713	*
714	* @since 2.1
715	*
	@@ -767,7 +767,7 @@ protected function get_server_variable_fix_code(){
767	}
768
769	if (is_multisite() && !RSSSL()->rsssl_multisite->ssl_enabled_networkwide && count($this->sites)==0) {
770	- if ($this->debug) $this->trace_log("no sites left with ~~ssl~~, wp config server variable fix skipped");
771	return "";
772	}
773
	@@ -957,7 +957,7 @@ protected function get_server_variable_fix_code(){
957
958
959	/**
960	- * Checks if we are currently on ~~ssl~~ protocol, but extends standard wp with loadbalancer check.
961	*
962	* @since 2.0
963	*
	@@ -1004,7 +1004,7 @@ protected function get_server_variable_fix_code(){
1004	$this->trace_log("plugin version: ".rsssl_version);
1005	$old_ssl_setting = $this->site_has_ssl;
1006	$filecontents = "";
1007	- //if current page is on ~~ssl~~, we can assume ~~ssl~~ is available, even when an errormsg was returned
1008	if($this->is_ssl_extended()){
1009	$this->trace_log("Already on SSL, start detecting configuration");
1010	$this->site_has_ssl = TRUE;
	@@ -1012,7 +1012,7 @@ protected function get_server_variable_fix_code(){
1012	//we're not on SSL, or no server vars were returned, so test with the test-page.
1013	//plugin url: domain.com/wp-content/etc
1014	$testpage_url = trailingslashit($this->test_url())."ssl-test-page.php";
1015	- $this->trace_log("Opening testpage to check for ~~ssl~~: ".$testpage_url);
1016
1017	$response = wp_remote_get( $testpage_url );
1018
	@@ -1030,12 +1030,12 @@ protected function get_server_variable_fix_code(){
1030	$this->site_has_ssl = FALSE;
1031	$error = "";
1032	if (is_wp_error( $response ) ) $error = $response->get_error_message();
1033	- $this->trace_log("No ~~ssl~~ detected. No certificate, or the testpage is blocked by security settings. The ~~ssl~~ testpage returned the error: ".$error);
1034	}
1035	}
1036
1037	if ($this->site_has_ssl) {
1038	- //check the type of ~~ssl~~, either by parsing the returned string, or by reading the server vars.
1039	if ((strpos($filecontents, "#CLOUDFRONT#") !== false) \|\| (isset($_SERVER['HTTP_CLOUDFRONT_FORWARDED_PROTO']) && ($_SERVER['HTTP_CLOUDFRONT_FORWARDED_PROTO'] == 'https'))) {
1040	$this->ssl_type = "CLOUDFRONT";
1041	} elseif ((strpos($filecontents, "#CLOUDFLARE#") !== false) \|\| (isset($_SERVER['HTTP_CF_VISITOR']) && ($_SERVER['HTTP_CF_VISITOR'] == 'https'))) {
	@@ -1077,7 +1077,7 @@ protected function get_server_variable_fix_code(){
1077	}
1078	}
1079
1080	- $this->trace_log("~~ssl~~ type: ".$this->ssl_type);
1081	}
1082	$this->check_for_siteurl_in_wpconfig();
1083
	@@ -1146,7 +1146,7 @@ protected function get_server_variable_fix_code(){
1146	if (is_wp_error( $response )) {
1147	$this->trace_log("htaccess rules test failed with error: ".$response->get_error_message());
1148	} else {
1149	- $this->trace_log("htaccess test rules failed. Set WordPress redirect in settings/~~ssl~~");
1150	}
1151	}
1152	}
	@@ -1287,7 +1287,7 @@ protected function get_server_variable_fix_code(){
1287
1288
1289	/*
1290	- * Checks if the htaccess contains the ~~really~~ ~~simple~~ ~~ssl~~ comment.
1291	*
1292	*/
1293
	@@ -1324,7 +1324,7 @@ protected function get_server_variable_fix_code(){
1324	}
1325
1326	/**
1327	- * Checks if the ~~hsts~~ rule is already in the htaccess file
1328	* Set the hsts variable in the db accordingly. applies to preload version as well.
1329	*
1330	* @since 2.1
	@@ -1377,7 +1377,7 @@ protected function get_server_variable_fix_code(){
1377
1378	//check if editing is blocked.
1379	if ($this->do_not_edit_htaccess) {
1380	- $this->trace_log("Edit of .htaccess blocked by setting or define 'do not edit htaccess' in ~~really~~ ~~simple~~ ~~ssl~~.");
1381	return;
1382	}
1383
	@@ -1424,7 +1424,7 @@ protected function get_server_variable_fix_code(){
1424
1425	$rules = $this->get_redirect_rules();
1426
1427	- //insert rules before ~~wordpress~~ part.
1428	$wptag = "# BEGIN WordPress";
1429	if (strpos($htaccess, $wptag)!==false) {
1430	$htaccess = str_replace($wptag, $rules.$wptag, $htaccess);
	@@ -1476,7 +1476,7 @@ protected function get_server_variable_fix_code(){
1476	public function get_redirect_rules($manual=false) {
1477	if (!current_user_can($this->capability)) return;
1478	$this->trace_log("retrieving redirect rules");
1479	- //only add the redirect rules when a known type of ~~ssl~~ was detected. Otherwise, we use https.
1480	$rule = "";
1481
1482	//if the htaccess test was successfull, and we know the redirectype, edit
	@@ -1491,7 +1491,7 @@ protected function get_server_variable_fix_code(){
1491	//$last_type = array_pop($types);
1492	// reset($this->ssl_type);
1493	// $type = key($this->ssl_type);
1494	- //select rewrite condition based on detected type of ~~ssl~~
1495	//foreach($this->ssl_type as $type => $value) {
1496	$or = "";
1497	//if ($last_type != $type) $or = " [OR] ";
	@@ -1604,7 +1604,7 @@ public function show_notice_wpconfig_needs_fixes(){ ?>
1604
1605	if ( $this->no_server_variable ) {
1606	?>
1607	- <p><?php echo __('Because your server does not pass a variable with which ~~Wordpress~~ can detect SSL, ~~Wordpress~~ may create redirect loops on SSL.','really-simple-ssl');?></p>
1608	<p><?php echo __("Set your wp-config.php to writable and reload this page.", "really-simple-ssl");?></p>
1609	<?php
1610	}
	@@ -1635,7 +1635,7 @@ public function show_notices()
1635	?>
1636	<div id="message" class="error fade notice is-dismissible rlrsssl-htaccess">
1637	<p>
1638	- <?php echo __("~~Your~~ do not have a 301 redirect to https ~~activated~~ in the settings. For SEO purposes it is ~~advisable~~ to use 301 redirects. You can enable a 301 redirect in the settings.","really-simple-ssl");?>
1639	<a href="options-general.php?page=rlrsssl_really_simple_ssl"><?php echo __("View settings page","really-simple-ssl");?></a>
1640	</p>
1641	</div>
	@@ -1676,15 +1676,15 @@ public function show_notices()
1676	<?php
1677	}
1678
1679	- //some notices for ~~ssl~~ situations
1680	if ($this->site_has_ssl) {
1681	if (sizeof($this->plugin_conflict)>0) {
1682	- //pre ~~Woocommerce~~ 2.5
1683	if (isset($this->plugin_conflict["WOOCOMMERCE_FORCEHTTP"]) && $this->plugin_conflict["WOOCOMMERCE_FORCEHTTP"] && isset($this->plugin_conflict["WOOCOMMERCE_FORCESSL"]) && $this->plugin_conflict["WOOCOMMERCE_FORCESSL"]) {
1684	?>
1685	<div id="message" class="error fade notice"><p>
1686	<?php _e("Really Simple SSL has a conflict with another plugin.","really-simple-ssl");?><br>
1687	- <?php _e("The force http after leaving checkout in ~~Woocommerce~~ will create a redirect loop.","really-simple-ssl");?><br>
1688	<a href="admin.php?page=wc-settings&tab=checkout"><?php _e("Show me this setting","really-simple-ssl");?></a>
1689	</p></div>
1690	<?php
	@@ -1694,7 +1694,7 @@ public function show_notices()
1694	}
1695
1696	/**
1697	- * Insert some ajax script to ~~dismis~~ the ~~ssl~~ success message, and stop nagging about it
1698	*
1699	* @since 2.0
1700	*
	@@ -1759,7 +1759,7 @@ public function insert_dismiss_htaccess() {
1759	*/
1760
1761	public function dismiss_success_message_callback() {
1762	- //nonce check fails if url is changed to ~~ssl~~.
1763	//check_ajax_referer( 'really-simple-ssl-dismiss', 'security' );
1764	$this->ssl_success_message_shown = TRUE;
1765	$this->save_options();
	@@ -1907,7 +1907,7 @@ public function settings_page() {
1907	if ($mixed_content_fixer_detected) {
1908	_e("Mixed content fixer was successfully detected on the front-end","really-simple-ssl")." ";
1909	} else {
1910	- _e('The mixed content fixer is ~~activated~~, but was not detected on the frontpage. Please follow these steps to check if the mixed content fixer is working.',"really-simple-ssl").": ";
1911	echo ' <a target="_blank" href="https://www.really-simple-ssl.com/knowledge-base/how-to-check-if-the-mixed-content-fixer-is-active/">';
1912	_e('Instructions', 'really-simple-ssl');
1913	echo '</a>';
	@@ -1975,6 +1975,7 @@ public function settings_page() {
1975	/*
1976	Second tab, Settings
1977	*/

1978	?>
1979	<form action="options.php" method="post">
1980	<?php
	@@ -2041,7 +2042,7 @@ public function settings_page() {
2041	}
2042
2043	/**
2044	- * Returns a ~~succes~~, error or warning image for the settings page
2045	*
2046	* @since 2.0
2047	*
	@@ -2142,10 +2143,10 @@ public function configuration_page_more(){
2142	} else {
2143	if (!$this->ssl_enabled) { ?>
2144	<p><?php _e("If you want to be sure you're ready to migrate to SSL, get Premium, which includes an extensive scan and premium support.", "really-simple-ssl")?>
2145	-  <a target="_blank" href="<?php echo $this->pro_url?>">Learn more</a></p>
2146	<?php } else { ?>
2147	<p><?php _e('Still having issues with mixed content? Check out Premium, which includes an extensive scan and premium support. ', "really-simple-ssl")?>
2148	-  <a target="_blank" href="<?php echo $this->pro_url?>">Learn more</a></p>
2149	<?php
2150	}
2151	}
	@@ -2165,7 +2166,7 @@ public function create_form(){
2165	add_settings_section('rlrsssl_settings', __("Settings","really-simple-ssl"), array($this,'section_text'), 'rlrsssl');
2166	add_settings_field('id_autoreplace_insecure_links', __("Auto replace mixed content","really-simple-ssl"), array($this,'get_option_autoreplace_insecure_links'), 'rlrsssl', 'rlrsssl_settings');
2167
2168	- //only show option to enable or disable mixed content and redirect when ~~ssl~~ is detected
2169	if($this->ssl_enabled) {
2170	add_settings_field('id_wp_redirect', __("Enable WordPress 301 redirection to SSL","really-simple-ssl"), array($this,'get_option_wp_redirect'), 'rlrsssl', 'rlrsssl_settings');
2171
	@@ -2174,16 +2175,17 @@ public function create_form(){
2174	add_settings_field('id_htaccess_redirect', __("Enable 301 .htaccess redirect","really-simple-ssl"), array($this,'get_option_htaccess_redirect'), 'rlrsssl', 'rlrsssl_settings');
2175	}
2176
2177	- add_settings_field('id_javascript_redirect', __("Enable ~~javascript~~ redirection to ~~ssl~~","really-simple-ssl"), array($this,'get_option_javascript_redirect'), 'rlrsssl', 'rlrsssl_settings');
2178	}
2179
2180	add_settings_field('id_debug', __("Debug","really-simple-ssl"), array($this,'get_option_debug'), 'rlrsssl', 'rlrsssl_settings');
2181	//on multisite this setting can only be set networkwide
2182	if (RSSSL()->rsssl_server->uses_htaccess() && !is_multisite()) {
2183	add_settings_field('id_do_not_edit_htaccess', __("Stop editing the .htaccess file","really-simple-ssl"), array($this,'get_option_do_not_edit_htaccess'), 'rlrsssl', 'rlrsssl_settings');
2184	- add_settings_field('id_switch_mixed_content_fixer_hook', __("Switch mixed content fixer hook","really-simple-ssl"), array($this,'get_option_switch_mixed_content_fixer_hook'), 'rlrsssl', 'rlrsssl_settings');
2185	-
2186	}



2187	}
2188	/**
2189	* Insert some explanation above the form
	@@ -2371,7 +2373,7 @@ public function get_option_wp_redirect() {
2371
2372	if ($this->htaccess_redirect && (!is_writable($this->ABSpath.".htaccess") \|\| !$this->htaccess_test_success)) {
2373	echo "<br><br>";
2374	- if (!is_writable($this->ABSpath.".htaccess")) _e("The .htaccess file is not writable. Add these lines to your .htaccess manually, or set ~~give~~ writing permissions", "really-simple-ssl");
2375	if (!$this->htaccess_test_success) _e("The .htaccess redirect rules that were selected by this plugin failed in the test. The following redirect rules were tested:", "really-simple-ssl");
2376	echo "<br><br>";
2377	if ($this->ssl_type!="NA") {
	@@ -2553,7 +2555,7 @@ public function getABSPATH(){
2553	}
2554
2555	/**
2556	- * Find if this ~~wordpress~~ installation is installed in a subdirectory
2557	*
2558	* @since 2.0
2559	*


1	<?php
2	+ defined('ABSPATH') or die("you do not have access to this page!");
3
4	class rsssl_admin extends rsssl_front_end {
5

112	}
113	}
114
115	+ //when SSL is enabled, and not enabled by user, ask for activation.
116	add_action("admin_notices", array($this, 'show_notice_activate_ssl'),10);
117
118	add_action('plugins_loaded', array($this,'check_plugin_conflicts'),30);

166
167
168	/*
169	+ checks if the user just clicked the "activate SSL" button.
170	*/
171
172	private function clicked_activate_ssl() {

216	}
217
218	/*
219	+ This message is shown when no SSL is not enabled by the user yet
220	*/
221
222	public function show_notice_activate_ssl(){

241	$current_url = "https://".$_SERVER["HTTP_HOST"].$_SERVER["REQUEST_URI"];
242	?>
243	<div id="message" class="error fade notice activate-ssl">
244	+ <p><?php _e("No SSL was detected. If you do have an SSL certificate, try to reload this page over https by clicking this link:","really-simple-ssl");?> <a href="<?php echo $current_url?>"><?php _e("reload over https.","really-simple-ssl");?></a>
245	<?php _e("You can check your certificate on","really-simple-ssl");?> <a target="_blank" href="https://www.ssllabs.com/ssltest/">Qualys SSL Labs</a>
246	</p>
247	</div>

255	<p>
256	<ul>
257	<li><?php _e('Http references in your .css and .js files: change any http:// into //','really-simple-ssl');?></li>
258	+ <li><?php _e('Images, stylesheets or scripts from a domain without an SSL certificate: remove them or move to your own server.','really-simple-ssl');?></li>
259	</ul>
260	</p>
261	<?php $this->show_pro(); ?>

371	}
372
373	/**
374	+ * Creates an array of all domains where the plugin is active AND SSL is active, only used for multisite.
375	*
376	* @since 2.1
377	*

381
382	public function build_domain_list() {
383	if (!is_multisite()) return;
384	+ //create list of all activated sites with SSL
385	$this->sites = array();
386	$sites = $this->get_sites_bw_compatible();
387	if ($this->debug) $this->trace_log("building domain list for multisite...");

440	}
441
442	/**
443	+ * Configures the site for SSL
444	*
445	* @since 2.2
446	*

709
710
711	/**
712	+ * Getting WordPress to recognize setup as being SSL when no https server variable is available
713	*
714	* @since 2.1
715	*

767	}
768
769	if (is_multisite() && !RSSSL()->rsssl_multisite->ssl_enabled_networkwide && count($this->sites)==0) {
770	+ if ($this->debug) $this->trace_log("no sites left with SSL, wp config server variable fix skipped");
771	return "";
772	}
773

957
958
959	/**
960	+ * Checks if we are currently on SSL protocol, but extends standard wp with loadbalancer check.
961	*
962	* @since 2.0
963	*

1004	$this->trace_log("plugin version: ".rsssl_version);
1005	$old_ssl_setting = $this->site_has_ssl;
1006	$filecontents = "";
1007	+ //if current page is on SSL, we can assume SSL is available, even when an errormsg was returned
1008	if($this->is_ssl_extended()){
1009	$this->trace_log("Already on SSL, start detecting configuration");
1010	$this->site_has_ssl = TRUE;

1012	//we're not on SSL, or no server vars were returned, so test with the test-page.
1013	//plugin url: domain.com/wp-content/etc
1014	$testpage_url = trailingslashit($this->test_url())."ssl-test-page.php";
1015	+ $this->trace_log("Opening testpage to check for SSL: ".$testpage_url);
1016
1017	$response = wp_remote_get( $testpage_url );
1018

1030	$this->site_has_ssl = FALSE;
1031	$error = "";
1032	if (is_wp_error( $response ) ) $error = $response->get_error_message();
1033	+ $this->trace_log("No SSL detected. No certificate, or the testpage is blocked by security settings. The SSL testpage returned the error: ".$error);
1034	}
1035	}
1036
1037	if ($this->site_has_ssl) {
1038	+ //check the type of SSL, either by parsing the returned string, or by reading the server vars.
1039	if ((strpos($filecontents, "#CLOUDFRONT#") !== false) \|\| (isset($_SERVER['HTTP_CLOUDFRONT_FORWARDED_PROTO']) && ($_SERVER['HTTP_CLOUDFRONT_FORWARDED_PROTO'] == 'https'))) {
1040	$this->ssl_type = "CLOUDFRONT";
1041	} elseif ((strpos($filecontents, "#CLOUDFLARE#") !== false) \|\| (isset($_SERVER['HTTP_CF_VISITOR']) && ($_SERVER['HTTP_CF_VISITOR'] == 'https'))) {

1077	}
1078	}
1079
1080	+ $this->trace_log("SSL type: ".$this->ssl_type);
1081	}
1082	$this->check_for_siteurl_in_wpconfig();
1083

1146	if (is_wp_error( $response )) {
1147	$this->trace_log("htaccess rules test failed with error: ".$response->get_error_message());
1148	} else {
1149	+ $this->trace_log("htaccess test rules failed. Set WordPress redirect in settings/SSL");
1150	}
1151	}
1152	}

1287
1288
1289	/*
1290	+ * Checks if the htaccess contains the Really Simple SSL comment.
1291	*
1292	*/
1293

1324	}
1325
1326	/**
1327	+ * Checks if the HSTS rule is already in the htaccess file
1328	* Set the hsts variable in the db accordingly. applies to preload version as well.
1329	*
1330	* @since 2.1

1377
1378	//check if editing is blocked.
1379	if ($this->do_not_edit_htaccess) {
1380	+ $this->trace_log("Edit of .htaccess blocked by setting or define 'do not edit htaccess' in Really Simple SSL.");
1381	return;
1382	}
1383

1424
1425	$rules = $this->get_redirect_rules();
1426
1427	+ //insert rules before WordPress part.
1428	$wptag = "# BEGIN WordPress";
1429	if (strpos($htaccess, $wptag)!==false) {
1430	$htaccess = str_replace($wptag, $rules.$wptag, $htaccess);

1476	public function get_redirect_rules($manual=false) {
1477	if (!current_user_can($this->capability)) return;
1478	$this->trace_log("retrieving redirect rules");
1479	+ //only add the redirect rules when a known type of SSL was detected. Otherwise, we use https.
1480	$rule = "";
1481
1482	//if the htaccess test was successfull, and we know the redirectype, edit

1491	//$last_type = array_pop($types);
1492	// reset($this->ssl_type);
1493	// $type = key($this->ssl_type);
1494	+ //select rewrite condition based on detected type of SSL
1495	//foreach($this->ssl_type as $type => $value) {
1496	$or = "";
1497	//if ($last_type != $type) $or = " [OR] ";

1604
1605	if ( $this->no_server_variable ) {
1606	?>
1607	+ <p><?php echo __('Because your server does not pass a variable with which WordPress can detect SSL, WordPress may create redirect loops on SSL.','really-simple-ssl');?></p>
1608	<p><?php echo __("Set your wp-config.php to writable and reload this page.", "really-simple-ssl");?></p>
1609	<?php
1610	}

1635	?>
1636	<div id="message" class="error fade notice is-dismissible rlrsssl-htaccess">
1637	<p>
1638	+ <?php echo __("You do not have a 301 redirect to https active in the settings. For SEO purposes it is advised to use 301 redirects. You can enable a 301 redirect in the settings.","really-simple-ssl");?>
1639	<a href="options-general.php?page=rlrsssl_really_simple_ssl"><?php echo __("View settings page","really-simple-ssl");?></a>
1640	</p>
1641	</div>

1676	<?php
1677	}
1678
1679	+ //some notices for SSL situations
1680	if ($this->site_has_ssl) {
1681	if (sizeof($this->plugin_conflict)>0) {
1682	+ //pre WooCommerce 2.5
1683	if (isset($this->plugin_conflict["WOOCOMMERCE_FORCEHTTP"]) && $this->plugin_conflict["WOOCOMMERCE_FORCEHTTP"] && isset($this->plugin_conflict["WOOCOMMERCE_FORCESSL"]) && $this->plugin_conflict["WOOCOMMERCE_FORCESSL"]) {
1684	?>
1685	<div id="message" class="error fade notice"><p>
1686	<?php _e("Really Simple SSL has a conflict with another plugin.","really-simple-ssl");?><br>
1687	+ <?php _e("The force http after leaving checkout in WooCommerce will create a redirect loop.","really-simple-ssl");?><br>
1688	<a href="admin.php?page=wc-settings&tab=checkout"><?php _e("Show me this setting","really-simple-ssl");?></a>
1689	</p></div>
1690	<?php

1694	}
1695
1696	/**
1697	+ * Insert some ajax script to dismiss the SSL success message, and stop nagging about it
1698	*
1699	* @since 2.0
1700	*

1759	*/
1760
1761	public function dismiss_success_message_callback() {
1762	+ //nonce check fails if url is changed to SSL.
1763	//check_ajax_referer( 'really-simple-ssl-dismiss', 'security' );
1764	$this->ssl_success_message_shown = TRUE;
1765	$this->save_options();

1907	if ($mixed_content_fixer_detected) {
1908	_e("Mixed content fixer was successfully detected on the front-end","really-simple-ssl")." ";
1909	} else {
1910	+ _e('The mixed content fixer is active, but was not detected on the frontpage. Please follow these steps to check if the mixed content fixer is working.',"really-simple-ssl").": ";
1911	echo ' <a target="_blank" href="https://www.really-simple-ssl.com/knowledge-base/how-to-check-if-the-mixed-content-fixer-is-active/">';
1912	_e('Instructions', 'really-simple-ssl');
1913	echo '</a>';

1975	/*
1976	Second tab, Settings
1977	*/
1978	+
1979	?>
1980	<form action="options.php" method="post">
1981	<?php

2042	}
2043
2044	/**
2045	+ * Returns a success, error or warning image for the settings page
2046	*
2047	* @since 2.0
2048	*

2143	} else {
2144	if (!$this->ssl_enabled) { ?>
2145	<p><?php _e("If you want to be sure you're ready to migrate to SSL, get Premium, which includes an extensive scan and premium support.", "really-simple-ssl")?>
2146	+  <a target="_blank" href="<?php echo $this->pro_url?>"><?php _e("Learn more", "really-simple-ssl")?></a></p>
2147	<?php } else { ?>
2148	<p><?php _e('Still having issues with mixed content? Check out Premium, which includes an extensive scan and premium support. ', "really-simple-ssl")?>
2149	+  <a target="_blank" href="<?php echo $this->pro_url?>"><?php _e("Learn more", "really-simple-ssl")?></a></p>
2150	<?php
2151	}
2152	}

2166	add_settings_section('rlrsssl_settings', __("Settings","really-simple-ssl"), array($this,'section_text'), 'rlrsssl');
2167	add_settings_field('id_autoreplace_insecure_links', __("Auto replace mixed content","really-simple-ssl"), array($this,'get_option_autoreplace_insecure_links'), 'rlrsssl', 'rlrsssl_settings');
2168
2169	+ //only show option to enable or disable mixed content and redirect when SSL is detected
2170	if($this->ssl_enabled) {
2171	add_settings_field('id_wp_redirect', __("Enable WordPress 301 redirection to SSL","really-simple-ssl"), array($this,'get_option_wp_redirect'), 'rlrsssl', 'rlrsssl_settings');
2172

2175	add_settings_field('id_htaccess_redirect', __("Enable 301 .htaccess redirect","really-simple-ssl"), array($this,'get_option_htaccess_redirect'), 'rlrsssl', 'rlrsssl_settings');
2176	}
2177
2178	+ add_settings_field('id_javascript_redirect', __("Enable Javascript redirection to SSL","really-simple-ssl"), array($this,'get_option_javascript_redirect'), 'rlrsssl', 'rlrsssl_settings');
2179	}
2180
2181	add_settings_field('id_debug', __("Debug","really-simple-ssl"), array($this,'get_option_debug'), 'rlrsssl', 'rlrsssl_settings');
2182	//on multisite this setting can only be set networkwide
2183	if (RSSSL()->rsssl_server->uses_htaccess() && !is_multisite()) {
2184	add_settings_field('id_do_not_edit_htaccess', __("Stop editing the .htaccess file","really-simple-ssl"), array($this,'get_option_do_not_edit_htaccess'), 'rlrsssl', 'rlrsssl_settings');


2185	}
2186	+
2187	+ add_settings_field('id_switch_mixed_content_fixer_hook', __("Switch mixed content fixer hook","really-simple-ssl"), array($this,'get_option_switch_mixed_content_fixer_hook'), 'rlrsssl', 'rlrsssl_settings');
2188	+
2189	}
2190	/**
2191	* Insert some explanation above the form

2373
2374	if ($this->htaccess_redirect && (!is_writable($this->ABSpath.".htaccess") \|\| !$this->htaccess_test_success)) {
2375	echo "<br><br>";
2376	+ if (!is_writable($this->ABSpath.".htaccess")) _e("The .htaccess file is not writable. Add these lines to your .htaccess manually, or set 644 writing permissions", "really-simple-ssl");
2377	if (!$this->htaccess_test_success) _e("The .htaccess redirect rules that were selected by this plugin failed in the test. The following redirect rules were tested:", "really-simple-ssl");
2378	echo "<br><br>";
2379	if ($this->ssl_type!="NA") {

2555	}
2556
2557	/**
2558	+ * Find if this WordPress installation is installed in a subdirectory
2559	*
2560	* @since 2.0
2561	*

class-cache.php CHANGED Viewed

	@@ -1,5 +1,5 @@
1	<?php
2	- defined('ABSPATH') or die("you do not have ~~acces~~ to this page!");
3	if ( ! class_exists( 'rsssl_cache' ) ) {
4	class rsssl_cache {
5	private $capability = 'manage_options';


1	<?php
2	+ defined('ABSPATH') or die("you do not have access to this page!");
3	if ( ! class_exists( 'rsssl_cache' ) ) {
4	class rsssl_cache {
5	private $capability = 'manage_options';

class-front-end.php CHANGED Viewed

@@ -1,161 +1,168 @@
             <?php
-            -
            defined('ABSPATH') or die("you do not have acces to this page!");
             if ( ! class_exists( 'rsssl_front_end' ) ) {
-            -
              class rsssl_front_end {
-            -
                private static $_this;
-            -
                public $javascript_redirect             = TRUE;
-            -
                public $wp_redirect                     = TRUE;
-            -
                public $autoreplace_insecure_links      = TRUE;
-            -
                public $switch_mixed_content_fixer_hook   = FALSE;
-            -
                //public $ssl_enabled_networkwide         = FALSE;
-            -
-            -
              function __construct() {
-            -
                if ( isset( self::$_this ) )
-            -
                    wp_die( sprintf( __( '%s is a singleton class and you cannot create a second instance.','really-simple-ssl' ), get_class( $this ) ) );
-            -
-            -
                self::$_this = $this;
-            -
-            -
                $this->get_options();
-            -
-            -
                add_action( 'rest_api_init', array($this, 'wp_rest_api_force_ssl'), ~PHP_INT_MAX );
-            -
-            -
              }
-            -
-            -
              static function this() {
-            -
                return self::$_this;
-            -
              }
-            -
-            -
              /**
-            -
               * Sets the SSL variable to on for WordPress, so the native function is_ssl() will return true
-            -
               * It should run as first plugin in WP, otherwise issues might result.
-            -
               *
-            -
               * @since  3.0
-            -
               *
-            -
               * @access public
-            -
               *
-            -
               */
-            -
-            -
              // public function set_ssl_var(){
-            -
              //   if (($this->ssl_enabled) || $this->ssl_enabled_networkwide) {
-            -
              //     $_SERVER["HTTPS"] = "on";
-            -
              //   }
-            -
              // }
-            -
-            -
              /**
-            -
               * Javascript redirect, when ssl is true.
-            -
               *
-            -
               * @since  2.2
-            -
               *
-            -
               * @access public
-            -
               *
-            -
               */
-            -
-            -
               public function force_ssl() {
-            -
                 if ($this->ssl_enabled) {
-            -
                   if ($this->javascript_redirect) add_action('wp_print_scripts', array($this,'force_ssl_with_javascript'));
-            -
                   if ($this->wp_redirect) add_action('wp', array($this, 'wp_redirect_to_ssl'), 40,3);
-            -
                 }
-            -
               }
-            -
-            -
-            -
               /**
-            -
                * Force SSL on wp rest api
-            -
                *
-            -
                * @since  2.5.14
-            -
                *
-            -
                * @access public
-            -
                *
-            -
                */
-            -
-            -
               public function wp_rest_api_force_ssl() {
-            -
                  //check for Command Line
-            -
                  if (php_sapi_name() === 'cli') return;
-            -
-            -
                	if ($this->ssl_enabled && !is_ssl() && !(defined("rsssl_no_rest_api_redirect") && rsssl_no_rest_api_redirect)) {
-            -
                		$redirect_url = "https://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
-            -
                		wp_redirect( $redirect_url, 301 );
-            -
                		exit;
-            -
                	}
-            -
                }
-            -
-            -
-            -
               /**
-            -
                * Redirect using wp redirect
-            -
                *
-            -
                * @since  2.5.0
-            -
                *
-            -
                * @access public
-            -
                *
-            -
                */
-            -
               public function wp_redirect_to_ssl() {
-            -
                  if (!is_ssl() && !(defined("rsssl_no_wp_redirect") && rsssl_no_wp_redirect)) {
-            -
                    $redirect_url = "https://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
-            -
                    $redirect_url = apply_filters("rsssl_wp_redirect_url", $redirect_url);
-            -
                    wp_redirect($redirect_url, 301);
-            -
                    exit;
-            -
                  }
+                }
-            -
-            -
-            -
-            -
              /**
-            -
               * Get the options for this plugin
-            -
               *
-            -
               * @since  2.0
-            -
               *
-            -
               * @access public
-            -
               *
-            -
               */
-            -
-            -
              public function get_options(){
-            -
                $options = get_option('rlrsssl_options');
-            -
                if (isset($options)) {
-            -
                  $this->autoreplace_insecure_links       = isset($options['autoreplace_insecure_links']) ? $options['autoreplace_insecure_links'] : TRUE;
-            -
                  $this->ssl_enabled                      = isset($options['ssl_enabled']) ? $options['ssl_enabled'] : false;
-            -
                  $this->javascript_redirect              = isset($options['javascript_redirect']) ? $options['javascript_redirect'] : TRUE;
-            -
                  $this->wp_redirect                      = isset($options['wp_redirect']) ? $options['wp_redirect'] : FALSE;
-            -
                  $this->switch_mixed_content_fixer_hook  = isset($options['switch_mixed_content_fixer_hook']) ? $options['switch_mixed_content_fixer_hook'] : FALSE;
-            -
-            -
                  //overrides from multisite
-            -
                  if  (is_multisite()) {
-            -
                    $network_options = get_site_option('rlrsssl_network_options');
-            -
-            -
                    $site_wp_redirect  = isset($network_options["wp_redirect"]) ? $network_options["wp_redirect"] : false;
-            -
                    $javascript_redirect = isset($network_options["javascript_redirect"]) ? $network_options["javascript_redirect"] : false;
-            -
                    $autoreplace_insecure_links = isset($network_options["autoreplace_mixed_content"]) ? $network_options["autoreplace_mixed_content"] : false;
-            -
-            -
                    if ($site_wp_redirect) $this->wp_redirect = $site_wp_redirect;
-            -
                    if ($javascript_redirect) $this->javascript_redirect = $javascript_redirect;
-            -
                    if ($autoreplace_insecure_links) $this->autoreplace_insecure_links = $autoreplace_insecure_links;
-            -
-            -
                  }
-            -
                }
-            -
            }
-            -
-            -
-            -
-            -
-            -
-            -
              /**
-            -
               * Adds some javascript to redirect to https.
-            -
               *
-            -
               * @since  1.0
-            -
               *
-            -
               * @access public
-            -
               *
-            -
               */
-            -
-            -
              public function force_ssl_with_javascript() {
-            -
                  ?>
-            -
                  <script>
-            -
                  if (document.location.protocol != "https:") {
-            -
                      document.location = document.URL.replace(/^http:/i, "https:");
-            -
                  }
-            -
                  </script>
-            -
                  <?php
-            -
              }
-            -
-            -
            }}


1	<?php
2	+ defined('ABSPATH') or die("you do not have access to this page!");
3
4	if ( ! class_exists( 'rsssl_front_end' ) ) {






















































































5
6	+ class rsssl_front_end
7	+ {
8	+ private static $_this;
9	+ public $javascript_redirect = TRUE;
10	+ public $wp_redirect = TRUE;
11	+ public $autoreplace_insecure_links = TRUE;
12	+ public $switch_mixed_content_fixer_hook = FALSE;
13	+
14	+ //public $ssl_enabled_networkwide = FALSE;
15	+
16	+ function __construct()
17	+ {
18	+ if (isset(self::$_this))
19	+ wp_die(sprintf(__('%s is a singleton class and you cannot create a second instance.', 'really-simple-ssl'), get_class($this)));
20	+
21	+ self::$_this = $this;
22	+
23	+ $this->get_options();
24	+
25	+ add_action('rest_api_init', array($this, 'wp_rest_api_force_ssl'), ~PHP_INT_MAX);
26	+
27	+ }
28	+
29	+ static function this()
30	+ {
31	+ return self::$_this;
32	+ }
33	+
34	+ /**
35	+ * Sets the SSL variable to on for WordPress, so the native function is_ssl() will return true
36	+ * It should run as first plugin in WP, otherwise issues might result.
37	+ *
38	+ * @since 3.0
39	+ *
40	+ * @access public
41	+ *
42	+ */
43	+
44	+ // public function set_ssl_var(){
45	+ // if (($this->ssl_enabled) \|\| $this->ssl_enabled_networkwide) {
46	+ // $_SERVER["HTTPS"] = "on";
47	+ // }
48	+ // }
49	+
50	+ /**
51	+ * Javascript redirect, when ssl is true.
52	+ *
53	+ * @since 2.2
54	+ *
55	+ * @access public
56	+ *
57	+ */
58	+
59	+ public function force_ssl()
60	+ {
61	+ if ($this->ssl_enabled) {
62	+ if ($this->javascript_redirect) add_action('wp_print_scripts', array($this, 'force_ssl_with_javascript'));
63	+ if ($this->wp_redirect) add_action('wp', array($this, 'wp_redirect_to_ssl'), 40, 3);
64	+ }
65	+ }
66	+
67	+
68	+ /**
69	+ * Force SSL on wp rest api
70	+ *
71	+ * @since 2.5.14
72	+ *
73	+ * @access public
74	+ *
75	+ */
76	+
77	+ public function wp_rest_api_force_ssl()
78	+ {
79	+ //check for Command Line
80	+ if (php_sapi_name() === 'cli') return;
81	+
82	+ if ($this->ssl_enabled && !is_ssl() && !(defined("rsssl_no_rest_api_redirect") && rsssl_no_rest_api_redirect)) {
83	+ $redirect_url = "https://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
84	+ wp_redirect($redirect_url, 301);
85	+ exit;
86	+ }
87	+ }
88	+
89	+
90	+ /**
91	+ * Redirect using wp redirect
92	+ *
93	+ * @since 2.5.0
94	+ *
95	+ * @access public
96	+ *
97	+ */
98	+
99	+ public function wp_redirect_to_ssl()
100	+ {
101	+
102	+ if (!is_ssl() && !(defined("rsssl_no_wp_redirect") && rsssl_no_wp_redirect)) {
103	+ $redirect_url = "https://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
104	+ $redirect_url = apply_filters("rsssl_wp_redirect_url", $redirect_url);
105	+ wp_redirect($redirect_url, 301);
106	+ exit;
107	+ }
108	+ }
109	+
110	+
111	+ /**
112	+ * Get the options for this plugin
113	+ *
114	+ * @since 2.0
115	+ *
116	+ * @access public
117	+ *
118	+ */
119	+
120	+ public function get_options()
121	+ {
122	+ $options = get_option('rlrsssl_options');
123	+ if (isset($options)) {
124	+ $this->autoreplace_insecure_links = isset($options['autoreplace_insecure_links']) ? $options['autoreplace_insecure_links'] : TRUE;
125	+ $this->ssl_enabled = isset($options['ssl_enabled']) ? $options['ssl_enabled'] : false;
126	+ $this->javascript_redirect = isset($options['javascript_redirect']) ? $options['javascript_redirect'] : TRUE;
127	+ $this->wp_redirect = isset($options['wp_redirect']) ? $options['wp_redirect'] : FALSE;
128	+ $this->switch_mixed_content_fixer_hook = isset($options['switch_mixed_content_fixer_hook']) ? $options['switch_mixed_content_fixer_hook'] : FALSE;
129	+
130	+ //overrides from multisite
131	+ if (is_multisite()) {
132	+ $network_options = get_site_option('rlrsssl_network_options');
133	+
134	+ $site_wp_redirect = isset($network_options["wp_redirect"]) ? $network_options["wp_redirect"] : false;
135	+ $javascript_redirect = isset($network_options["javascript_redirect"]) ? $network_options["javascript_redirect"] : false;
136	+ $autoreplace_insecure_links = isset($network_options["autoreplace_mixed_content"]) ? $network_options["autoreplace_mixed_content"] : false;
137	+
138	+ if ($site_wp_redirect) $this->wp_redirect = $site_wp_redirect;
139	+ if ($javascript_redirect) $this->javascript_redirect = $javascript_redirect;
140	+ if ($autoreplace_insecure_links) $this->autoreplace_insecure_links = $autoreplace_insecure_links;
141	+
142	+ }
143	+ }
144	+ }
145	+
146	+
147	+ /**
148	+ * Adds some javascript to redirect to https.
149	+ *
150	+ * @since 1.0
151	+ *
152	+ * @access public
153	+ *
154	+ */
155	+
156	+ public function force_ssl_with_javascript()
157	+ {
158	+ ?>
159	+ <script>
160	+ if (document.location.protocol != "https:") {
161	+ document.location = document.URL.replace(/^http:/i, "https:");
162	+ }
163	+ </script>
164	+ <?php
165	+ }
166






167	}
168	+ }

class-help.php CHANGED Viewed

	@@ -1,5 +1,5 @@
1	<?php
2	- defined('ABSPATH') or die("you do not have ~~acces~~ to this page!");
3	if ( ! class_exists( 'rsssl_help' ) ) {
4	class rsssl_help {
5	private static $_this;


1	<?php
2	+ defined('ABSPATH') or die("you do not have access to this page!");
3	if ( ! class_exists( 'rsssl_help' ) ) {
4	class rsssl_help {
5	private static $_this;

class-mixed-content-fixer.php CHANGED Viewed

	@@ -1,5 +1,5 @@
1	<?php
2	- defined('ABSPATH') or die("you do not have ~~acces~~ to this page!");
3
4	if ( ! class_exists( 'rsssl_admin_mixed_content_fixer' ) ) {
5	class rsssl_mixed_content_fixer {


1	<?php
2	+ defined('ABSPATH') or die("you do not have access to this page!");
3
4	if ( ! class_exists( 'rsssl_admin_mixed_content_fixer' ) ) {
5	class rsssl_mixed_content_fixer {

class-multisite.php CHANGED Viewed

	@@ -1,6 +1,6 @@
1	<?php
2
3	- defined('ABSPATH') or die("you do not have ~~acces~~ to this page!");
4
5	if ( ! class_exists( 'rsssl_multisite' ) ) {
6	class rsssl_multisite {
	@@ -34,7 +34,7 @@ if ( ! class_exists( 'rsssl_multisite' ) ) {
34	$this->load_options();
35	register_activation_hook( dirname( __FILE__ )."/".rsssl_plugin, array($this,'activate') );
36
37	- /filters to make sure ~~wordpress~~ returns the correct protocol /
38	add_filter("admin_url", array($this, "check_admin_protocol"), 20, 3 );
39	add_filter('home_url', array($this, 'check_site_protocol') , 20,4);
40	add_filter('site_url', array($this, 'check_site_protocol') , 20,4);
	@@ -154,7 +154,7 @@ if ( ! class_exists( 'rsssl_multisite' ) ) {
154	if (!RSSSL()->really_simple_ssl->site_has_ssl) {
155	?>
156	<p>
157	- <?php _e("No SSL was detected. If you do have an ~~ssl~~ certificate, try to reload this page over https by clicking this link:","really-simple-ssl");?> <a href="<?php echo $current_url?>"><?php _e("reload over https.","really-simple-ssl");?></a>
158	<?php _e("You can check your certificate on","really-simple-ssl");?> <a target="_blank" href="https://www.ssllabs.com/ssltest/">Qualys SSL Labs</a>
159	</p>
160	<?php
	@@ -196,7 +196,7 @@ if ( ! class_exists( 'rsssl_multisite' ) ) {
196
197	public function settings_tab(){
198	if (isset($_GET['updated'])): ?>
199	- <div id="message" class="updated notice is-dismissible"><p><?php _e('Options saved.') ?></p></div>
200	<?php endif; ?>
201	<div class="wrap">
202	<h1><?php _e('Really Simple SSL multisite options', 'really-simple-ssl'); ?></h1>
	@@ -290,7 +290,7 @@ public function settings_tab(){
290	$current_url = "https://".$_SERVER["HTTP_HOST"].$_SERVER["REQUEST_URI"]
291	?>
292	<div id="message" class="error fade notice activate-ssl">
293	- <p><?php _e("No SSL was detected. If you do have an ~~ssl~~ certificate, try to reload this page over https by clicking this link:","really-simple-ssl");?> <a href="<?php echo $current_url?>"><?php _e("reload over https.","really-simple-ssl");?></a>
294	<?php _e("You can check your certificate on","really-simple-ssl");?> <a target="_blank" href="https://www.ssllabs.com/ssltest/">Qualys SSL Labs</a>
295	</p>
296	</div>
	@@ -305,7 +305,7 @@ public function settings_tab(){
305	<p>
306	<ul>
307	<li><?php _e('Http references in your .css and .js files: change any http:// into //','really-simple-ssl');?></li>
308	- <li><?php _e('Images, stylesheets or scripts from a domain without an ~~ssl~~ certificate: remove them or move to your own server.','really-simple-ssl');?></li>
309	</ul>
310	</p>
311	<?php $this->show_pro(); ?>
	@@ -370,7 +370,7 @@ public function settings_tab(){
370	$this->wp_redirect = true;
371	$this->save_options();
372
373	- //enable SSL on all sites on the network
374	$this->activate_ssl_networkwide();
375
376	}
	@@ -471,7 +471,7 @@ public function settings_tab(){
471
472
473	/**
474	- * filters the get_admin_url function to correct the false https urls wordpress returns for non ~~ssl~~ websites.
475	*
476	* @since 2.3.10
477	*
	@@ -500,7 +500,7 @@ public function check_admin_protocol($url, $path, $blog_id){
500	}
501
502	/**
503	- * filters the home_url and/or site_url function to correct the false https urls wordpress returns for non ~~ssl~~ websites.
504	*
505	* @since 2.3.17
506	*
	@@ -518,14 +518,14 @@ public function check_site_protocol($url, $path, $orig_scheme, $blog_id){
518
519
520
521	- /**
522	* Checks if we are on a subfolder install. (domain.com/site1 )
523	*
524	* @since 2.2
525	*
526	- * @access ~~protected~~
527	*
528	- */
529
530	public function is_multisite_subfolder_install() {
531	if (!is_multisite()) return FALSE;
	@@ -615,7 +615,7 @@ public function show_notices()
615	else
616	_e("SSL was activated per site.", "really-simple-ssl");
617	?>
618	- <?php _e("Don't forget to change your settings in Google Analytics en Webmaster tools.","really-simple-ssl");?>
619	<a target="_blank" href="https://really-simple-ssl.com/knowledge-base/how-to-setup-google-analytics-and-google-search-consolewebmaster-tools/"><?php _e("More info.","really-simple-ssl");?></a>
620	</p>
621	</div>
	@@ -623,7 +623,7 @@ public function show_notices()
623	}
624
625	if (!$this->ssl_enabled_networkwide && $this->selected_networkwide_or_per_site && $this->is_multisite_subfolder_install()) {
626	- //with no server variables, the website could get into redirect ~~loops~~.
627	if (RSSSL()->really_simple_ssl->no_server_variable) {
628	?>
629	<div id="message" class="error fade notice">
	@@ -640,7 +640,7 @@ public function show_notices()
640
641
642	/**
643	- * Insert some ajax script to dismis the ~~ssl~~ success message, and stop nagging about it
644	*
645	* @since 2.0
646	*
	@@ -681,7 +681,7 @@ $ajax_nonce = wp_create_nonce( "really-simple-ssl-dismiss" );
681	*/
682
683	public function dismiss_success_message_callback() {
684	- //nonce check fails if url is changed to ~~ssl~~.
685	//check_ajax_referer( 'really-simple-ssl-dismiss', 'security' );
686	update_site_option("rsssl_success_message_shown", true);
687	wp_die();


1	<?php
2
3	+ defined('ABSPATH') or die("you do not have access to this page!");
4
5	if ( ! class_exists( 'rsssl_multisite' ) ) {
6	class rsssl_multisite {

34	$this->load_options();
35	register_activation_hook( dirname( __FILE__ )."/".rsssl_plugin, array($this,'activate') );
36
37	+ /filters to make sure WordPress returns the correct protocol /
38	add_filter("admin_url", array($this, "check_admin_protocol"), 20, 3 );
39	add_filter('home_url', array($this, 'check_site_protocol') , 20,4);
40	add_filter('site_url', array($this, 'check_site_protocol') , 20,4);

154	if (!RSSSL()->really_simple_ssl->site_has_ssl) {
155	?>
156	<p>
157	+ <?php _e("No SSL was detected. If you do have an SSL certificate, try to reload this page over https by clicking this link:","really-simple-ssl");?> <a href="<?php echo $current_url?>"><?php _e("reload over https.","really-simple-ssl");?></a>
158	<?php _e("You can check your certificate on","really-simple-ssl");?> <a target="_blank" href="https://www.ssllabs.com/ssltest/">Qualys SSL Labs</a>
159	</p>
160	<?php

196
197	public function settings_tab(){
198	if (isset($_GET['updated'])): ?>
199	+ <div id="message" class="updated notice is-dismissible"><p><?php _e('Options saved.', 'really-simple-ssl') ?></p></div>
200	<?php endif; ?>
201	<div class="wrap">
202	<h1><?php _e('Really Simple SSL multisite options', 'really-simple-ssl'); ?></h1>

290	$current_url = "https://".$_SERVER["HTTP_HOST"].$_SERVER["REQUEST_URI"]
291	?>
292	<div id="message" class="error fade notice activate-ssl">
293	+ <p><?php _e("No SSL was detected. If you do have an SSL certificate, try to reload this page over https by clicking this link:","really-simple-ssl");?> <a href="<?php echo $current_url?>"><?php _e("reload over https.","really-simple-ssl");?></a>
294	<?php _e("You can check your certificate on","really-simple-ssl");?> <a target="_blank" href="https://www.ssllabs.com/ssltest/">Qualys SSL Labs</a>
295	</p>
296	</div>

305	<p>
306	<ul>
307	<li><?php _e('Http references in your .css and .js files: change any http:// into //','really-simple-ssl');?></li>
308	+ <li><?php _e('Images, stylesheets or scripts from a domain without an SSL certificate: remove them or move to your own server.','really-simple-ssl');?></li>
309	</ul>
310	</p>
311	<?php $this->show_pro(); ?>

370	$this->wp_redirect = true;
371	$this->save_options();
372
373	+ //enable SSL on all sites on the network
374	$this->activate_ssl_networkwide();
375
376	}

471
472
473	/**
474	+ * filters the get_admin_url function to correct the false https urls wordpress returns for non SSL websites.
475	*
476	* @since 2.3.10
477	*

500	}
501
502	/**
503	+ * filters the home_url and/or site_url function to correct the false https urls wordpress returns for non SSL websites.
504	*
505	* @since 2.3.17
506	*

518
519
520
521	+ /*
522	* Checks if we are on a subfolder install. (domain.com/site1 )
523	*
524	* @since 2.2
525	*
526	+ * @access public
527	*
528	+ **/
529
530	public function is_multisite_subfolder_install() {
531	if (!is_multisite()) return FALSE;

615	else
616	_e("SSL was activated per site.", "really-simple-ssl");
617	?>
618	+ <?php _e("Don't forget to change your settings in Google Analytics and Webmaster tools.","really-simple-ssl");?>
619	<a target="_blank" href="https://really-simple-ssl.com/knowledge-base/how-to-setup-google-analytics-and-google-search-consolewebmaster-tools/"><?php _e("More info.","really-simple-ssl");?></a>
620	</p>
621	</div>

623	}
624
625	if (!$this->ssl_enabled_networkwide && $this->selected_networkwide_or_per_site && $this->is_multisite_subfolder_install()) {
626	+ //with no server variables, the website could get into a redirect loop.
627	if (RSSSL()->really_simple_ssl->no_server_variable) {
628	?>
629	<div id="message" class="error fade notice">

640
641
642	/**
643	+ * Insert some ajax script to dismis the SSL success message, and stop nagging about it
644	*
645	* @since 2.0
646	*

681	*/
682
683	public function dismiss_success_message_callback() {
684	+ //nonce check fails if url is changed to SSL.
685	//check_ajax_referer( 'really-simple-ssl-dismiss', 'security' );
686	update_site_option("rsssl_success_message_shown", true);
687	wp_die();

class-server.php CHANGED Viewed

	@@ -1,5 +1,5 @@
1	<?php
2	- defined('ABSPATH') or die("you do not have ~~acces~~ to this page!");
3
4	if ( ! class_exists( 'rsssl_server' ) ) {
5	class rsssl_server {


1	<?php
2	+ defined('ABSPATH') or die("you do not have access to this page!");
3
4	if ( ! class_exists( 'rsssl_server' ) ) {
5	class rsssl_server {

force-deactivate.txt CHANGED Viewed

	@@ -53,7 +53,7 @@
53	echo "<li>".$errorname."</li>";
54	}
55	echo "</ul>";
56	- echo "Errors while removing the ~~really~~ ~~simple~~ ~~ssl~~ lines from your wp-config.php and .~~htacces~~, ~~wich~~ you can normally find in your webroot."."<br><br>";
57	}
58
59	echo $step.". Deactivating plugin"."<br>";


53	echo "<li>".$errorname."</li>";
54	}
55	echo "</ul>";
56	+ echo "Errors while removing the Really Simple SSL lines from your wp-config.php and .htaccess files, which you can normally find in your webroot."."<br><br>";
57	}
58
59	echo $step.". Deactivating plugin"."<br>";

readme.txt CHANGED Viewed

	@@ -1,11 +1,11 @@
1	=== Really Simple SSL ===
2	Contributors: RogierLankhorst
3	Donate link: https://www.paypal.me/reallysimplessl
4	- Tags: SSL, https, force SSL, mixed content, insecure content, secure website, website security, ~~tls~~, security, secure socket layers, ~~hsts~~
5	Requires at least: 4.2
6	License: GPL2
7	Tested up to: 4.9
8	- Stable tag: 2.5.24
9
10	No setup required! You only need an SSL certificate, and this plugin will do the rest.
11
	@@ -18,7 +18,7 @@ To keep it lightweight, the options are kept to a minimum. The entire site will
18	* Activate this plugin
19	* Enable SSL with one click
20
21	- Always backup before you go! If you do not have a sound backup policy, start having one! ~~For~~ a ~~snapshot,~~ ~~install~~ ~~duplicator~~.
22
23	Really Simple SSL is on [GitHub](https://github.com/rlankhorst/really-simple-ssl) as well!
24
	@@ -35,12 +35,12 @@ some cool features.
35	* Premium support
36
37	= What does the plugin actually do =
38	- * The plugin handles most issues that ~~Wordpress~~ has with ~~ssl~~, like when you're behind a ~~revers~~ proxy/loadbalancer, or when no headers are passed which WordPress can use to detect SSL.
39	* All incoming requests are redirected to https. Default with an internal WordPress redirect, but you can also enable a .htaccess redirect.
40	* The site url and home url are changed to https.
41	* Your insecure content is fixed by replacing all http:// urls with https://, except hyperlinks to other domains. Dynamically, so no database changes are made (except for the siteurl and homeurl).
42
43	- [contact](https://www.really-simple-ssl.com/contact/) me if you have any questions, issues, or suggestions. ~~More~~ ~~information~~ ~~about~~ me or my ~~work~~ ~~can~~ ~~be found on my [website~~](https://www.~~rogierlankhorst~~.com).
44
45	= Like to have this plugin in your language? =
46	Translations can be added very easily [here](https://translate.wordpress.org/projects/wp-plugins/really-simple-ssl). If you do, I can get you added as translation editor to approve the translations.
	@@ -78,6 +78,10 @@ If you are experiencing redirect loops on your site, try these [instructions](ht
78	Yes. There is a dedicated network settings page where you can switch between network activated SSL and per page SSL. In the dedicated pro for multisite plugin, you can override all site settings for SSL on the network level, and can activate and deactivate SSL in the network menu for each site.
79
80	== Changelog ==




81	= 2.5.24 =
82	* Fix: On multisite, admin_url forced current blog URL's over http even when the current blog was loaded over https. This will now only force http for other blog_urls than the current one, when they are on http and not https.
83
	@@ -234,7 +238,7 @@ fix: Adjusted selection order of .htaccess rules, preventing redirect loops
234	* Tweak: htaccess files and wpconfig are rewritten when the settings page is loaded
235
236	= 2.3.9 =
237	- * Fix: removed internal ~~Wordpress~~ redirect as it causes issues for some users.
238	* Tweak: improved url request method
239
240	= 2.3.8 =
	@@ -269,7 +273,7 @@ fix: Adjusted selection order of .htaccess rules, preventing redirect loops
269	* Fixed some bugs in deactivation and activation of multisite
270
271	= 2.3.0 =
272	- * ~~Given~~ more control over activation process by explicity asking to enable SSL.
273	* Added a notice if .htaccess is not writable
274
275	= 2.2.20 =
	@@ -298,7 +302,7 @@ Added code so JetPack will run smoothly on SSL as well, thanks to Konstantin for
298
299	= 2.2.12 =
300	* To prevent lockouts, it is no longer possible to activate plugin when wp-config.php is not writable. In case of loadbalancers, activating ssl without adding the necessary fix in the wp-config would cause a redirect loop which would lock you out of the admin.
301	- * Moved redirect above the ~~wordpress~~ rewrite rules in the htaccess.
302	* Added an option to disable the fallback javascript redirection to https.
303
304	= 2.2.11 =
	@@ -316,7 +320,7 @@ Edited the wpconfig define check to prevent warnings when none are needed.
316	= 2.2.7 =
317	* Extended detection of homeurl and siteurl constants in wp-config.php with regex to allow for spaces in code.
318	* Changed text domain to make this plugin language packs ready
319	- * Added 404 detection to ~~ssl~~ detection function, so subdomains can get checked properly on subdomain multisite installs
320
321	= 2.2.6 =
322	Added slash in redirect rule
	@@ -335,9 +339,9 @@ documentation update
335
336	= 2.2.0 =
337	* Added per site activation for multisite, but excluded this option for subfolder installs.
338	- * Added script to easily deactivate the plugin when you are locked out of the ~~wordpress~~ admin.
339	- * Added support for a situation where no server variables are given which can indicate ~~ssl~~, which can cause ~~Wordpress~~ to generate errors and redirect loops.
340	- * Removed warning on ~~Woocommerce~~ force ~~ssl~~ after checkout, as only unforce ~~ssl~~ seems to be causing problems
341	* Added Russian translation, thanks to xsascha
342	* Improved redirect rules in the .htaccess
343	* Added option te disable the plugin from editing the .htaccess in the settings
	@@ -345,12 +349,12 @@ documentation update
345	* Fixed a bug where insecure content scan would not scan custom post types
346
347	= 2.1.18 =
348	- * Made ~~woocommerce~~ warning dismissable, as it does not seem to cause issues
349	- * Fixed a bug caused by WP native plugin_dir_url() returning relative path, resulting in no ~~ssl~~ messages
350
351	= 2.1.17 =
352	* Fixed a bug where example .htaccess rewrite rules weren't generated correctly
353	- * Added ~~woocommerce~~ to the plugin conflicts handler, as some settings conflict with this plugin, and are superfluous when you force your site to ~~ssl~~ anyway.
354	* Excluded transients from mixed content scan results
355
356	= 2.1.16 =
	@@ -361,14 +365,14 @@ documentation update
361
362	= 2.1.15 =
363	* Improved user interface with tabs
364	- * Changed function to test ~~ssl~~ test page from file_get_contents to curl, as this improves response time, which might prevent "no ~~ssl~~ messages"
365	- * Extended the mixed content fixer to replace src="http:// links, as these should always be https on an ~~ssl~~ site.
366	- * Added an ~~errormessage~~ in case of force rewrite titles in Yoast SEO plugin is used, as this prevents the plugin from fixing mixed content
367
368	= 2.1.14 =
369	* Added support for loadbalancer and is_ssl() returning false: in that case a wp-config fix is needed.
370	* Improved performance
371	- * Added ~~debuggin~~ option, so a trace log can be viewed
372	* Fixed a bug where the rlrsssl_replace_url_args filter was not applied correctly.
373
374	= 2.1.13 =
	@@ -380,7 +384,7 @@ documentation update
380	* Readded HSTS to the htaccess rules, but now as an option. Adding this should be done only when you are sure you do not want to revert back to http.
381
382	= 2.1.11 =
383	- * Improved instructions regarding ~~deinstalling~~ when locked out of back-end
384
385	= 2.1.10 =
386	* Removed HSTS headers, because it is difficult to roll back.
	@@ -413,7 +417,7 @@ documentation update
413	* Added detection of loadbalancer and cdn so .htaccess rules can be adapted accordingly. Fixes some redirect loop issues.
414	* Added the possibility to disable the auto replace of insecure links
415	* Added a scan to scan the website for insecure links
416	- * Added detection of in wp-config.php defined siteurl and homeurl, which could prevent from ~~successfull~~ url change.
417	* Dropped the force ssl option (used when not ssl detected)
418	* Thanks to Peter Tak, [PTA security](http://www.pta-security.nl/) for mentioning the owasp security best practice https://www.owasp.org/index.php/HTTP_Strict_Transport_Security in .htaccess,
419


1	=== Really Simple SSL ===
2	Contributors: RogierLankhorst
3	Donate link: https://www.paypal.me/reallysimplessl
4	+ Tags: SSL, https, force SSL, mixed content, insecure content, secure website, website security, TLS, security, secure socket layers, HSTS
5	Requires at least: 4.2
6	License: GPL2
7	Tested up to: 4.9
8	+ Stable tag: 2.5.25
9
10	No setup required! You only need an SSL certificate, and this plugin will do the rest.
11

18	* Activate this plugin
19	* Enable SSL with one click
20
21	+ Always backup before you go! If you do not have a sound backup policy, start having one! See https://really-simple-ssl.com/knowledge-base/backing-up-your-site/ for our recommendations.
22
23	Really Simple SSL is on [GitHub](https://github.com/rlankhorst/really-simple-ssl) as well!
24

35	* Premium support
36
37	= What does the plugin actually do =
38	+ * The plugin handles most issues that WordPress has with SSL, like when you're behind a reverse proxy/loadbalancer, or when no headers are passed which WordPress can use to detect SSL.
39	* All incoming requests are redirected to https. Default with an internal WordPress redirect, but you can also enable a .htaccess redirect.
40	* The site url and home url are changed to https.
41	* Your insecure content is fixed by replacing all http:// urls with https://, except hyperlinks to other domains. Dynamically, so no database changes are made (except for the siteurl and homeurl).
42
43	+ [contact](https://www.really-simple-ssl.com/contact/) me if you have any questions, issues, or suggestions. Really Simple SSL is developed by [Really Simple Plugins](https://www.really-simple-plugins.com).
44
45	= Like to have this plugin in your language? =
46	Translations can be added very easily [here](https://translate.wordpress.org/projects/wp-plugins/really-simple-ssl). If you do, I can get you added as translation editor to approve the translations.

78	Yes. There is a dedicated network settings page where you can switch between network activated SSL and per page SSL. In the dedicated pro for multisite plugin, you can override all site settings for SSL on the network level, and can activate and deactivate SSL in the network menu for each site.
79
80	== Changelog ==
81	+ = 2.5.25 =
82	+ * Fix: "switch mixed content fixer hook" option not visible on the multisites settings page
83	+ * Tweak: several typo's and uppercasing
84	+
85	= 2.5.24 =
86	* Fix: On multisite, admin_url forced current blog URL's over http even when the current blog was loaded over https. This will now only force http for other blog_urls than the current one, when they are on http and not https.
87

238	* Tweak: htaccess files and wpconfig are rewritten when the settings page is loaded
239
240	= 2.3.9 =
241	+ * Fix: removed internal WordPress redirect as it causes issues for some users.
242	* Tweak: improved url request method
243
244	= 2.3.8 =

273	* Fixed some bugs in deactivation and activation of multisite
274
275	= 2.3.0 =
276	+ * Gave more control over activation process by explicity asking to enable SSL.
277	* Added a notice if .htaccess is not writable
278
279	= 2.2.20 =

302
303	= 2.2.12 =
304	* To prevent lockouts, it is no longer possible to activate plugin when wp-config.php is not writable. In case of loadbalancers, activating ssl without adding the necessary fix in the wp-config would cause a redirect loop which would lock you out of the admin.
305	+ * Moved redirect above the WordPress rewrite rules in the htaccess file.
306	* Added an option to disable the fallback javascript redirection to https.
307
308	= 2.2.11 =

320	= 2.2.7 =
321	* Extended detection of homeurl and siteurl constants in wp-config.php with regex to allow for spaces in code.
322	* Changed text domain to make this plugin language packs ready
323	+ * Added 404 detection to SSL detection function, so subdomains can get checked properly on subdomain multisite installs
324
325	= 2.2.6 =
326	Added slash in redirect rule

339
340	= 2.2.0 =
341	* Added per site activation for multisite, but excluded this option for subfolder installs.
342	+ * Added script to easily deactivate the plugin when you are locked out of the WordPress admin.
343	+ * Added support for a situation where no server variables are given which can indicate SSL, which can cause WordPress to generate errors and redirect loops.
344	+ * Removed warning on WooCommerce force SSL after checkout, as only unforce SSL seems to be causing problems
345	* Added Russian translation, thanks to xsascha
346	* Improved redirect rules in the .htaccess
347	* Added option te disable the plugin from editing the .htaccess in the settings

349	* Fixed a bug where insecure content scan would not scan custom post types
350
351	= 2.1.18 =
352	+ * Made WooCommerce warning dismissable, as it does not seem to cause issues
353	+ * Fixed a bug caused by WP native plugin_dir_url() returning relative path, resulting in no SSL messages
354
355	= 2.1.17 =
356	* Fixed a bug where example .htaccess rewrite rules weren't generated correctly
357	+ * Added WooCommerce to the plugin conflicts handler, as some settings conflict with this plugin, and are superfluous when you force your site to SSL anyway.
358	* Excluded transients from mixed content scan results
359
360	= 2.1.16 =

365
366	= 2.1.15 =
367	* Improved user interface with tabs
368	+ * Changed function to test SSL test page from file_get_contents to curl, as this improves response time, which might prevent "no SSL messages"
369	+ * Extended the mixed content fixer to replace src="http:// links, as these should always be https on an SSL site.
370	+ * Added an error message in case of force rewrite titles in Yoast SEO plugin is used, as this prevents the plugin from fixing mixed content
371
372	= 2.1.14 =
373	* Added support for loadbalancer and is_ssl() returning false: in that case a wp-config fix is needed.
374	* Improved performance
375	+ * Added debugging option, so a trace log can be viewed
376	* Fixed a bug where the rlrsssl_replace_url_args filter was not applied correctly.
377
378	= 2.1.13 =

384	* Readded HSTS to the htaccess rules, but now as an option. Adding this should be done only when you are sure you do not want to revert back to http.
385
386	= 2.1.11 =
387	+ * Improved instructions regarding uninstalling when locked out of back-end
388
389	= 2.1.10 =
390	* Removed HSTS headers, because it is difficult to roll back.

417	* Added detection of loadbalancer and cdn so .htaccess rules can be adapted accordingly. Fixes some redirect loop issues.
418	* Added the possibility to disable the auto replace of insecure links
419	* Added a scan to scan the website for insecure links
420	+ * Added detection of in wp-config.php defined siteurl and homeurl, which could prevent from successful url change.
421	* Dropped the force ssl option (used when not ssl detected)
422	* Thanks to Peter Tak, [PTA security](http://www.pta-security.nl/) for mentioning the owasp security best practice https://www.owasp.org/index.php/HTTP_Strict_Transport_Security in .htaccess,
423

rlrsssl-really-simple-ssl.php CHANGED Viewed

	@@ -2,12 +2,12 @@
2	/**
3	* Plugin Name: Really Simple SSL
4	* Plugin URI: https://www.really-simple-ssl.com
5	- * Description: Lightweight plugin without any setup to make your site ~~ssl~~ proof
6	- * Version: 2.5.24
7	* Text Domain: really-simple-ssl
8	* Domain Path: /languages
9	* Author: Rogier Lankhorst
10	- * Author URI: https://~~www~~.~~rogierlankhorst.~~com
11	* License: GPL2
12	*/
13
	@@ -52,9 +52,9 @@
52	self::$instance->rsssl_mixed_content_fixer = new rsssl_mixed_content_fixer();
53
54	// Backwards compatibility for add-ons
55	- global $rsssl_front_end, $rsssl_mixed_content_fixer;
56	- $rsssl_front_end = self::$instance->rsssl_front_end;
57	- $rsssl_mixed_content_fixer = self::$instance->rsssl_mixed_content_fixer;
58
59	if ( is_admin() ) {
60	if ( is_multisite() ) {


2	/**
3	* Plugin Name: Really Simple SSL
4	* Plugin URI: https://www.really-simple-ssl.com
5	+ * Description: Lightweight plugin without any setup to make your site SSL proof
6	+ * Version: 2.5.25
7	* Text Domain: really-simple-ssl
8	* Domain Path: /languages
9	* Author: Rogier Lankhorst
10	+ * Author URI: https://really-simple-plugins.com
11	* License: GPL2
12	*/
13

52	self::$instance->rsssl_mixed_content_fixer = new rsssl_mixed_content_fixer();
53
54	// Backwards compatibility for add-ons
55	+ global $rsssl_front_end, $rsssl_mixed_content_fixer;
56	+ $rsssl_front_end = self::$instance->rsssl_front_end;
57	+ $rsssl_mixed_content_fixer = self::$instance->rsssl_mixed_content_fixer;
58
59	if ( is_admin() ) {
60	if ( is_multisite() ) {

ssl-test-page.php CHANGED Viewed

	@@ -5,7 +5,7 @@
5	</head>
6	<body>
7	<h1>#SSL TEST PAGE#</h1>
8	- <p>This page is used purely to test for ~~ssl~~ availability.</p>
9	<?php
10	$ssl = FALSE;
11	if (isset($_SERVER['HTTPS']) ) {


5	</head>
6	<body>
7	<h1>#SSL TEST PAGE#</h1>
8	+ <p>This page is used purely to test for SSL availability.</p>
9	<?php
10	$ssl = FALSE;
11	if (isset($_SERVER['HTTPS']) ) {

testssl/cdn/ssl-test-page.html CHANGED Viewed

	@@ -3,7 +3,7 @@
3	<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
4	</head>
5	<body>
6	- This page is for testing ~~ssl~~ functionality.
7	#SSL TEST PAGE#
8	</body>
9	</html>


3	<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
4	</head>
5	<body>
6	+ This page is for testing SSL functionality.
7	#SSL TEST PAGE#
8	</body>
9	</html>

testssl/cloudflare/ssl-test-page.html CHANGED Viewed

	@@ -3,7 +3,7 @@
3	<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
4	</head>
5	<body>
6	- This page is for testing ~~ssl~~ functionality.
7	#SSL TEST PAGE#
8	</body>
9	</html>


3	<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
4	</head>
5	<body>
6	+ This page is for testing SSL functionality.
7	#SSL TEST PAGE#
8	</body>
9	</html>

testssl/cloudfront/ssl-test-page.html CHANGED Viewed

	@@ -3,7 +3,7 @@
3	<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
4	</head>
5	<body>
6	- This page is for testing ~~ssl~~ functionality.
7	#SSL TEST PAGE#
8	</body>
9	</html>


3	<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
4	</head>
5	<body>
6	+ This page is for testing SSL functionality.
7	#SSL TEST PAGE#
8	</body>
9	</html>

testssl/envhttps/ssl-test-page.html CHANGED Viewed

	@@ -3,7 +3,7 @@
3	<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
4	</head>
5	<body>
6	- This page is for testing ~~ssl~~ functionality.
7	#SSL TEST PAGE#
8	</body>
9	</html>


3	<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
4	</head>
5	<body>
6	+ This page is for testing SSL functionality.
7	#SSL TEST PAGE#
8	</body>
9	</html>

testssl/loadbalancer/ssl-test-page.html CHANGED Viewed

	@@ -3,7 +3,7 @@
3	<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
4	</head>
5	<body>
6	- This page is for testing ~~ssl~~ functionality.
7	#SSL TEST PAGE#
8	</body>
9	</html>


3	<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
4	</head>
5	<body>
6	+ This page is for testing SSL functionality.
7	#SSL TEST PAGE#
8	</body>
9	</html>

testssl/serverhttps1/ssl-test-page.html CHANGED Viewed

	@@ -3,7 +3,7 @@
3	<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
4	</head>
5	<body>
6	- This page is for testing ~~ssl~~ functionality.
7	#SSL TEST PAGE#
8	</body>
9	</html>


3	<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
4	</head>
5	<body>
6	+ This page is for testing SSL functionality.
7	#SSL TEST PAGE#
8	</body>
9	</html>

testssl/serverhttpson/ssl-test-page.html CHANGED Viewed

	@@ -3,7 +3,7 @@
3	<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
4	</head>
5	<body>
6	- This page is for testing ~~ssl~~ functionality.
7	#SSL TEST PAGE#
8	</body>
9	</html>


3	<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
4	</head>
5	<body>
6	+ This page is for testing SSL functionality.
7	#SSL TEST PAGE#
8	</body>
9	</html>

testssl/serverport443/ssl-test-page.html CHANGED Viewed

	@@ -3,7 +3,7 @@
3	<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
4	</head>
5	<body>
6	- This page is for testing ~~ssl~~ functionality.
7	#SSL TEST PAGE#
8	</body>
9	</html>


3	<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
4	</head>
5	<body>
6	+ This page is for testing SSL functionality.
7	#SSL TEST PAGE#
8	</body>
9	</html>