Version Description
- Fix: untranslatable string made translatable.
Download this release
Release Info
Developer | RogierLankhorst |
Plugin | Really Simple SSL |
Version | 3.0.5 |
Comparing to | |
See all releases |
Code changes from version 3.0.2 to 3.0.5
- class-admin.php +74 -42
- class-front-end.php +2 -0
- class-mixed-content-fixer.php +186 -160
- css/main.css +9 -1
- readme.txt +13 -2
- rlrsssl-really-simple-ssl.php +2 -2
class-admin.php
CHANGED
@@ -61,8 +61,6 @@ class rsssl_admin extends rsssl_front_end
|
|
61 |
register_deactivation_hook(dirname(__FILE__) . "/" . $this->plugin_filename, array($this, 'deactivate'));
|
62 |
|
63 |
add_action('admin_init', array($this, 'add_privacy_info'));
|
64 |
-
|
65 |
-
|
66 |
}
|
67 |
|
68 |
static function this()
|
@@ -108,6 +106,18 @@ class rsssl_admin extends rsssl_front_end
|
|
108 |
update_option('rlrsssl_options', $options);
|
109 |
}
|
110 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
111 |
/*
|
112 |
Detect configuration when:
|
113 |
- SSL activation just confirmed.
|
@@ -124,8 +134,8 @@ class rsssl_admin extends rsssl_front_end
|
|
124 |
//flush caches when just activated ssl
|
125 |
//flush the permalinks
|
126 |
if ($this->clicked_activate_ssl()) {
|
127 |
-
if (
|
128 |
-
|
129 |
}
|
130 |
add_action('admin_init', array(RSSSL()->rsssl_cache, 'flush'), 40);
|
131 |
}
|
@@ -144,6 +154,11 @@ class rsssl_admin extends rsssl_front_end
|
|
144 |
|
145 |
//when SSL is enabled, and not enabled by user, ask for activation.
|
146 |
add_action("admin_notices", array($this, 'show_notice_activate_ssl'), 10);
|
|
|
|
|
|
|
|
|
|
|
147 |
|
148 |
add_action('plugins_loaded', array($this, 'check_plugin_conflicts'), 30);
|
149 |
|
@@ -216,8 +231,6 @@ class rsssl_admin extends rsssl_front_end
|
|
216 |
|
217 |
} else {
|
218 |
|
219 |
-
error_log("remove from active plugins");
|
220 |
-
|
221 |
$current = get_option('active_plugins', array());
|
222 |
$current = $this->remove_plugin_from_array($plugin, $current);
|
223 |
update_option('active_plugins', $current);
|
@@ -328,8 +341,10 @@ class rsssl_admin extends rsssl_front_end
|
|
328 |
This message is shown when no SSL is not enabled by the user yet
|
329 |
*/
|
330 |
|
|
|
331 |
public function show_notice_activate_ssl()
|
332 |
{
|
|
|
333 |
if ($this->ssl_enabled) return;
|
334 |
|
335 |
if (defined("RSSSL_DISMISS_ACTIVATE_SSL_NOTICE") && RSSSL_DISMISS_ACTIVATE_SSL_NOTICE) return;
|
@@ -337,40 +352,63 @@ class rsssl_admin extends rsssl_front_end
|
|
337 |
//for multisite, show only activate when a choice has been made to activate networkwide or per site.
|
338 |
if (is_multisite() && !RSSSL()->rsssl_multisite->selected_networkwide_or_per_site) return;
|
339 |
|
340 |
-
//on
|
341 |
//otherwise sites that do not need SSL possibly get to see this message.
|
342 |
|
343 |
if (is_multisite() && !is_network_admin()) return;
|
344 |
|
345 |
if (!$this->wpconfig_ok()) return;
|
346 |
|
347 |
-
if (!current_user_can($this->capability)) return;
|
348 |
|
349 |
-
|
350 |
-
|
351 |
-
|
352 |
-
|
|
|
|
|
|
|
|
|
353 |
<?php
|
354 |
-
|
355 |
-
|
356 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
357 |
|
358 |
-
|
359 |
|
360 |
-
|
361 |
-
|
362 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
363 |
|
364 |
-
printf(__("Really Simple SSL requires a valid SSL certificate. You can check your certificate on %sQualys SSL Labs%s.", "really-simple-ssl"), $link_open, $link_close);
|
365 |
-
?>
|
366 |
-
</p>
|
367 |
-
</div>
|
368 |
-
<?php } ?>
|
369 |
|
370 |
-
<div id="message" class="updated fade notice activate-ssl">
|
371 |
-
<?php if ($this->site_has_ssl) { ?>
|
372 |
-
<h1><?php _e("Almost ready to migrate to SSL!", "really-simple-ssl"); ?></h1>
|
373 |
-
<?php } ?>
|
374 |
<?php _e("Some things can't be done automatically. Before you migrate, please check for: ", 'really-simple-ssl'); ?>
|
375 |
<p>
|
376 |
<ul>
|
@@ -385,12 +423,8 @@ class rsssl_admin extends rsssl_front_end
|
|
385 |
<li> <?php printf(__("It is recommended to take a %sbackup%s of your site before activating SSL", 'really-simple-ssl'), $link_open, $link_close); ?> </li>
|
386 |
</ul>
|
387 |
</p>
|
388 |
-
<?php
|
389 |
-
|
390 |
-
<?php RSSSL()->really_simple_ssl->show_enable_ssl_button(); ?>
|
391 |
-
</div>
|
392 |
-
<?php }
|
393 |
-
|
394 |
|
395 |
/**
|
396 |
* @since 2.3
|
@@ -402,17 +436,15 @@ class rsssl_admin extends rsssl_front_end
|
|
402 |
if ($this->site_has_ssl || (defined('rsssl_force_activate') && rsssl_force_activate)) {
|
403 |
?>
|
404 |
<p>
|
|
|
405 |
<form action="" method="post">
|
406 |
<?php wp_nonce_field('rsssl_nonce', 'rsssl_nonce'); ?>
|
407 |
-
<div>
|
408 |
-
<input type="checkbox" name="rsssl_flush_rewrite_rules"
|
409 |
-
checked><label><?php _e("Flush rewrite rules on activation (deselect when you encounter errors)", "really-simple-ssl") ?></label>
|
410 |
-
</div>
|
411 |
<input type="submit" class='button button-primary'
|
412 |
value="<?php _e("Go ahead, activate SSL!", "really-simple-ssl"); ?>" id="rsssl_do_activate_ssl"
|
413 |
name="rsssl_do_activate_ssl">
|
414 |
<br><?php _e("You may need to login in again.", "really-simple-ssl") ?>
|
415 |
</form>
|
|
|
416 |
</p>
|
417 |
<?php
|
418 |
}
|
@@ -425,7 +457,7 @@ class rsssl_admin extends rsssl_front_end
|
|
425 |
|
426 |
public function show_pro()
|
427 |
{
|
428 |
-
if (
|
429 |
?>
|
430 |
<p><?php _e('You can also let the automatic scan of the pro version handle this for you, and get premium support, increased security with HSTS and more!', 'really-simple-ssl'); ?>
|
431 |
<a target="_blank"
|
@@ -1980,7 +2012,7 @@ class rsssl_admin extends rsssl_front_end
|
|
1980 |
{
|
1981 |
if (!current_user_can($this->capability)) return;
|
1982 |
//hides the settings page if the hide menu for subsites setting is enabled
|
1983 |
-
if (is_multisite() && rsssl_multisite::this()->hide_menu_for_subsites) return;
|
1984 |
|
1985 |
global $rsssl_admin_page;
|
1986 |
$rsssl_admin_page = add_options_page(
|
@@ -2279,7 +2311,7 @@ class rsssl_admin extends rsssl_front_end
|
|
2279 |
'img' => 'complianz.jpg',
|
2280 |
'title' => 'ComplianZ',
|
2281 |
'description' => __("Do you have visitors from the European Union? Get GDPR ready in 30 minutes with Complianz GDPR. Always up-to-date legal documents by one of the most prominent EU IT Law firms.", "really-simple-ssl"),
|
2282 |
-
'url' => 'https://
|
2283 |
'pro' => true,
|
2284 |
)
|
2285 |
);
|
@@ -2813,7 +2845,7 @@ class rsssl_admin extends rsssl_front_end
|
|
2813 |
|
2814 |
?>
|
2815 |
<div><input class="thickbox button" title="" type="button" style="display: block; float: left;" alt="#TB_inline?
|
2816 |
-
height=370&width=400&inlineId=deactivate_keep_ssl" value="Deactivate Plugin and keep SSL"/></div>
|
2817 |
<div id="deactivate_keep_ssl" style="display: none;">
|
2818 |
|
2819 |
<h1 style="margin: 10px 0; text-align: center;"><?php _e("Are you sure?", "really-simple-ssl") ?></h1>
|
61 |
register_deactivation_hook(dirname(__FILE__) . "/" . $this->plugin_filename, array($this, 'deactivate'));
|
62 |
|
63 |
add_action('admin_init', array($this, 'add_privacy_info'));
|
|
|
|
|
64 |
}
|
65 |
|
66 |
static function this()
|
106 |
update_option('rlrsssl_options', $options);
|
107 |
}
|
108 |
|
109 |
+
/*
|
110 |
+
* check if we're one minute past the activation. Then flush rewrite rules
|
111 |
+
* this way we lower the memory impact on activation
|
112 |
+
* Flush should happen on shutdown, not on init, as often happens in other plugins
|
113 |
+
* https://codex.wordpress.org/Function_Reference/flush_rewrite_rules
|
114 |
+
* */
|
115 |
+
|
116 |
+
if (get_option('rsssl_flush_rewrite_rules') && get_option('rsssl_flush_rewrite_rules') < strtotime("+1 minute")){
|
117 |
+
delete_option('rsssl_flush_rewrite_rules');
|
118 |
+
add_action('shutdown', 'flush_rewrite_rules');
|
119 |
+
}
|
120 |
+
|
121 |
/*
|
122 |
Detect configuration when:
|
123 |
- SSL activation just confirmed.
|
134 |
//flush caches when just activated ssl
|
135 |
//flush the permalinks
|
136 |
if ($this->clicked_activate_ssl()) {
|
137 |
+
if (!defined('RSSSL_NO_FLUSH') || !RSSSL_NO_FLUSH) {
|
138 |
+
update_option('rsssl_flush_rewrite_rules', time());
|
139 |
}
|
140 |
add_action('admin_init', array(RSSSL()->rsssl_cache, 'flush'), 40);
|
141 |
}
|
154 |
|
155 |
//when SSL is enabled, and not enabled by user, ask for activation.
|
156 |
add_action("admin_notices", array($this, 'show_notice_activate_ssl'), 10);
|
157 |
+
add_action('rsssl_activation_notice', array($this, 'no_ssl_detected'), 10);
|
158 |
+
add_action('rsssl_activation_notice', array($this, 'ssl_detected'), 10);
|
159 |
+
add_action('rsssl_activation_notice_inner', array($this, 'almost_ready_to_migrate'), 30);
|
160 |
+
add_action('rsssl_activation_notice_inner', array($this, 'show_pro'), 40);
|
161 |
+
add_action('rsssl_activation_notice_inner', array($this, 'show_enable_ssl_button'), 50);
|
162 |
|
163 |
add_action('plugins_loaded', array($this, 'check_plugin_conflicts'), 30);
|
164 |
|
231 |
|
232 |
} else {
|
233 |
|
|
|
|
|
234 |
$current = get_option('active_plugins', array());
|
235 |
$current = $this->remove_plugin_from_array($plugin, $current);
|
236 |
update_option('active_plugins', $current);
|
341 |
This message is shown when no SSL is not enabled by the user yet
|
342 |
*/
|
343 |
|
344 |
+
|
345 |
public function show_notice_activate_ssl()
|
346 |
{
|
347 |
+
|
348 |
if ($this->ssl_enabled) return;
|
349 |
|
350 |
if (defined("RSSSL_DISMISS_ACTIVATE_SSL_NOTICE") && RSSSL_DISMISS_ACTIVATE_SSL_NOTICE) return;
|
352 |
//for multisite, show only activate when a choice has been made to activate networkwide or per site.
|
353 |
if (is_multisite() && !RSSSL()->rsssl_multisite->selected_networkwide_or_per_site) return;
|
354 |
|
355 |
+
//on multisite, only show this message on the network admin. Per site activated sites have to go to the settings page.
|
356 |
//otherwise sites that do not need SSL possibly get to see this message.
|
357 |
|
358 |
if (is_multisite() && !is_network_admin()) return;
|
359 |
|
360 |
if (!$this->wpconfig_ok()) return;
|
361 |
|
362 |
+
if (!current_user_can($this->capability)) return;
|
363 |
|
364 |
+
do_action('rsssl_activation_notice');
|
365 |
+
|
366 |
+
}
|
367 |
+
|
368 |
+
public function ssl_detected()
|
369 |
+
{
|
370 |
+
if ($this->site_has_ssl) { ?>
|
371 |
+
<div id="message" class="updated fade notice activate-ssl">
|
372 |
<?php
|
373 |
+
do_action('rsssl_activation_notice_inner');
|
374 |
+
?>
|
375 |
+
</div>
|
376 |
+
<?php
|
377 |
+
}
|
378 |
+
}
|
379 |
+
|
380 |
+
public function no_ssl_detected()
|
381 |
+
{
|
382 |
+
if (!$this->site_has_ssl) { ?>
|
383 |
+
<div id="message" class="error fade notice rsssl-notice-certificate">
|
384 |
+
<h1><?php echo __("Detected possible certificate issues", "really-simple-ssl"); ?></h1>
|
385 |
+
<p>
|
386 |
+
<?php
|
387 |
+
$reload_https_url = "https://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"];
|
388 |
+
$link_open = '<p><a class="button" target="_blank" href="' . $reload_https_url . '">';
|
389 |
+
$link_close = '</a></p>';
|
390 |
|
391 |
+
printf(__("Really Simple SSL failed to detect a valid SSL certificate. If you do have an SSL certificate, try to reload this page over https by clicking this button: %sReload over https%s ", "really-simple-ssl"), $link_open, $link_close);
|
392 |
|
393 |
+
$ssl_test_url = "https://www.ssllabs.com/ssltest/";
|
394 |
+
$link_open = '<a target="_blank" href="' . $ssl_test_url . '">';
|
395 |
+
$link_close = '</a>';
|
396 |
+
|
397 |
+
printf(__("Really Simple SSL requires a valid SSL certificate. You can check your certificate on %sQualys SSL Labs%s.", "really-simple-ssl"), $link_open, $link_close);
|
398 |
+
?>
|
399 |
+
</p>
|
400 |
+
</div>
|
401 |
+
<?php }
|
402 |
+
}
|
403 |
+
|
404 |
+
|
405 |
+
public function almost_ready_to_migrate()
|
406 |
+
{ ?>
|
407 |
+
<h1><?php _e("Almost ready to migrate to SSL!", "really-simple-ssl"); ?></h1>
|
408 |
+
|
409 |
+
<?php //action?>
|
410 |
|
|
|
|
|
|
|
|
|
|
|
411 |
|
|
|
|
|
|
|
|
|
412 |
<?php _e("Some things can't be done automatically. Before you migrate, please check for: ", 'really-simple-ssl'); ?>
|
413 |
<p>
|
414 |
<ul>
|
423 |
<li> <?php printf(__("It is recommended to take a %sbackup%s of your site before activating SSL", 'really-simple-ssl'), $link_open, $link_close); ?> </li>
|
424 |
</ul>
|
425 |
</p>
|
426 |
+
<?php
|
427 |
+
}
|
|
|
|
|
|
|
|
|
428 |
|
429 |
/**
|
430 |
* @since 2.3
|
436 |
if ($this->site_has_ssl || (defined('rsssl_force_activate') && rsssl_force_activate)) {
|
437 |
?>
|
438 |
<p>
|
439 |
+
<div class="rsssl-activate-ssl-button">
|
440 |
<form action="" method="post">
|
441 |
<?php wp_nonce_field('rsssl_nonce', 'rsssl_nonce'); ?>
|
|
|
|
|
|
|
|
|
442 |
<input type="submit" class='button button-primary'
|
443 |
value="<?php _e("Go ahead, activate SSL!", "really-simple-ssl"); ?>" id="rsssl_do_activate_ssl"
|
444 |
name="rsssl_do_activate_ssl">
|
445 |
<br><?php _e("You may need to login in again.", "really-simple-ssl") ?>
|
446 |
</form>
|
447 |
+
</div>
|
448 |
</p>
|
449 |
<?php
|
450 |
}
|
457 |
|
458 |
public function show_pro()
|
459 |
{
|
460 |
+
if ($this->site_has_ssl) {
|
461 |
?>
|
462 |
<p><?php _e('You can also let the automatic scan of the pro version handle this for you, and get premium support, increased security with HSTS and more!', 'really-simple-ssl'); ?>
|
463 |
<a target="_blank"
|
2012 |
{
|
2013 |
if (!current_user_can($this->capability)) return;
|
2014 |
//hides the settings page if the hide menu for subsites setting is enabled
|
2015 |
+
if (is_multisite() && rsssl_multisite::this()->hide_menu_for_subsites && !is_super_admin()) return;
|
2016 |
|
2017 |
global $rsssl_admin_page;
|
2018 |
$rsssl_admin_page = add_options_page(
|
2311 |
'img' => 'complianz.jpg',
|
2312 |
'title' => 'ComplianZ',
|
2313 |
'description' => __("Do you have visitors from the European Union? Get GDPR ready in 30 minutes with Complianz GDPR. Always up-to-date legal documents by one of the most prominent EU IT Law firms.", "really-simple-ssl"),
|
2314 |
+
'url' => 'https://wordpress.org/plugins/complianz-gdpr/',
|
2315 |
'pro' => true,
|
2316 |
)
|
2317 |
);
|
2845 |
|
2846 |
?>
|
2847 |
<div><input class="thickbox button" title="" type="button" style="display: block; float: left;" alt="#TB_inline?
|
2848 |
+
height=370&width=400&inlineId=deactivate_keep_ssl" value="<?php echo __('Deactivate Plugin and keep SSL', 'really-simple-ssl'); ?>"/></div>
|
2849 |
<div id="deactivate_keep_ssl" style="display: none;">
|
2850 |
|
2851 |
<h1 style="margin: 10px 0; text-align: center;"><?php _e("Are you sure?", "really-simple-ssl") ?></h1>
|
class-front-end.php
CHANGED
@@ -79,6 +79,8 @@ if ( ! class_exists( 'rsssl_front_end' ) ) {
|
|
79 |
//check for Command Line
|
80 |
if (php_sapi_name() === 'cli') return;
|
81 |
|
|
|
|
|
82 |
if ($this->ssl_enabled && !is_ssl() && !(defined("rsssl_no_rest_api_redirect") && rsssl_no_rest_api_redirect)) {
|
83 |
$redirect_url = "https://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
|
84 |
wp_redirect($redirect_url, 301);
|
79 |
//check for Command Line
|
80 |
if (php_sapi_name() === 'cli') return;
|
81 |
|
82 |
+
if (!array_key_exists('HTTP_HOST', $_SERVER)) return;
|
83 |
+
|
84 |
if ($this->ssl_enabled && !is_ssl() && !(defined("rsssl_no_rest_api_redirect") && rsssl_no_rest_api_redirect)) {
|
85 |
$redirect_url = "https://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
|
86 |
wp_redirect($redirect_url, 301);
|
class-mixed-content-fixer.php
CHANGED
@@ -1,166 +1,192 @@
|
|
1 |
<?php
|
2 |
defined('ABSPATH') or die("you do not have access to this page!");
|
3 |
|
4 |
-
if (
|
5 |
-
|
6 |
-
|
7 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8 |
|
9 |
-
function __construct() {
|
10 |
-
if ( isset( self::$_this ) )
|
11 |
-
wp_die( sprintf( __( '%s is a singleton class and you cannot create a second instance.','really-simple-ssl' ), get_class( $this ) ) );
|
12 |
-
|
13 |
-
self::$_this = $this;
|
14 |
-
|
15 |
-
//exclude admin here: for all well built plugins and themes, this should not be necessary.
|
16 |
-
if (!is_admin() && is_ssl() && RSSSL()->rsssl_front_end->autoreplace_insecure_links) {
|
17 |
-
$this->fix_mixed_content();
|
18 |
-
}
|
19 |
-
|
20 |
-
}
|
21 |
-
|
22 |
-
static function this() {
|
23 |
-
return self::$_this;
|
24 |
-
}
|
25 |
-
|
26 |
-
/**
|
27 |
-
*
|
28 |
-
* add action hooks at the start and at the end of the WP process.
|
29 |
-
*
|
30 |
-
* @since 2.3
|
31 |
-
*
|
32 |
-
* @access public
|
33 |
-
*
|
34 |
-
*/
|
35 |
-
|
36 |
-
public function fix_mixed_content(){
|
37 |
-
|
38 |
-
/* Do not fix mixed content when call is coming from wp_api or from xmlrpc */
|
39 |
-
if ( defined( 'JSON_REQUEST' ) && JSON_REQUEST ) return;
|
40 |
-
if ( defined( 'XMLRPC_REQUEST' ) && XMLRPC_REQUEST ) return;
|
41 |
-
|
42 |
-
$this->build_url_list();
|
43 |
-
|
44 |
-
/*
|
45 |
-
Take care with modifications to hooks here:
|
46 |
-
hooks tend to differ between front and back-end.
|
47 |
-
*/
|
48 |
-
|
49 |
-
if (is_admin()) {
|
50 |
-
|
51 |
-
add_action("admin_init", array($this, "start_buffer"), 100);
|
52 |
-
add_action("shutdown", array($this, "end_buffer"), 999);
|
53 |
-
|
54 |
-
} else {
|
55 |
-
|
56 |
-
if (RSSSL()->rsssl_front_end->switch_mixed_content_fixer_hook || (defined( 'RSSSL_CONTENT_FIXER_ON_INIT' ) && RSSSL_CONTENT_FIXER_ON_INIT) ) {
|
57 |
-
add_action("init", array($this, "start_buffer"));
|
58 |
-
} else {
|
59 |
-
add_action("template_redirect", array($this, "start_buffer"));
|
60 |
-
}
|
61 |
-
|
62 |
-
add_action("shutdown", array($this, "end_buffer"), 999);
|
63 |
}
|
64 |
-
}
|
65 |
-
|
66 |
-
|
67 |
-
/**
|
68 |
-
* Apply the mixed content fixer.
|
69 |
-
*
|
70 |
-
* @since 2.3
|
71 |
-
*
|
72 |
-
* @access public
|
73 |
-
*
|
74 |
-
*/
|
75 |
-
|
76 |
-
public function filter_buffer($buffer) {
|
77 |
-
$buffer = $this->replace_insecure_links($buffer);
|
78 |
-
return $buffer;
|
79 |
-
}
|
80 |
-
|
81 |
-
/**
|
82 |
-
* Start buffering the output
|
83 |
-
*
|
84 |
-
* @since 2.0
|
85 |
-
*
|
86 |
-
* @access public
|
87 |
-
*
|
88 |
-
*/
|
89 |
-
|
90 |
-
public function start_buffer(){
|
91 |
-
ob_start(array($this, "filter_buffer"));
|
92 |
-
}
|
93 |
-
|
94 |
-
/**
|
95 |
-
* Flush the output buffer
|
96 |
-
*
|
97 |
-
* @since 2.0
|
98 |
-
*
|
99 |
-
* @access public
|
100 |
-
*
|
101 |
-
*/
|
102 |
-
|
103 |
-
public function end_buffer(){
|
104 |
-
if (ob_get_length()) ob_end_flush();
|
105 |
-
}
|
106 |
-
|
107 |
-
/**
|
108 |
-
* Creates an array of insecure links that should be https and an array of secure links to replace with
|
109 |
-
*
|
110 |
-
* @since 2.0
|
111 |
-
*
|
112 |
-
* @access public
|
113 |
-
*
|
114 |
-
*/
|
115 |
-
|
116 |
-
public function build_url_list() {
|
117 |
-
$home = str_replace ( "https://" , "http://" , get_option('home'));
|
118 |
-
$home_no_www = str_replace ( "://www." , "://" , $home);
|
119 |
-
$home_yes_www = str_replace ( "://" , "://www." , $home_no_www);
|
120 |
-
|
121 |
-
//for the escaped version, we only replace the home_url, not it's www or non www counterpart, as it is most likely not used
|
122 |
-
$escaped_home = str_replace ( "/" , "\/" , $home);
|
123 |
-
|
124 |
-
$this->http_urls = array(
|
125 |
-
$home_yes_www,
|
126 |
-
$home_no_www,
|
127 |
-
$escaped_home,
|
128 |
-
"src='http://",
|
129 |
-
'src="http://',
|
130 |
-
"srcset='http://",
|
131 |
-
'srcset="http://',
|
132 |
-
);
|
133 |
-
}
|
134 |
-
|
135 |
-
/**
|
136 |
-
* Just before the page is sent to the visitor's browser, all homeurl links are replaced with https.
|
137 |
-
*
|
138 |
-
* @since 1.0
|
139 |
-
*
|
140 |
-
* @access public
|
141 |
-
*
|
142 |
-
*/
|
143 |
-
|
144 |
-
public function replace_insecure_links($str) {
|
145 |
-
|
146 |
-
$search_array = apply_filters('rlrsssl_replace_url_args', $this->http_urls);
|
147 |
-
$ssl_array = str_replace ( array("http://", "http:\/\/") , array("https://", "https:\/\/"), $search_array);
|
148 |
-
//now replace these links
|
149 |
-
$str = str_replace ($search_array , $ssl_array , $str);
|
150 |
-
|
151 |
-
//replace all http links except hyperlinks
|
152 |
-
//all tags with src attr are already fixed by str_replace
|
153 |
-
$pattern = array(
|
154 |
-
'/url\([\'"]?\K(http:\/\/)(?=[^)]+)/i',
|
155 |
-
'/<link [^>]*?href=[\'"]\K(http:\/\/)(?=[^\'"]+)/i',
|
156 |
-
'/<meta property="og:image" [^>]*?content=[\'"]\K(http:\/\/)(?=[^\'"]+)/i',
|
157 |
-
'/<form [^>]*?action=[\'"]\K(http:\/\/)(?=[^\'"]+)/i',
|
158 |
-
);
|
159 |
-
$str = preg_replace($pattern, 'https://', $str);
|
160 |
-
$str = str_replace ( "<body" , '<body data-rsssl=1', $str);
|
161 |
-
return apply_filters("rsssl_fixer_output", $str);
|
162 |
-
|
163 |
-
}
|
164 |
-
|
165 |
-
}
|
166 |
}
|
|
1 |
<?php
|
2 |
defined('ABSPATH') or die("you do not have access to this page!");
|
3 |
|
4 |
+
if (!class_exists('rsssl_admin_mixed_content_fixer')) {
|
5 |
+
class rsssl_mixed_content_fixer
|
6 |
+
{
|
7 |
+
private static $_this;
|
8 |
+
public $http_urls = array();
|
9 |
+
|
10 |
+
function __construct()
|
11 |
+
{
|
12 |
+
if (isset(self::$_this))
|
13 |
+
wp_die(sprintf(__('%s is a singleton class and you cannot create a second instance.', 'really-simple-ssl'), get_class($this)));
|
14 |
+
|
15 |
+
self::$_this = $this;
|
16 |
+
|
17 |
+
//exclude admin here: for all well built plugins and themes, this should not be necessary.
|
18 |
+
if (!is_admin() && is_ssl() && RSSSL()->rsssl_front_end->autoreplace_insecure_links) {
|
19 |
+
$this->fix_mixed_content();
|
20 |
+
}
|
21 |
+
|
22 |
+
}
|
23 |
+
|
24 |
+
static function this()
|
25 |
+
{
|
26 |
+
return self::$_this;
|
27 |
+
}
|
28 |
+
|
29 |
+
/**
|
30 |
+
*
|
31 |
+
* add action hooks at the start and at the end of the WP process.
|
32 |
+
*
|
33 |
+
* @since 2.3
|
34 |
+
*
|
35 |
+
* @access public
|
36 |
+
*
|
37 |
+
*/
|
38 |
+
|
39 |
+
public function fix_mixed_content()
|
40 |
+
{
|
41 |
+
|
42 |
+
/* Do not fix mixed content when call is coming from wp_api or from xmlrpc */
|
43 |
+
if (defined('JSON_REQUEST') && JSON_REQUEST) return;
|
44 |
+
if (defined('XMLRPC_REQUEST') && XMLRPC_REQUEST) return;
|
45 |
+
|
46 |
+
$this->build_url_list();
|
47 |
+
|
48 |
+
/*
|
49 |
+
Take care with modifications to hooks here:
|
50 |
+
hooks tend to differ between front and back-end.
|
51 |
+
*/
|
52 |
+
|
53 |
+
if (is_admin()) {
|
54 |
+
|
55 |
+
add_action("admin_init", array($this, "start_buffer"), 100);
|
56 |
+
add_action("shutdown", array($this, "end_buffer"), 999);
|
57 |
+
|
58 |
+
} else {
|
59 |
+
|
60 |
+
if (RSSSL()->rsssl_front_end->switch_mixed_content_fixer_hook || (defined('RSSSL_CONTENT_FIXER_ON_INIT') && RSSSL_CONTENT_FIXER_ON_INIT)) {
|
61 |
+
add_action("init", array($this, "start_buffer"));
|
62 |
+
} else {
|
63 |
+
add_action("template_redirect", array($this, "start_buffer"));
|
64 |
+
}
|
65 |
+
|
66 |
+
add_action("shutdown", array($this, "end_buffer"), 999);
|
67 |
+
}
|
68 |
+
}
|
69 |
+
|
70 |
+
|
71 |
+
/**
|
72 |
+
* Apply the mixed content fixer.
|
73 |
+
*
|
74 |
+
* @since 2.3
|
75 |
+
*
|
76 |
+
* @access public
|
77 |
+
*
|
78 |
+
*/
|
79 |
+
|
80 |
+
public function filter_buffer($buffer)
|
81 |
+
{
|
82 |
+
$buffer = $this->replace_insecure_links($buffer);
|
83 |
+
return $buffer;
|
84 |
+
}
|
85 |
+
|
86 |
+
/**
|
87 |
+
* Start buffering the output
|
88 |
+
*
|
89 |
+
* @since 2.0
|
90 |
+
*
|
91 |
+
* @access public
|
92 |
+
*
|
93 |
+
*/
|
94 |
+
|
95 |
+
public function start_buffer()
|
96 |
+
{
|
97 |
+
ob_start(array($this, "filter_buffer"));
|
98 |
+
}
|
99 |
+
|
100 |
+
/**
|
101 |
+
* Flush the output buffer
|
102 |
+
*
|
103 |
+
* @since 2.0
|
104 |
+
*
|
105 |
+
* @access public
|
106 |
+
*
|
107 |
+
*/
|
108 |
+
|
109 |
+
public function end_buffer()
|
110 |
+
{
|
111 |
+
if (ob_get_length()) ob_end_flush();
|
112 |
+
}
|
113 |
+
|
114 |
+
/**
|
115 |
+
* Creates an array of insecure links that should be https and an array of secure links to replace with
|
116 |
+
*
|
117 |
+
* @since 2.0
|
118 |
+
*
|
119 |
+
* @access public
|
120 |
+
*
|
121 |
+
*/
|
122 |
+
|
123 |
+
public function build_url_list()
|
124 |
+
{
|
125 |
+
$home = str_replace("https://", "http://", get_option('home'));
|
126 |
+
$home_no_www = str_replace("://www.", "://", $home);
|
127 |
+
$home_yes_www = str_replace("://", "://www.", $home_no_www);
|
128 |
+
|
129 |
+
//for the escaped version, we only replace the home_url, not it's www or non www counterpart, as it is most likely not used
|
130 |
+
$escaped_home = str_replace("/", "\/", $home);
|
131 |
+
|
132 |
+
$this->http_urls = array(
|
133 |
+
$home_yes_www,
|
134 |
+
$home_no_www,
|
135 |
+
$escaped_home,
|
136 |
+
"src='http://",
|
137 |
+
'src="http://',
|
138 |
+
);
|
139 |
+
}
|
140 |
+
|
141 |
+
/**
|
142 |
+
* Just before the page is sent to the visitor's browser, all homeurl links are replaced with https.
|
143 |
+
*
|
144 |
+
* @since 1.0
|
145 |
+
*
|
146 |
+
* @access public
|
147 |
+
*
|
148 |
+
*/
|
149 |
+
|
150 |
+
public function replace_insecure_links($str)
|
151 |
+
{
|
152 |
+
|
153 |
+
//skip if file is xml
|
154 |
+
if (substr($str, 0, 5) == "<?xml") return $str;
|
155 |
+
|
156 |
+
$search_array = apply_filters('rlrsssl_replace_url_args', $this->http_urls);
|
157 |
+
$ssl_array = str_replace(array("http://", "http:\/\/"), array("https://", "https:\/\/"), $search_array);
|
158 |
+
//now replace these links
|
159 |
+
$str = str_replace($search_array, $ssl_array, $str);
|
160 |
+
|
161 |
+
//replace all http links except hyperlinks
|
162 |
+
//all tags with src attr are already fixed by str_replace
|
163 |
+
$pattern = array(
|
164 |
+
'/url\([\'"]?\K(http:\/\/)(?=[^)]+)/i',
|
165 |
+
'/<link [^>]*?href=[\'"]\K(http:\/\/)(?=[^\'"]+)/i',
|
166 |
+
'/<meta property="og:image" [^>]*?content=[\'"]\K(http:\/\/)(?=[^\'"]+)/i',
|
167 |
+
'/<form [^>]*?action=[\'"]\K(http:\/\/)(?=[^\'"]+)/i',
|
168 |
+
);
|
169 |
+
|
170 |
+
$str = preg_replace($pattern, 'https://', $str);
|
171 |
+
|
172 |
+
/* handle multiple images in srcset */
|
173 |
+
$str = preg_replace_callback('/<img[^\>]*[^\>\S]+srcset=[\'"]\K((?:[^"\'\s,]+\s*(?:\s+\d+[wx])(?:,\s*)?)+)["\']/', array($this, 'replace_src_set'), $str);
|
174 |
+
|
175 |
+
$str = str_replace("<body", '<body data-rsssl=1', $str);
|
176 |
+
|
177 |
+
return apply_filters("rsssl_fixer_output", $str);
|
178 |
+
|
179 |
+
}
|
180 |
+
|
181 |
+
/*
|
182 |
+
* Helper function to maintain PHP 5.2 compatibility. Yes. 5.2.. It's still used...
|
183 |
+
*
|
184 |
+
* */
|
185 |
+
|
186 |
+
public function replace_src_set($matches) {
|
187 |
+
return str_replace("http://", "https://", $matches[0]);
|
188 |
+
}
|
189 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
190 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
191 |
}
|
192 |
+
|
css/main.css
CHANGED
@@ -14,7 +14,9 @@
|
|
14 |
max-width:100%;
|
15 |
/*height:inherit;*/
|
16 |
}
|
17 |
-
|
|
|
|
|
18 |
.activate-ssl ul, .rsssl-result ul, .rsssl_bullets {
|
19 |
list-style-type: square;
|
20 |
margin-left:30px;
|
@@ -460,4 +462,10 @@ hr {
|
|
460 |
|
461 |
.rsssl-button-deactivate-keep-ssl {
|
462 |
margin-right: 15px;
|
|
|
|
|
|
|
|
|
|
|
|
|
463 |
}
|
14 |
max-width:100%;
|
15 |
/*height:inherit;*/
|
16 |
}
|
17 |
+
#message.updated.fade.notice.activate-ssl {
|
18 |
+
padding-top: 10px;
|
19 |
+
}
|
20 |
.activate-ssl ul, .rsssl-result ul, .rsssl_bullets {
|
21 |
list-style-type: square;
|
22 |
margin-left:30px;
|
462 |
|
463 |
.rsssl-button-deactivate-keep-ssl {
|
464 |
margin-right: 15px;
|
465 |
+
}
|
466 |
+
|
467 |
+
.rsssl-scan-button{
|
468 |
+
float: left;
|
469 |
+
margin-top: 17px;
|
470 |
+
margin-right: 5px;
|
471 |
}
|
readme.txt
CHANGED
@@ -1,12 +1,12 @@
|
|
1 |
=== Really Simple SSL ===
|
2 |
-
Contributors: RogierLankhorst
|
3 |
Donate link: https://www.paypal.me/reallysimplessl
|
4 |
Tags: SSL, https, force SSL, mixed content, insecure content, secure website, website security, TLS, security, secure socket layers, HSTS
|
5 |
Requires at least: 4.2
|
6 |
License: GPL2
|
7 |
Tested up to: 4.9.5
|
8 |
Requires PHP: 5.4
|
9 |
-
Stable tag: 3.0.
|
10 |
|
11 |
No setup required! You only need an SSL certificate, and this plugin will do the rest.
|
12 |
|
@@ -79,6 +79,17 @@ If you are experiencing redirect loops on your site, try these [instructions](ht
|
|
79 |
Yes. There is a dedicated network settings page where you can switch between network activated SSL and per page SSL. In the dedicated pro for multisite plugin, you can override all site settings for SSL on the network level, and can activate and deactivate SSL in the network menu for each site.
|
80 |
|
81 |
== Changelog ==
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
82 |
= 3.0.2 =
|
83 |
* Fix: fixed an image containing uppercase characters, which can lead to the image not showing on some servers.
|
84 |
* Fix: fixed an issue where the 'data-rsssl=1' marker wasn't inserted when the <body> tag was empty.
|
1 |
=== Really Simple SSL ===
|
2 |
+
Contributors: RogierLankhorst, markwolters
|
3 |
Donate link: https://www.paypal.me/reallysimplessl
|
4 |
Tags: SSL, https, force SSL, mixed content, insecure content, secure website, website security, TLS, security, secure socket layers, HSTS
|
5 |
Requires at least: 4.2
|
6 |
License: GPL2
|
7 |
Tested up to: 4.9.5
|
8 |
Requires PHP: 5.4
|
9 |
+
Stable tag: 3.0.5
|
10 |
|
11 |
No setup required! You only need an SSL certificate, and this plugin will do the rest.
|
12 |
|
79 |
Yes. There is a dedicated network settings page where you can switch between network activated SSL and per page SSL. In the dedicated pro for multisite plugin, you can override all site settings for SSL on the network level, and can activate and deactivate SSL in the network menu for each site.
|
80 |
|
81 |
== Changelog ==
|
82 |
+
= 3.0.5 =
|
83 |
+
* Fix: untranslatable string made translatable.
|
84 |
+
|
85 |
+
= 3.0.4 =
|
86 |
+
* Fix: removed anonymous function to maintain PHP 5.2 compatibility.
|
87 |
+
|
88 |
+
= 3.0.3 =
|
89 |
+
* Tweak: mixed content fixer will no longer fire on XML content
|
90 |
+
* Tweak: network menu on subsites now always shows to Super Admins
|
91 |
+
* Tweak: flush rewrite rules upon activation is delayed by one minute to reduce server load
|
92 |
+
|
93 |
= 3.0.2 =
|
94 |
* Fix: fixed an image containing uppercase characters, which can lead to the image not showing on some servers.
|
95 |
* Fix: fixed an issue where the 'data-rsssl=1' marker wasn't inserted when the <body> tag was empty.
|
rlrsssl-really-simple-ssl.php
CHANGED
@@ -3,10 +3,10 @@
|
|
3 |
* Plugin Name: Really Simple SSL
|
4 |
* Plugin URI: https://www.really-simple-ssl.com
|
5 |
* Description: Lightweight plugin without any setup to make your site SSL proof
|
6 |
-
* Version: 3.0.
|
7 |
* Text Domain: really-simple-ssl
|
8 |
* Domain Path: /languages
|
9 |
-
* Author: Rogier Lankhorst
|
10 |
* Author URI: https://really-simple-plugins.com
|
11 |
* License: GPL2
|
12 |
*/
|
3 |
* Plugin Name: Really Simple SSL
|
4 |
* Plugin URI: https://www.really-simple-ssl.com
|
5 |
* Description: Lightweight plugin without any setup to make your site SSL proof
|
6 |
+
* Version: 3.0.5
|
7 |
* Text Domain: really-simple-ssl
|
8 |
* Domain Path: /languages
|
9 |
+
* Author: Rogier Lankhorst, Mark Wolters
|
10 |
* Author URI: https://really-simple-plugins.com
|
11 |
* License: GPL2
|
12 |
*/
|