Really Simple SSL - Version 3.0.5

Version Description

  • Fix: untranslatable string made translatable.
Download this release

Release Info

Developer RogierLankhorst
Plugin Icon 128x128 Really Simple SSL
Version 3.0.5
Comparing to
See all releases

Code changes from version 3.0.2 to 3.0.5

Files changed (6) hide show
  1. class-admin.php +74 -42
  2. class-front-end.php +2 -0
  3. class-mixed-content-fixer.php +186 -160
  4. css/main.css +9 -1
  5. readme.txt +13 -2
  6. rlrsssl-really-simple-ssl.php +2 -2
class-admin.php CHANGED
@@ -61,8 +61,6 @@ class rsssl_admin extends rsssl_front_end
61
  register_deactivation_hook(dirname(__FILE__) . "/" . $this->plugin_filename, array($this, 'deactivate'));
62
 
63
  add_action('admin_init', array($this, 'add_privacy_info'));
64
-
65
-
66
  }
67
 
68
  static function this()
@@ -108,6 +106,18 @@ class rsssl_admin extends rsssl_front_end
108
  update_option('rlrsssl_options', $options);
109
  }
110
 
 
 
 
 
 
 
 
 
 
 
 
 
111
  /*
112
  Detect configuration when:
113
  - SSL activation just confirmed.
@@ -124,8 +134,8 @@ class rsssl_admin extends rsssl_front_end
124
  //flush caches when just activated ssl
125
  //flush the permalinks
126
  if ($this->clicked_activate_ssl()) {
127
- if (isset($_POST["rsssl_flush_rewrite_rules"])) {
128
- add_action('shutdown', 'flush_rewrite_rules');
129
  }
130
  add_action('admin_init', array(RSSSL()->rsssl_cache, 'flush'), 40);
131
  }
@@ -144,6 +154,11 @@ class rsssl_admin extends rsssl_front_end
144
 
145
  //when SSL is enabled, and not enabled by user, ask for activation.
146
  add_action("admin_notices", array($this, 'show_notice_activate_ssl'), 10);
 
 
 
 
 
147
 
148
  add_action('plugins_loaded', array($this, 'check_plugin_conflicts'), 30);
149
 
@@ -216,8 +231,6 @@ class rsssl_admin extends rsssl_front_end
216
 
217
  } else {
218
 
219
- error_log("remove from active plugins");
220
-
221
  $current = get_option('active_plugins', array());
222
  $current = $this->remove_plugin_from_array($plugin, $current);
223
  update_option('active_plugins', $current);
@@ -328,8 +341,10 @@ class rsssl_admin extends rsssl_front_end
328
  This message is shown when no SSL is not enabled by the user yet
329
  */
330
 
 
331
  public function show_notice_activate_ssl()
332
  {
 
333
  if ($this->ssl_enabled) return;
334
 
335
  if (defined("RSSSL_DISMISS_ACTIVATE_SSL_NOTICE") && RSSSL_DISMISS_ACTIVATE_SSL_NOTICE) return;
@@ -337,40 +352,63 @@ class rsssl_admin extends rsssl_front_end
337
  //for multisite, show only activate when a choice has been made to activate networkwide or per site.
338
  if (is_multisite() && !RSSSL()->rsssl_multisite->selected_networkwide_or_per_site) return;
339
 
340
- //on multistie, only show this message on the network admin. Per site activated sites have to go to the settings page.
341
  //otherwise sites that do not need SSL possibly get to see this message.
342
 
343
  if (is_multisite() && !is_network_admin()) return;
344
 
345
  if (!$this->wpconfig_ok()) return;
346
 
347
- if (!current_user_can($this->capability)) return; ?>
348
 
349
- <?php if (!$this->site_has_ssl) { ?>
350
- <div id="message" class="error fade notice rsssl-notice-certificate">
351
- <h1><?php echo __("Detected possible certificate issues", "really-simple-ssl"); ?></h1>
352
- <p>
 
 
 
 
353
  <?php
354
- $reload_https_url = "https://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"];
355
- $link_open = '<p><a class="button" target="_blank" href="' . $reload_https_url . '">';
356
- $link_close = '</a></p>';
 
 
 
 
 
 
 
 
 
 
 
 
 
 
357
 
358
- printf(__("Really Simple SSL failed to detect a valid SSL certificate. If you do have an SSL certificate, try to reload this page over https by clicking this button: %sReload over https%s ", "really-simple-ssl"), $link_open, $link_close);
359
 
360
- $ssl_test_url = "https://www.ssllabs.com/ssltest/";
361
- $link_open = '<a target="_blank" href="' . $ssl_test_url . '">';
362
- $link_close = '</a>';
 
 
 
 
 
 
 
 
 
 
 
 
 
 
363
 
364
- printf(__("Really Simple SSL requires a valid SSL certificate. You can check your certificate on %sQualys SSL Labs%s.", "really-simple-ssl"), $link_open, $link_close);
365
- ?>
366
- </p>
367
- </div>
368
- <?php } ?>
369
 
370
- <div id="message" class="updated fade notice activate-ssl">
371
- <?php if ($this->site_has_ssl) { ?>
372
- <h1><?php _e("Almost ready to migrate to SSL!", "really-simple-ssl"); ?></h1>
373
- <?php } ?>
374
  <?php _e("Some things can't be done automatically. Before you migrate, please check for: ", 'really-simple-ssl'); ?>
375
  <p>
376
  <ul>
@@ -385,12 +423,8 @@ class rsssl_admin extends rsssl_front_end
385
  <li> <?php printf(__("It is recommended to take a %sbackup%s of your site before activating SSL", 'really-simple-ssl'), $link_open, $link_close); ?> </li>
386
  </ul>
387
  </p>
388
- <?php $this->show_pro(); ?>
389
-
390
- <?php RSSSL()->really_simple_ssl->show_enable_ssl_button(); ?>
391
- </div>
392
- <?php }
393
-
394
 
395
  /**
396
  * @since 2.3
@@ -402,17 +436,15 @@ class rsssl_admin extends rsssl_front_end
402
  if ($this->site_has_ssl || (defined('rsssl_force_activate') && rsssl_force_activate)) {
403
  ?>
404
  <p>
 
405
  <form action="" method="post">
406
  <?php wp_nonce_field('rsssl_nonce', 'rsssl_nonce'); ?>
407
- <div>
408
- <input type="checkbox" name="rsssl_flush_rewrite_rules"
409
- checked><label><?php _e("Flush rewrite rules on activation (deselect when you encounter errors)", "really-simple-ssl") ?></label>
410
- </div>
411
  <input type="submit" class='button button-primary'
412
  value="<?php _e("Go ahead, activate SSL!", "really-simple-ssl"); ?>" id="rsssl_do_activate_ssl"
413
  name="rsssl_do_activate_ssl">
414
  <br><?php _e("You may need to login in again.", "really-simple-ssl") ?>
415
  </form>
 
416
  </p>
417
  <?php
418
  }
@@ -425,7 +457,7 @@ class rsssl_admin extends rsssl_front_end
425
 
426
  public function show_pro()
427
  {
428
- if (!defined("rsssl_pro_version")) {
429
  ?>
430
  <p><?php _e('You can also let the automatic scan of the pro version handle this for you, and get premium support, increased security with HSTS and more!', 'really-simple-ssl'); ?>
431
  &nbsp;<a target="_blank"
@@ -1980,7 +2012,7 @@ class rsssl_admin extends rsssl_front_end
1980
  {
1981
  if (!current_user_can($this->capability)) return;
1982
  //hides the settings page if the hide menu for subsites setting is enabled
1983
- if (is_multisite() && rsssl_multisite::this()->hide_menu_for_subsites) return;
1984
 
1985
  global $rsssl_admin_page;
1986
  $rsssl_admin_page = add_options_page(
@@ -2279,7 +2311,7 @@ class rsssl_admin extends rsssl_front_end
2279
  'img' => 'complianz.jpg',
2280
  'title' => 'ComplianZ',
2281
  'description' => __("Do you have visitors from the European Union? Get GDPR ready in 30 minutes with Complianz GDPR. Always up-to-date legal documents by one of the most prominent EU IT Law firms.", "really-simple-ssl"),
2282
- 'url' => 'https://complianz.io/',
2283
  'pro' => true,
2284
  )
2285
  );
@@ -2813,7 +2845,7 @@ class rsssl_admin extends rsssl_front_end
2813
 
2814
  ?>
2815
  <div><input class="thickbox button" title="" type="button" style="display: block; float: left;" alt="#TB_inline?
2816
- height=370&width=400&inlineId=deactivate_keep_ssl" value="Deactivate Plugin and keep SSL"/></div>
2817
  <div id="deactivate_keep_ssl" style="display: none;">
2818
 
2819
  <h1 style="margin: 10px 0; text-align: center;"><?php _e("Are you sure?", "really-simple-ssl") ?></h1>
61
  register_deactivation_hook(dirname(__FILE__) . "/" . $this->plugin_filename, array($this, 'deactivate'));
62
 
63
  add_action('admin_init', array($this, 'add_privacy_info'));
 
 
64
  }
65
 
66
  static function this()
106
  update_option('rlrsssl_options', $options);
107
  }
108
 
109
+ /*
110
+ * check if we're one minute past the activation. Then flush rewrite rules
111
+ * this way we lower the memory impact on activation
112
+ * Flush should happen on shutdown, not on init, as often happens in other plugins
113
+ * https://codex.wordpress.org/Function_Reference/flush_rewrite_rules
114
+ * */
115
+
116
+ if (get_option('rsssl_flush_rewrite_rules') && get_option('rsssl_flush_rewrite_rules') < strtotime("+1 minute")){
117
+ delete_option('rsssl_flush_rewrite_rules');
118
+ add_action('shutdown', 'flush_rewrite_rules');
119
+ }
120
+
121
  /*
122
  Detect configuration when:
123
  - SSL activation just confirmed.
134
  //flush caches when just activated ssl
135
  //flush the permalinks
136
  if ($this->clicked_activate_ssl()) {
137
+ if (!defined('RSSSL_NO_FLUSH') || !RSSSL_NO_FLUSH) {
138
+ update_option('rsssl_flush_rewrite_rules', time());
139
  }
140
  add_action('admin_init', array(RSSSL()->rsssl_cache, 'flush'), 40);
141
  }
154
 
155
  //when SSL is enabled, and not enabled by user, ask for activation.
156
  add_action("admin_notices", array($this, 'show_notice_activate_ssl'), 10);
157
+ add_action('rsssl_activation_notice', array($this, 'no_ssl_detected'), 10);
158
+ add_action('rsssl_activation_notice', array($this, 'ssl_detected'), 10);
159
+ add_action('rsssl_activation_notice_inner', array($this, 'almost_ready_to_migrate'), 30);
160
+ add_action('rsssl_activation_notice_inner', array($this, 'show_pro'), 40);
161
+ add_action('rsssl_activation_notice_inner', array($this, 'show_enable_ssl_button'), 50);
162
 
163
  add_action('plugins_loaded', array($this, 'check_plugin_conflicts'), 30);
164
 
231
 
232
  } else {
233
 
 
 
234
  $current = get_option('active_plugins', array());
235
  $current = $this->remove_plugin_from_array($plugin, $current);
236
  update_option('active_plugins', $current);
341
  This message is shown when no SSL is not enabled by the user yet
342
  */
343
 
344
+
345
  public function show_notice_activate_ssl()
346
  {
347
+
348
  if ($this->ssl_enabled) return;
349
 
350
  if (defined("RSSSL_DISMISS_ACTIVATE_SSL_NOTICE") && RSSSL_DISMISS_ACTIVATE_SSL_NOTICE) return;
352
  //for multisite, show only activate when a choice has been made to activate networkwide or per site.
353
  if (is_multisite() && !RSSSL()->rsssl_multisite->selected_networkwide_or_per_site) return;
354
 
355
+ //on multisite, only show this message on the network admin. Per site activated sites have to go to the settings page.
356
  //otherwise sites that do not need SSL possibly get to see this message.
357
 
358
  if (is_multisite() && !is_network_admin()) return;
359
 
360
  if (!$this->wpconfig_ok()) return;
361
 
362
+ if (!current_user_can($this->capability)) return;
363
 
364
+ do_action('rsssl_activation_notice');
365
+
366
+ }
367
+
368
+ public function ssl_detected()
369
+ {
370
+ if ($this->site_has_ssl) { ?>
371
+ <div id="message" class="updated fade notice activate-ssl">
372
  <?php
373
+ do_action('rsssl_activation_notice_inner');
374
+ ?>
375
+ </div>
376
+ <?php
377
+ }
378
+ }
379
+
380
+ public function no_ssl_detected()
381
+ {
382
+ if (!$this->site_has_ssl) { ?>
383
+ <div id="message" class="error fade notice rsssl-notice-certificate">
384
+ <h1><?php echo __("Detected possible certificate issues", "really-simple-ssl"); ?></h1>
385
+ <p>
386
+ <?php
387
+ $reload_https_url = "https://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"];
388
+ $link_open = '<p><a class="button" target="_blank" href="' . $reload_https_url . '">';
389
+ $link_close = '</a></p>';
390
 
391
+ printf(__("Really Simple SSL failed to detect a valid SSL certificate. If you do have an SSL certificate, try to reload this page over https by clicking this button: %sReload over https%s ", "really-simple-ssl"), $link_open, $link_close);
392
 
393
+ $ssl_test_url = "https://www.ssllabs.com/ssltest/";
394
+ $link_open = '<a target="_blank" href="' . $ssl_test_url . '">';
395
+ $link_close = '</a>';
396
+
397
+ printf(__("Really Simple SSL requires a valid SSL certificate. You can check your certificate on %sQualys SSL Labs%s.", "really-simple-ssl"), $link_open, $link_close);
398
+ ?>
399
+ </p>
400
+ </div>
401
+ <?php }
402
+ }
403
+
404
+
405
+ public function almost_ready_to_migrate()
406
+ { ?>
407
+ <h1><?php _e("Almost ready to migrate to SSL!", "really-simple-ssl"); ?></h1>
408
+
409
+ <?php //action?>
410
 
 
 
 
 
 
411
 
 
 
 
 
412
  <?php _e("Some things can't be done automatically. Before you migrate, please check for: ", 'really-simple-ssl'); ?>
413
  <p>
414
  <ul>
423
  <li> <?php printf(__("It is recommended to take a %sbackup%s of your site before activating SSL", 'really-simple-ssl'), $link_open, $link_close); ?> </li>
424
  </ul>
425
  </p>
426
+ <?php
427
+ }
 
 
 
 
428
 
429
  /**
430
  * @since 2.3
436
  if ($this->site_has_ssl || (defined('rsssl_force_activate') && rsssl_force_activate)) {
437
  ?>
438
  <p>
439
+ <div class="rsssl-activate-ssl-button">
440
  <form action="" method="post">
441
  <?php wp_nonce_field('rsssl_nonce', 'rsssl_nonce'); ?>
 
 
 
 
442
  <input type="submit" class='button button-primary'
443
  value="<?php _e("Go ahead, activate SSL!", "really-simple-ssl"); ?>" id="rsssl_do_activate_ssl"
444
  name="rsssl_do_activate_ssl">
445
  <br><?php _e("You may need to login in again.", "really-simple-ssl") ?>
446
  </form>
447
+ </div>
448
  </p>
449
  <?php
450
  }
457
 
458
  public function show_pro()
459
  {
460
+ if ($this->site_has_ssl) {
461
  ?>
462
  <p><?php _e('You can also let the automatic scan of the pro version handle this for you, and get premium support, increased security with HSTS and more!', 'really-simple-ssl'); ?>
463
  &nbsp;<a target="_blank"
2012
  {
2013
  if (!current_user_can($this->capability)) return;
2014
  //hides the settings page if the hide menu for subsites setting is enabled
2015
+ if (is_multisite() && rsssl_multisite::this()->hide_menu_for_subsites && !is_super_admin()) return;
2016
 
2017
  global $rsssl_admin_page;
2018
  $rsssl_admin_page = add_options_page(
2311
  'img' => 'complianz.jpg',
2312
  'title' => 'ComplianZ',
2313
  'description' => __("Do you have visitors from the European Union? Get GDPR ready in 30 minutes with Complianz GDPR. Always up-to-date legal documents by one of the most prominent EU IT Law firms.", "really-simple-ssl"),
2314
+ 'url' => 'https://wordpress.org/plugins/complianz-gdpr/',
2315
  'pro' => true,
2316
  )
2317
  );
2845
 
2846
  ?>
2847
  <div><input class="thickbox button" title="" type="button" style="display: block; float: left;" alt="#TB_inline?
2848
+ height=370&width=400&inlineId=deactivate_keep_ssl" value="<?php echo __('Deactivate Plugin and keep SSL', 'really-simple-ssl'); ?>"/></div>
2849
  <div id="deactivate_keep_ssl" style="display: none;">
2850
 
2851
  <h1 style="margin: 10px 0; text-align: center;"><?php _e("Are you sure?", "really-simple-ssl") ?></h1>
class-front-end.php CHANGED
@@ -79,6 +79,8 @@ if ( ! class_exists( 'rsssl_front_end' ) ) {
79
  //check for Command Line
80
  if (php_sapi_name() === 'cli') return;
81
 
 
 
82
  if ($this->ssl_enabled && !is_ssl() && !(defined("rsssl_no_rest_api_redirect") && rsssl_no_rest_api_redirect)) {
83
  $redirect_url = "https://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
84
  wp_redirect($redirect_url, 301);
79
  //check for Command Line
80
  if (php_sapi_name() === 'cli') return;
81
 
82
+ if (!array_key_exists('HTTP_HOST', $_SERVER)) return;
83
+
84
  if ($this->ssl_enabled && !is_ssl() && !(defined("rsssl_no_rest_api_redirect") && rsssl_no_rest_api_redirect)) {
85
  $redirect_url = "https://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
86
  wp_redirect($redirect_url, 301);
class-mixed-content-fixer.php CHANGED
@@ -1,166 +1,192 @@
1
  <?php
2
  defined('ABSPATH') or die("you do not have access to this page!");
3
 
4
- if ( ! class_exists( 'rsssl_admin_mixed_content_fixer' ) ) {
5
- class rsssl_mixed_content_fixer {
6
- private static $_this;
7
- public $http_urls = array();
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
8
 
9
- function __construct() {
10
- if ( isset( self::$_this ) )
11
- wp_die( sprintf( __( '%s is a singleton class and you cannot create a second instance.','really-simple-ssl' ), get_class( $this ) ) );
12
-
13
- self::$_this = $this;
14
-
15
- //exclude admin here: for all well built plugins and themes, this should not be necessary.
16
- if (!is_admin() && is_ssl() && RSSSL()->rsssl_front_end->autoreplace_insecure_links) {
17
- $this->fix_mixed_content();
18
- }
19
-
20
- }
21
-
22
- static function this() {
23
- return self::$_this;
24
- }
25
-
26
- /**
27
- *
28
- * add action hooks at the start and at the end of the WP process.
29
- *
30
- * @since 2.3
31
- *
32
- * @access public
33
- *
34
- */
35
-
36
- public function fix_mixed_content(){
37
-
38
- /* Do not fix mixed content when call is coming from wp_api or from xmlrpc */
39
- if ( defined( 'JSON_REQUEST' ) && JSON_REQUEST ) return;
40
- if ( defined( 'XMLRPC_REQUEST' ) && XMLRPC_REQUEST ) return;
41
-
42
- $this->build_url_list();
43
-
44
- /*
45
- Take care with modifications to hooks here:
46
- hooks tend to differ between front and back-end.
47
- */
48
-
49
- if (is_admin()) {
50
-
51
- add_action("admin_init", array($this, "start_buffer"), 100);
52
- add_action("shutdown", array($this, "end_buffer"), 999);
53
-
54
- } else {
55
-
56
- if (RSSSL()->rsssl_front_end->switch_mixed_content_fixer_hook || (defined( 'RSSSL_CONTENT_FIXER_ON_INIT' ) && RSSSL_CONTENT_FIXER_ON_INIT) ) {
57
- add_action("init", array($this, "start_buffer"));
58
- } else {
59
- add_action("template_redirect", array($this, "start_buffer"));
60
- }
61
-
62
- add_action("shutdown", array($this, "end_buffer"), 999);
63
  }
64
- }
65
-
66
-
67
- /**
68
- * Apply the mixed content fixer.
69
- *
70
- * @since 2.3
71
- *
72
- * @access public
73
- *
74
- */
75
-
76
- public function filter_buffer($buffer) {
77
- $buffer = $this->replace_insecure_links($buffer);
78
- return $buffer;
79
- }
80
-
81
- /**
82
- * Start buffering the output
83
- *
84
- * @since 2.0
85
- *
86
- * @access public
87
- *
88
- */
89
-
90
- public function start_buffer(){
91
- ob_start(array($this, "filter_buffer"));
92
- }
93
-
94
- /**
95
- * Flush the output buffer
96
- *
97
- * @since 2.0
98
- *
99
- * @access public
100
- *
101
- */
102
-
103
- public function end_buffer(){
104
- if (ob_get_length()) ob_end_flush();
105
- }
106
-
107
- /**
108
- * Creates an array of insecure links that should be https and an array of secure links to replace with
109
- *
110
- * @since 2.0
111
- *
112
- * @access public
113
- *
114
- */
115
-
116
- public function build_url_list() {
117
- $home = str_replace ( "https://" , "http://" , get_option('home'));
118
- $home_no_www = str_replace ( "://www." , "://" , $home);
119
- $home_yes_www = str_replace ( "://" , "://www." , $home_no_www);
120
-
121
- //for the escaped version, we only replace the home_url, not it's www or non www counterpart, as it is most likely not used
122
- $escaped_home = str_replace ( "/" , "\/" , $home);
123
-
124
- $this->http_urls = array(
125
- $home_yes_www,
126
- $home_no_www,
127
- $escaped_home,
128
- "src='http://",
129
- 'src="http://',
130
- "srcset='http://",
131
- 'srcset="http://',
132
- );
133
- }
134
-
135
- /**
136
- * Just before the page is sent to the visitor's browser, all homeurl links are replaced with https.
137
- *
138
- * @since 1.0
139
- *
140
- * @access public
141
- *
142
- */
143
-
144
- public function replace_insecure_links($str) {
145
-
146
- $search_array = apply_filters('rlrsssl_replace_url_args', $this->http_urls);
147
- $ssl_array = str_replace ( array("http://", "http:\/\/") , array("https://", "https:\/\/"), $search_array);
148
- //now replace these links
149
- $str = str_replace ($search_array , $ssl_array , $str);
150
-
151
- //replace all http links except hyperlinks
152
- //all tags with src attr are already fixed by str_replace
153
- $pattern = array(
154
- '/url\([\'"]?\K(http:\/\/)(?=[^)]+)/i',
155
- '/<link [^>]*?href=[\'"]\K(http:\/\/)(?=[^\'"]+)/i',
156
- '/<meta property="og:image" [^>]*?content=[\'"]\K(http:\/\/)(?=[^\'"]+)/i',
157
- '/<form [^>]*?action=[\'"]\K(http:\/\/)(?=[^\'"]+)/i',
158
- );
159
- $str = preg_replace($pattern, 'https://', $str);
160
- $str = str_replace ( "<body" , '<body data-rsssl=1', $str);
161
- return apply_filters("rsssl_fixer_output", $str);
162
-
163
- }
164
-
165
- }
166
  }
 
1
  <?php
2
  defined('ABSPATH') or die("you do not have access to this page!");
3
 
4
+ if (!class_exists('rsssl_admin_mixed_content_fixer')) {
5
+ class rsssl_mixed_content_fixer
6
+ {
7
+ private static $_this;
8
+ public $http_urls = array();
9
+
10
+ function __construct()
11
+ {
12
+ if (isset(self::$_this))
13
+ wp_die(sprintf(__('%s is a singleton class and you cannot create a second instance.', 'really-simple-ssl'), get_class($this)));
14
+
15
+ self::$_this = $this;
16
+
17
+ //exclude admin here: for all well built plugins and themes, this should not be necessary.
18
+ if (!is_admin() && is_ssl() && RSSSL()->rsssl_front_end->autoreplace_insecure_links) {
19
+ $this->fix_mixed_content();
20
+ }
21
+
22
+ }
23
+
24
+ static function this()
25
+ {
26
+ return self::$_this;
27
+ }
28
+
29
+ /**
30
+ *
31
+ * add action hooks at the start and at the end of the WP process.
32
+ *
33
+ * @since 2.3
34
+ *
35
+ * @access public
36
+ *
37
+ */
38
+
39
+ public function fix_mixed_content()
40
+ {
41
+
42
+ /* Do not fix mixed content when call is coming from wp_api or from xmlrpc */
43
+ if (defined('JSON_REQUEST') && JSON_REQUEST) return;
44
+ if (defined('XMLRPC_REQUEST') && XMLRPC_REQUEST) return;
45
+
46
+ $this->build_url_list();
47
+
48
+ /*
49
+ Take care with modifications to hooks here:
50
+ hooks tend to differ between front and back-end.
51
+ */
52
+
53
+ if (is_admin()) {
54
+
55
+ add_action("admin_init", array($this, "start_buffer"), 100);
56
+ add_action("shutdown", array($this, "end_buffer"), 999);
57
+
58
+ } else {
59
+
60
+ if (RSSSL()->rsssl_front_end->switch_mixed_content_fixer_hook || (defined('RSSSL_CONTENT_FIXER_ON_INIT') && RSSSL_CONTENT_FIXER_ON_INIT)) {
61
+ add_action("init", array($this, "start_buffer"));
62
+ } else {
63
+ add_action("template_redirect", array($this, "start_buffer"));
64
+ }
65
+
66
+ add_action("shutdown", array($this, "end_buffer"), 999);
67
+ }
68
+ }
69
+
70
+
71
+ /**
72
+ * Apply the mixed content fixer.
73
+ *
74
+ * @since 2.3
75
+ *
76
+ * @access public
77
+ *
78
+ */
79
+
80
+ public function filter_buffer($buffer)
81
+ {
82
+ $buffer = $this->replace_insecure_links($buffer);
83
+ return $buffer;
84
+ }
85
+
86
+ /**
87
+ * Start buffering the output
88
+ *
89
+ * @since 2.0
90
+ *
91
+ * @access public
92
+ *
93
+ */
94
+
95
+ public function start_buffer()
96
+ {
97
+ ob_start(array($this, "filter_buffer"));
98
+ }
99
+
100
+ /**
101
+ * Flush the output buffer
102
+ *
103
+ * @since 2.0
104
+ *
105
+ * @access public
106
+ *
107
+ */
108
+
109
+ public function end_buffer()
110
+ {
111
+ if (ob_get_length()) ob_end_flush();
112
+ }
113
+
114
+ /**
115
+ * Creates an array of insecure links that should be https and an array of secure links to replace with
116
+ *
117
+ * @since 2.0
118
+ *
119
+ * @access public
120
+ *
121
+ */
122
+
123
+ public function build_url_list()
124
+ {
125
+ $home = str_replace("https://", "http://", get_option('home'));
126
+ $home_no_www = str_replace("://www.", "://", $home);
127
+ $home_yes_www = str_replace("://", "://www.", $home_no_www);
128
+
129
+ //for the escaped version, we only replace the home_url, not it's www or non www counterpart, as it is most likely not used
130
+ $escaped_home = str_replace("/", "\/", $home);
131
+
132
+ $this->http_urls = array(
133
+ $home_yes_www,
134
+ $home_no_www,
135
+ $escaped_home,
136
+ "src='http://",
137
+ 'src="http://',
138
+ );
139
+ }
140
+
141
+ /**
142
+ * Just before the page is sent to the visitor's browser, all homeurl links are replaced with https.
143
+ *
144
+ * @since 1.0
145
+ *
146
+ * @access public
147
+ *
148
+ */
149
+
150
+ public function replace_insecure_links($str)
151
+ {
152
+
153
+ //skip if file is xml
154
+ if (substr($str, 0, 5) == "<?xml") return $str;
155
+
156
+ $search_array = apply_filters('rlrsssl_replace_url_args', $this->http_urls);
157
+ $ssl_array = str_replace(array("http://", "http:\/\/"), array("https://", "https:\/\/"), $search_array);
158
+ //now replace these links
159
+ $str = str_replace($search_array, $ssl_array, $str);
160
+
161
+ //replace all http links except hyperlinks
162
+ //all tags with src attr are already fixed by str_replace
163
+ $pattern = array(
164
+ '/url\([\'"]?\K(http:\/\/)(?=[^)]+)/i',
165
+ '/<link [^>]*?href=[\'"]\K(http:\/\/)(?=[^\'"]+)/i',
166
+ '/<meta property="og:image" [^>]*?content=[\'"]\K(http:\/\/)(?=[^\'"]+)/i',
167
+ '/<form [^>]*?action=[\'"]\K(http:\/\/)(?=[^\'"]+)/i',
168
+ );
169
+
170
+ $str = preg_replace($pattern, 'https://', $str);
171
+
172
+ /* handle multiple images in srcset */
173
+ $str = preg_replace_callback('/<img[^\>]*[^\>\S]+srcset=[\'"]\K((?:[^"\'\s,]+\s*(?:\s+\d+[wx])(?:,\s*)?)+)["\']/', array($this, 'replace_src_set'), $str);
174
+
175
+ $str = str_replace("<body", '<body data-rsssl=1', $str);
176
+
177
+ return apply_filters("rsssl_fixer_output", $str);
178
+
179
+ }
180
+
181
+ /*
182
+ * Helper function to maintain PHP 5.2 compatibility. Yes. 5.2.. It's still used...
183
+ *
184
+ * */
185
+
186
+ public function replace_src_set($matches) {
187
+ return str_replace("http://", "https://", $matches[0]);
188
+ }
189
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
190
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
191
  }
192
+
css/main.css CHANGED
@@ -14,7 +14,9 @@
14
  max-width:100%;
15
  /*height:inherit;*/
16
  }
17
-
 
 
18
  .activate-ssl ul, .rsssl-result ul, .rsssl_bullets {
19
  list-style-type: square;
20
  margin-left:30px;
@@ -460,4 +462,10 @@ hr {
460
 
461
  .rsssl-button-deactivate-keep-ssl {
462
  margin-right: 15px;
 
 
 
 
 
 
463
  }
14
  max-width:100%;
15
  /*height:inherit;*/
16
  }
17
+ #message.updated.fade.notice.activate-ssl {
18
+ padding-top: 10px;
19
+ }
20
  .activate-ssl ul, .rsssl-result ul, .rsssl_bullets {
21
  list-style-type: square;
22
  margin-left:30px;
462
 
463
  .rsssl-button-deactivate-keep-ssl {
464
  margin-right: 15px;
465
+ }
466
+
467
+ .rsssl-scan-button{
468
+ float: left;
469
+ margin-top: 17px;
470
+ margin-right: 5px;
471
  }
readme.txt CHANGED
@@ -1,12 +1,12 @@
1
  === Really Simple SSL ===
2
- Contributors: RogierLankhorst
3
  Donate link: https://www.paypal.me/reallysimplessl
4
  Tags: SSL, https, force SSL, mixed content, insecure content, secure website, website security, TLS, security, secure socket layers, HSTS
5
  Requires at least: 4.2
6
  License: GPL2
7
  Tested up to: 4.9.5
8
  Requires PHP: 5.4
9
- Stable tag: 3.0.2
10
 
11
  No setup required! You only need an SSL certificate, and this plugin will do the rest.
12
 
@@ -79,6 +79,17 @@ If you are experiencing redirect loops on your site, try these [instructions](ht
79
  Yes. There is a dedicated network settings page where you can switch between network activated SSL and per page SSL. In the dedicated pro for multisite plugin, you can override all site settings for SSL on the network level, and can activate and deactivate SSL in the network menu for each site.
80
 
81
  == Changelog ==
 
 
 
 
 
 
 
 
 
 
 
82
  = 3.0.2 =
83
  * Fix: fixed an image containing uppercase characters, which can lead to the image not showing on some servers.
84
  * Fix: fixed an issue where the 'data-rsssl=1' marker wasn't inserted when the <body> tag was empty.
1
  === Really Simple SSL ===
2
+ Contributors: RogierLankhorst, markwolters
3
  Donate link: https://www.paypal.me/reallysimplessl
4
  Tags: SSL, https, force SSL, mixed content, insecure content, secure website, website security, TLS, security, secure socket layers, HSTS
5
  Requires at least: 4.2
6
  License: GPL2
7
  Tested up to: 4.9.5
8
  Requires PHP: 5.4
9
+ Stable tag: 3.0.5
10
 
11
  No setup required! You only need an SSL certificate, and this plugin will do the rest.
12
 
79
  Yes. There is a dedicated network settings page where you can switch between network activated SSL and per page SSL. In the dedicated pro for multisite plugin, you can override all site settings for SSL on the network level, and can activate and deactivate SSL in the network menu for each site.
80
 
81
  == Changelog ==
82
+ = 3.0.5 =
83
+ * Fix: untranslatable string made translatable.
84
+
85
+ = 3.0.4 =
86
+ * Fix: removed anonymous function to maintain PHP 5.2 compatibility.
87
+
88
+ = 3.0.3 =
89
+ * Tweak: mixed content fixer will no longer fire on XML content
90
+ * Tweak: network menu on subsites now always shows to Super Admins
91
+ * Tweak: flush rewrite rules upon activation is delayed by one minute to reduce server load
92
+
93
  = 3.0.2 =
94
  * Fix: fixed an image containing uppercase characters, which can lead to the image not showing on some servers.
95
  * Fix: fixed an issue where the 'data-rsssl=1' marker wasn't inserted when the <body> tag was empty.
rlrsssl-really-simple-ssl.php CHANGED
@@ -3,10 +3,10 @@
3
  * Plugin Name: Really Simple SSL
4
  * Plugin URI: https://www.really-simple-ssl.com
5
  * Description: Lightweight plugin without any setup to make your site SSL proof
6
- * Version: 3.0.2
7
  * Text Domain: really-simple-ssl
8
  * Domain Path: /languages
9
- * Author: Rogier Lankhorst
10
  * Author URI: https://really-simple-plugins.com
11
  * License: GPL2
12
  */
3
  * Plugin Name: Really Simple SSL
4
  * Plugin URI: https://www.really-simple-ssl.com
5
  * Description: Lightweight plugin without any setup to make your site SSL proof
6
+ * Version: 3.0.5
7
  * Text Domain: really-simple-ssl
8
  * Domain Path: /languages
9
+ * Author: Rogier Lankhorst, Mark Wolters
10
  * Author URI: https://really-simple-plugins.com
11
  * License: GPL2
12
  */