Really Simple SSL - Version 3.1

Version Description

  • Fix: fixed a bug in certificate detection
  • Tweak: added HTTP_X_PROTO as supported header
  • Tweak: split HTTP_X_FORWARDED_SSL into a variation which can be either '1' or 'on'
  • Tweak: improved certificate detection by stripping domains of subfolders.
  • Tweak: Multisite bulk SSL activation now chunked in 200 site blocks, to prevent time out issues on large multisite networks.
  • Tweak: a 'leave review' notice for new free users
Download this release

Release Info

Developer RogierLankhorst
Plugin Icon 128x128 Really Simple SSL
Version 3.1
Comparing to
See all releases

Code changes from version 3.0.5 to 3.1

Files changed (14) hide show
  1. class-admin.php +131 -15
  2. class-certificate.php +11 -7
  3. class-multisite.php +168 -26
  4. css/main.css +55 -0
  5. multisite-cron.php +28 -0
  6. readme.txt +9 -1
  7. rlrsssl-really-simple-ssl.php +102 -88
  8. ssl-test-page.php +49 -39
  9. testssl/serverhttpxforwardedssl1/.htaccess +5 -0
  10. testssl/serverhttpxforwardedssl1/ssl-test-page.html +9 -0
  11. testssl/serverhttpxforwardedsslon/.htaccess +5 -0
  12. testssl/serverhttpxforwardedsslon/ssl-test-page.html +9 -0
  13. testssl/serverhttpxproto/.htaccess +5 -0
  14. testssl/serverhttpxproto/ssl-test-page.html +9 -0
class-admin.php CHANGED
@@ -32,6 +32,7 @@ class rsssl_admin extends rsssl_front_end
32
  public $javascript_redirect = FALSE;
33
  public $htaccess_redirect = FALSE;
34
  public $htaccess_warning_shown = FALSE;
 
35
  public $ssl_success_message_shown = FALSE;
36
  public $hsts = FALSE;
37
  public $debug = TRUE;
@@ -61,6 +62,7 @@ class rsssl_admin extends rsssl_front_end
61
  register_deactivation_hook(dirname(__FILE__) . "/" . $this->plugin_filename, array($this, 'deactivate'));
62
 
63
  add_action('admin_init', array($this, 'add_privacy_info'));
 
64
  }
65
 
66
  static function this()
@@ -113,7 +115,7 @@ class rsssl_admin extends rsssl_front_end
113
  * https://codex.wordpress.org/Function_Reference/flush_rewrite_rules
114
  * */
115
 
116
- if (get_option('rsssl_flush_rewrite_rules') && get_option('rsssl_flush_rewrite_rules') < strtotime("+1 minute")){
117
  delete_option('rsssl_flush_rewrite_rules');
118
  add_action('shutdown', 'flush_rewrite_rules');
119
  }
@@ -144,7 +146,6 @@ class rsssl_admin extends rsssl_front_end
144
  //if we were to activate ssl, this could result in a redirect loop. So warn first.
145
  add_action("admin_notices", array($this, 'show_notice_wpconfig_needs_fixes'));
146
  if (is_multisite()) add_action('network_admin_notices', array($this, 'show_notice_wpconfig_needs_fixes'), 10);
147
-
148
  $this->ssl_enabled = false;
149
  $this->save_options();
150
  } elseif ($this->ssl_enabled) {
@@ -181,9 +182,14 @@ class rsssl_admin extends rsssl_front_end
181
  //callbacks for the ajax dismiss buttons
182
  add_action('wp_ajax_dismiss_htaccess_warning', array($this, 'dismiss_htaccess_warning_callback'));
183
  add_action('wp_ajax_dismiss_success_message', array($this, 'dismiss_success_message_callback'));
 
184
 
185
  //handle notices
186
  add_action('admin_notices', array($this, 'show_notices'));
 
 
 
 
187
  add_action("update_option_rlrsssl_options", array($this, "update_htaccess_after_settings_save"), 20, 3);
188
  }
189
 
@@ -294,6 +300,11 @@ class rsssl_admin extends rsssl_front_end
294
 
295
  if (isset($_POST['rsssl_do_activate_ssl'])) {
296
  $this->activate_ssl();
 
 
 
 
 
297
  return true;
298
  }
299
 
@@ -303,7 +314,7 @@ class rsssl_admin extends rsssl_front_end
303
 
304
  /*
305
  Activate the SSL for this site
306
- */
307
 
308
  public function activate_ssl()
309
  {
@@ -505,6 +516,7 @@ class rsssl_admin extends rsssl_front_end
505
  $this->site_has_ssl = isset($options['site_has_ssl']) ? $options['site_has_ssl'] : FALSE;
506
  $this->hsts = isset($options['hsts']) ? $options['hsts'] : FALSE;
507
  $this->htaccess_warning_shown = isset($options['htaccess_warning_shown']) ? $options['htaccess_warning_shown'] : FALSE;
 
508
  $this->ssl_success_message_shown = isset($options['ssl_success_message_shown']) ? $options['ssl_success_message_shown'] : FALSE;
509
  $this->plugin_db_version = isset($options['plugin_db_version']) ? $options['plugin_db_version'] : "1.0";
510
  $this->debug = isset($options['debug']) ? $options['debug'] : FALSE;
@@ -866,6 +878,7 @@ class rsssl_admin extends rsssl_front_end
866
  $rule .= '|| (isset($_SERVER["HTTP_CF_VISITOR"]) && (strpos($_SERVER["HTTP_CF_VISITOR"], "https") !== false))' . "\n";
867
  $rule .= '|| (isset($_SERVER["HTTP_CLOUDFRONT_FORWARDED_PROTO"]) && (strpos($_SERVER["HTTP_CLOUDFRONT_FORWARDED_PROTO"], "https") !== false))' . "\n";
868
  $rule .= '|| (isset($_SERVER["HTTP_X_FORWARDED_PROTO"]) && (strpos($_SERVER["HTTP_X_FORWARDED_PROTO"], "https") !== false))' . "\n";
 
869
  $rule .= ') {' . "\n";
870
  $rule .= '$_SERVER["HTTPS"] = "on";' . "\n";
871
  $rule .= '}' . "\n";
@@ -1089,6 +1102,7 @@ class rsssl_admin extends rsssl_front_end
1089
  'site_has_ssl' => $this->site_has_ssl,
1090
  'hsts' => $this->hsts,
1091
  'htaccess_warning_shown' => $this->htaccess_warning_shown,
 
1092
  'ssl_success_message_shown' => $this->ssl_success_message_shown,
1093
  'autoreplace_insecure_links' => $this->autoreplace_insecure_links,
1094
  'plugin_db_version' => $this->plugin_db_version,
@@ -1135,6 +1149,7 @@ class rsssl_admin extends rsssl_front_end
1135
  $this->site_has_ssl = FALSE;
1136
  $this->hsts = FALSE;
1137
  $this->htaccess_warning_shown = FALSE;
 
1138
  $this->ssl_success_message_shown = FALSE;
1139
  $this->autoreplace_insecure_links = TRUE;
1140
  $this->do_not_edit_htaccess = FALSE;
@@ -1176,6 +1191,7 @@ class rsssl_admin extends rsssl_front_end
1176
  || (isset($_SERVER['HTTP_CF_VISITOR']) && (strpos($_SERVER['HTTP_CF_VISITOR'], 'https') !== false))
1177
  || (isset($_SERVER['HTTP_CLOUDFRONT_FORWARDED_PROTO']) && (strpos($_SERVER['HTTP_CLOUDFRONT_FORWARDED_PROTO'], 'https') !== false))
1178
  || (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false))
 
1179
  ) {
1180
  $server_var = TRUE;
1181
  }
@@ -1223,8 +1239,12 @@ class rsssl_admin extends rsssl_front_end
1223
  $this->ssl_type = "CLOUDFLARE";
1224
  } elseif ((strpos($filecontents, "#LOADBALANCER#") !== false) || (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https'))) {
1225
  $this->ssl_type = "LOADBALANCER";
1226
- } elseif ((strpos($filecontents, "#CDN#") !== false) || (isset($_SERVER['HTTP_X_FORWARDED_SSL']) && ($_SERVER['HTTP_X_FORWARDED_SSL'] == 'on' || $_SERVER['HTTP_X_FORWARDED_SSL'] == '1'))) {
1227
- $this->ssl_type = "CDN";
 
 
 
 
1228
  } elseif ((strpos($filecontents, "#SERVER-HTTPS-ON#") !== false) || (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on')) {
1229
  $this->ssl_type = "SERVER-HTTPS-ON";
1230
  } elseif ((strpos($filecontents, "#SERVER-HTTPS-1#") !== false) || (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == '1')) {
@@ -1294,8 +1314,14 @@ class rsssl_admin extends rsssl_front_end
1294
  case "LOADBALANCER":
1295
  $testpage_url .= "loadbalancer";
1296
  break;
1297
- case "CDN":
1298
- $testpage_url .= "cdn";
 
 
 
 
 
 
1299
  break;
1300
  case "SERVER-HTTPS-ON":
1301
  $testpage_url .= "serverhttpson";
@@ -1704,14 +1730,18 @@ class rsssl_admin extends rsssl_front_end
1704
  $rule .= "RewriteCond %{HTTPS} !=1" . "\n";
1705
  } elseif ($this->ssl_type == "LOADBALANCER") {
1706
  $rule .= "RewriteCond %{HTTP:X-Forwarded-Proto} !https" . "\n";
 
 
1707
  } elseif ($this->ssl_type == "CLOUDFLARE") {
1708
  $rule .= "RewriteCond %{HTTP:CF-Visitor} '" . '"scheme":"http"' . "'" . "\n";//some concatenation to get the quotes right.
1709
  } elseif ($this->ssl_type == "SERVERPORT443") {
1710
  $rule .= "RewriteCond %{SERVER_PORT} !443" . "\n";
1711
  } elseif ($this->ssl_type == "CLOUDFRONT") {
1712
  $rule .= "RewriteCond %{HTTP:CloudFront-Forwarded-Proto} !https" . "\n";
1713
- } elseif ($this->ssl_type == "CDN") {
1714
  $rule .= "RewriteCond %{HTTP:X-Forwarded-SSL} !on" . "\n";
 
 
1715
  } elseif ($type == "ENVHTTPS") {
1716
  $rule .= "RewriteCond %{ENV:HTTPS} !=on" . "\n";
1717
  }
@@ -1793,7 +1823,7 @@ class rsssl_admin extends rsssl_front_end
1793
  <br><br><code>
1794
  //Begin Really Simple SSL Load balancing fix<br>
1795
  $server_opts = array("HTTP_CLOUDFRONT_FORWARDED_PROTO" => "https", "HTTP_CF_VISITOR"=>"https",
1796
- "HTTP_X_FORWARDED_PROTO"=>"https", "HTTP_X_FORWARDED_SSL"=>"on",
1797
  "HTTP_X_FORWARDED_SSL"=>"1");<br>
1798
  foreach( $server_opts as $option => $value ) {<br>
1799
  &nbsp;if ((isset($_ENV["HTTPS"]) && ( "on" == $_ENV["HTTPS"] )) || (isset( $_SERVER[ $option ] )
@@ -1821,6 +1851,24 @@ class rsssl_admin extends rsssl_front_end
1821
  <?php
1822
  }
1823
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1824
 
1825
  /**
1826
  * Show notices
@@ -1935,7 +1983,7 @@ class rsssl_admin extends rsssl_front_end
1935
  }
1936
 
1937
  /**
1938
- * Insert some ajax script to dismis the htaccess failed fail message, and stop nagging about it
1939
  *
1940
  * @since 2.0
1941
  *
@@ -1963,6 +2011,48 @@ class rsssl_admin extends rsssl_front_end
1963
  <?php
1964
  }
1965
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1966
  /**
1967
  * Process the ajax dismissal of the success message.
1968
  *
@@ -1998,6 +2088,32 @@ class rsssl_admin extends rsssl_front_end
1998
  wp_die(); // this is required to terminate immediately and return a proper response
1999
  }
2000
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
2001
 
2002
  /**
2003
  * Adds the admin options page
@@ -2310,7 +2426,7 @@ class rsssl_admin extends rsssl_front_end
2310
  $this->get_banner_html(array(
2311
  'img' => 'complianz.jpg',
2312
  'title' => 'ComplianZ',
2313
- 'description' => __("Do you have visitors from the European Union? Get GDPR ready in 30 minutes with Complianz GDPR. Always up-to-date legal documents by one of the most prominent EU IT Law firms.", "really-simple-ssl"),
2314
  'url' => 'https://wordpress.org/plugins/complianz-gdpr/',
2315
  'pro' => true,
2316
  )
@@ -2350,6 +2466,7 @@ class rsssl_admin extends rsssl_front_end
2350
  );
2351
 
2352
  }
 
2353
 
2354
  if (defined("EDD_SL_PLUGIN_DIR") && (get_locale() === 'nl_NL')) {
2355
  $this->get_banner_html(array(
@@ -2372,7 +2489,7 @@ class rsssl_admin extends rsssl_front_end
2372
  );
2373
 
2374
  }
2375
- } ?>
2376
  </div>
2377
  <?php }
2378
  ?>
@@ -2599,6 +2716,7 @@ class rsssl_admin extends rsssl_front_end
2599
  $newinput['site_has_ssl'] = $this->site_has_ssl;
2600
  $newinput['ssl_success_message_shown'] = $this->ssl_success_message_shown;
2601
  $newinput['htaccess_warning_shown'] = $this->htaccess_warning_shown;
 
2602
  $newinput['plugin_db_version'] = $this->plugin_db_version;
2603
  $newinput['ssl_enabled'] = $this->ssl_enabled;
2604
  $newinput['debug_log'] = $this->debug_log;
@@ -2666,7 +2784,7 @@ class rsssl_admin extends rsssl_front_end
2666
 
2667
  public function get_option_debug()
2668
  {
2669
- $options = get_option('rlrsssl_options');
2670
  echo '<input id="rlrsssl_options" name="rlrsssl_options[debug]" size="40" type="checkbox" value="1"' . checked(1, $this->debug, false) . " />";
2671
  RSSSL()->rsssl_help->get_help_tip(__("Enable this option to get debug info in the debug tab.", "really-simple-ssl"));
2672
 
@@ -2691,7 +2809,6 @@ class rsssl_admin extends rsssl_front_end
2691
  $javascript_redirect = TRUE;
2692
  $comment = __("This option is enabled on the network menu.", "really-simple-ssl");
2693
  }
2694
-
2695
  echo '<input ' . $disabled . ' id="rlrsssl_options" name="rlrsssl_options[javascript_redirect]" size="40" type="checkbox" value="1"' . checked(1, $javascript_redirect, false) . " />";
2696
  RSSSL()->rsssl_help->get_help_tip(__("This is a fallback you should only use if other redirection methods do not work.", "really-simple-ssl"));
2697
  echo $comment;
@@ -3058,5 +3175,4 @@ class rsssl_admin extends rsssl_front_end
3058
  return $filecontents;
3059
  }
3060
 
3061
-
3062
  } //class closure
32
  public $javascript_redirect = FALSE;
33
  public $htaccess_redirect = FALSE;
34
  public $htaccess_warning_shown = FALSE;
35
+ public $review_notice_shown = FALSE;
36
  public $ssl_success_message_shown = FALSE;
37
  public $hsts = FALSE;
38
  public $debug = TRUE;
62
  register_deactivation_hook(dirname(__FILE__) . "/" . $this->plugin_filename, array($this, 'deactivate'));
63
 
64
  add_action('admin_init', array($this, 'add_privacy_info'));
65
+
66
  }
67
 
68
  static function this()
115
  * https://codex.wordpress.org/Function_Reference/flush_rewrite_rules
116
  * */
117
 
118
+ if (get_option('rsssl_flush_rewrite_rules') && get_option('rsssl_flush_rewrite_rules') < strtotime("-1 minute")){
119
  delete_option('rsssl_flush_rewrite_rules');
120
  add_action('shutdown', 'flush_rewrite_rules');
121
  }
146
  //if we were to activate ssl, this could result in a redirect loop. So warn first.
147
  add_action("admin_notices", array($this, 'show_notice_wpconfig_needs_fixes'));
148
  if (is_multisite()) add_action('network_admin_notices', array($this, 'show_notice_wpconfig_needs_fixes'), 10);
 
149
  $this->ssl_enabled = false;
150
  $this->save_options();
151
  } elseif ($this->ssl_enabled) {
182
  //callbacks for the ajax dismiss buttons
183
  add_action('wp_ajax_dismiss_htaccess_warning', array($this, 'dismiss_htaccess_warning_callback'));
184
  add_action('wp_ajax_dismiss_success_message', array($this, 'dismiss_success_message_callback'));
185
+ add_action('wp_ajax_dismiss_review_notice', array($this, 'dismiss_review_notice_callback'));
186
 
187
  //handle notices
188
  add_action('admin_notices', array($this, 'show_notices'));
189
+ //show review notice, only to free users
190
+ if (!defined("rsssl_pro_version") && (!defined("rsssl_pp_version")) && (!defined("rsssl_soc_version")) && (!class_exists('RSSSL_PRO'))) {
191
+ add_action('admin_notices', array($this, 'show_leave_review_notice'));
192
+ }
193
  add_action("update_option_rlrsssl_options", array($this, "update_htaccess_after_settings_save"), 20, 3);
194
  }
195
 
300
 
301
  if (isset($_POST['rsssl_do_activate_ssl'])) {
302
  $this->activate_ssl();
303
+
304
+ //if (empty(get_option('rsssl_activation_timestamp'))) {
305
+ update_option('rsssl_activation_timestamp', time());
306
+ //}
307
+
308
  return true;
309
  }
310
 
314
 
315
  /*
316
  Activate the SSL for this site
317
+ */
318
 
319
  public function activate_ssl()
320
  {
516
  $this->site_has_ssl = isset($options['site_has_ssl']) ? $options['site_has_ssl'] : FALSE;
517
  $this->hsts = isset($options['hsts']) ? $options['hsts'] : FALSE;
518
  $this->htaccess_warning_shown = isset($options['htaccess_warning_shown']) ? $options['htaccess_warning_shown'] : FALSE;
519
+ $this->review_notice_shown = isset($options['review_notice_shown']) ? $options['review_notice_shown'] : FALSE;
520
  $this->ssl_success_message_shown = isset($options['ssl_success_message_shown']) ? $options['ssl_success_message_shown'] : FALSE;
521
  $this->plugin_db_version = isset($options['plugin_db_version']) ? $options['plugin_db_version'] : "1.0";
522
  $this->debug = isset($options['debug']) ? $options['debug'] : FALSE;
878
  $rule .= '|| (isset($_SERVER["HTTP_CF_VISITOR"]) && (strpos($_SERVER["HTTP_CF_VISITOR"], "https") !== false))' . "\n";
879
  $rule .= '|| (isset($_SERVER["HTTP_CLOUDFRONT_FORWARDED_PROTO"]) && (strpos($_SERVER["HTTP_CLOUDFRONT_FORWARDED_PROTO"], "https") !== false))' . "\n";
880
  $rule .= '|| (isset($_SERVER["HTTP_X_FORWARDED_PROTO"]) && (strpos($_SERVER["HTTP_X_FORWARDED_PROTO"], "https") !== false))' . "\n";
881
+ $rule .= '|| (isset($_SERVER["HTTP_X_PROTO"]) && (strpos($_SERVER["HTTP_X_PROTO"], "SSL") !== false))' . "\n";
882
  $rule .= ') {' . "\n";
883
  $rule .= '$_SERVER["HTTPS"] = "on";' . "\n";
884
  $rule .= '}' . "\n";
1102
  'site_has_ssl' => $this->site_has_ssl,
1103
  'hsts' => $this->hsts,
1104
  'htaccess_warning_shown' => $this->htaccess_warning_shown,
1105
+ 'review_notice_shown' => $this->review_notice_shown,
1106
  'ssl_success_message_shown' => $this->ssl_success_message_shown,
1107
  'autoreplace_insecure_links' => $this->autoreplace_insecure_links,
1108
  'plugin_db_version' => $this->plugin_db_version,
1149
  $this->site_has_ssl = FALSE;
1150
  $this->hsts = FALSE;
1151
  $this->htaccess_warning_shown = FALSE;
1152
+ $this->review_notice_shown = FALSE;
1153
  $this->ssl_success_message_shown = FALSE;
1154
  $this->autoreplace_insecure_links = TRUE;
1155
  $this->do_not_edit_htaccess = FALSE;
1191
  || (isset($_SERVER['HTTP_CF_VISITOR']) && (strpos($_SERVER['HTTP_CF_VISITOR'], 'https') !== false))
1192
  || (isset($_SERVER['HTTP_CLOUDFRONT_FORWARDED_PROTO']) && (strpos($_SERVER['HTTP_CLOUDFRONT_FORWARDED_PROTO'], 'https') !== false))
1193
  || (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false))
1194
+ || (isset($_SERVER['HTTP_X_PROTO']) && (strpos($_SERVER['HTTP_X_PROTO'], 'SSL') !== false))
1195
  ) {
1196
  $server_var = TRUE;
1197
  }
1239
  $this->ssl_type = "CLOUDFLARE";
1240
  } elseif ((strpos($filecontents, "#LOADBALANCER#") !== false) || (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https'))) {
1241
  $this->ssl_type = "LOADBALANCER";
1242
+ } elseif ((strpos($filecontents, "#HTTP_X_PROTO#") !== false) || (isset($_SERVER['HTTP_X_PROTO']) && ($_SERVER['HTTP_X_PROTO'] == 'SSL'))) {
1243
+ $this->ssl_type = "HTTP_X_PROTO";
1244
+ } elseif ((strpos($filecontents, "#HTTP_X_FORWARDED_SSL_ON#") !== false) || (isset($_SERVER['HTTP_X_FORWARDED_SSL']) && $_SERVER['HTTP_X_FORWARDED_SSL'] == 'on')) {
1245
+ $this->ssl_type = "HTTP_X_FORWARDED_SSL_ON";
1246
+ } elseif ((strpos($filecontents, "#HTTP_X_FORWARDED_SSL_1#") !== false) || (isset($_SERVER['HTTP_X_FORWARDED_SSL']) && $_SERVER['HTTP_X_FORWARDED_SSL'] == '1')) {
1247
+ $this->ssl_type = "HTTP_X_FORWARDED_SSL_1";
1248
  } elseif ((strpos($filecontents, "#SERVER-HTTPS-ON#") !== false) || (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on')) {
1249
  $this->ssl_type = "SERVER-HTTPS-ON";
1250
  } elseif ((strpos($filecontents, "#SERVER-HTTPS-1#") !== false) || (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == '1')) {
1314
  case "LOADBALANCER":
1315
  $testpage_url .= "loadbalancer";
1316
  break;
1317
+ case "HTTP_X_PROTO":
1318
+ $testpage_url .= "serverhttpxproto";
1319
+ break;
1320
+ case "HTTP_X_FORWARDED_SSL_ON":
1321
+ $testpage_url .= "serverhttpxforwardedsslon";
1322
+ break;
1323
+ case "HTTP_X_FORWARDED_SSL_1":
1324
+ $testpage_url .= "serverhttpxforwardedssl1";
1325
  break;
1326
  case "SERVER-HTTPS-ON":
1327
  $testpage_url .= "serverhttpson";
1730
  $rule .= "RewriteCond %{HTTPS} !=1" . "\n";
1731
  } elseif ($this->ssl_type == "LOADBALANCER") {
1732
  $rule .= "RewriteCond %{HTTP:X-Forwarded-Proto} !https" . "\n";
1733
+ } elseif ($this->ssl_type == "HTTP_X_PROTO") {
1734
+ $rule .= "RewriteCond %{HTTP:X-Proto} !SSL" . "\n";
1735
  } elseif ($this->ssl_type == "CLOUDFLARE") {
1736
  $rule .= "RewriteCond %{HTTP:CF-Visitor} '" . '"scheme":"http"' . "'" . "\n";//some concatenation to get the quotes right.
1737
  } elseif ($this->ssl_type == "SERVERPORT443") {
1738
  $rule .= "RewriteCond %{SERVER_PORT} !443" . "\n";
1739
  } elseif ($this->ssl_type == "CLOUDFRONT") {
1740
  $rule .= "RewriteCond %{HTTP:CloudFront-Forwarded-Proto} !https" . "\n";
1741
+ } elseif ($this->ssl_type == "HTTP_X_FORWARDED_SSL_ON") {
1742
  $rule .= "RewriteCond %{HTTP:X-Forwarded-SSL} !on" . "\n";
1743
+ } elseif ($this->ssl_type == "HTTP_X_FORWARDED_SSL_1") {
1744
+ $rule .= "RewriteCond %{HTTP:X-Forwarded-SSL} !=1" . "\n";
1745
  } elseif ($type == "ENVHTTPS") {
1746
  $rule .= "RewriteCond %{ENV:HTTPS} !=on" . "\n";
1747
  }
1823
  <br><br><code>
1824
  //Begin Really Simple SSL Load balancing fix<br>
1825
  $server_opts = array("HTTP_CLOUDFRONT_FORWARDED_PROTO" => "https", "HTTP_CF_VISITOR"=>"https",
1826
+ "HTTP_X_FORWARDED_PROTO"=>"https", "HTTP_X_FORWARDED_SSL"=>"on", "HTTP_X_PROTO"=>"SSL",
1827
  "HTTP_X_FORWARDED_SSL"=>"1");<br>
1828
  foreach( $server_opts as $option => $value ) {<br>
1829
  &nbsp;if ((isset($_ENV["HTTPS"]) && ( "on" == $_ENV["HTTPS"] )) || (isset( $_SERVER[ $option ] )
1851
  <?php
1852
  }
1853
 
1854
+ public function show_leave_review_notice()
1855
+ {
1856
+ if (!$this->review_notice_shown && get_option('rsssl_activation_timestamp') && get_option('rsssl_activation_timestamp') < strtotime("-1 month")) {
1857
+ add_action('admin_print_footer_scripts', array($this, 'insert_dismiss_review'));
1858
+ ?>
1859
+ <div id="message" class="updated fade notice is-dismissible rlrsssl-review">
1860
+ <p><?php printf(__('Hi, you have been using Really Simple SSL for a month now, awesome! If you have a moment, please consider leaving a review on WordPress.org to spread the word. We greatly appreciate it! If you have any questions or feedback, leave us a %smessage%s.', 'really-simple-ssl'),'<a href="https://really-simple-ssl.com/contact" target="_blank">','</a>'); ?></p>
1861
+ <i>- Rogier</i>
1862
+ <?php //Inline style because the main.css stylesheet is only included on Really Simple SSL admin pages.?>
1863
+ <ul style="margin-left: 30px; list-style: square;">
1864
+ <li><p style="margin-top: -5px;"><a target="_blank" href="https://wordpress.org/support/plugin/really-simple-ssl/reviews/#new-post"><?php _e('Leave a review', 'really-simple-ssl'); ?></a></p></li>
1865
+ <li><p style="margin-top: -5px;"><a href="#" id="maybe-later"><?php _e('Maybe later', 'really-simple-ssl'); ?></a></p></li>
1866
+ <li><p style="margin-top: -5px;"><a href="#" class="review-dismiss"><?php _e('No thanks', 'really-simple-ssl'); ?></a></p></li>
1867
+ </ul>
1868
+ </div>
1869
+ <?php
1870
+ }
1871
+ }
1872
 
1873
  /**
1874
  * Show notices
1983
  }
1984
 
1985
  /**
1986
+ * Insert some ajax script to dismiss the htaccess failed fail message, and stop nagging about it
1987
  *
1988
  * @since 2.0
1989
  *
2011
  <?php
2012
  }
2013
 
2014
+ /**
2015
+ * Insert some ajax script to dismiss the review notice, and stop nagging about it
2016
+ *
2017
+ * @since 2.0
2018
+ *
2019
+ * @access public
2020
+ *
2021
+ * type: dismiss, later
2022
+ *
2023
+ */
2024
+
2025
+ public function insert_dismiss_review()
2026
+ {
2027
+ $ajax_nonce = wp_create_nonce("really-simple-ssl");
2028
+ ?>
2029
+ <script type='text/javascript'>
2030
+ jQuery(document).ready(function ($) {
2031
+ $(".rlrsssl-review.notice.is-dismissible").on("click", ".notice-dismiss", function (event) {
2032
+ rsssl_dismiss_review('dismiss');
2033
+ });
2034
+ $(".rlrsssl-review.notice.is-dismissible").on("click", "#maybe-later", function (event) {
2035
+ rsssl_dismiss_review('later');
2036
+ $(this).closest('.rlrsssl-review').remove();
2037
+ });
2038
+ $(".rlrsssl-review.notice.is-dismissible").on("click", ".review-dismiss", function (event) {
2039
+ rsssl_dismiss_review('dismiss');
2040
+ $(this).closest('.rlrsssl-review').remove();
2041
+ });
2042
+
2043
+ function rsssl_dismiss_review(type){
2044
+ var data = {
2045
+ 'action': 'dismiss_review_notice',
2046
+ 'type' : type,
2047
+ 'security': '<?php echo $ajax_nonce; ?>'
2048
+ };
2049
+ $.post(ajaxurl, data, function (response) {});
2050
+ }
2051
+ });
2052
+ </script>
2053
+ <?php
2054
+ }
2055
+
2056
  /**
2057
  * Process the ajax dismissal of the success message.
2058
  *
2088
  wp_die(); // this is required to terminate immediately and return a proper response
2089
  }
2090
 
2091
+ /**
2092
+ * Process the ajax dismissal of the htaccess message.
2093
+ *
2094
+ * @since 2.1
2095
+ *
2096
+ * @access public
2097
+ *
2098
+ */
2099
+
2100
+ public function dismiss_review_notice_callback()
2101
+ {
2102
+ check_ajax_referer('really-simple-ssl', 'security');
2103
+
2104
+ $type = isset($_POST['type']) ? $_POST['type'] : false;
2105
+
2106
+ if ($type === 'dismiss'){
2107
+ $this->review_notice_shown = TRUE;
2108
+ }
2109
+ if ($type === 'later') {
2110
+ //Reset activation timestamp, notice will show again in one month.
2111
+ update_option('rsssl_activation_timestamp', time());
2112
+ }
2113
+
2114
+ $this->save_options();
2115
+ wp_die(); // this is required to terminate immediately and return a proper response
2116
+ }
2117
 
2118
  /**
2119
  * Adds the admin options page
2426
  $this->get_banner_html(array(
2427
  'img' => 'complianz.jpg',
2428
  'title' => 'ComplianZ',
2429
+ 'description' => __("The Complianz GDPR Privacy Suite for WordPress. Simple, Quick and Complete. Up-to-date legal documents by one of the most prominent EU IT Law firms.", "really-simple-ssl"),
2430
  'url' => 'https://wordpress.org/plugins/complianz-gdpr/',
2431
  'pro' => true,
2432
  )
2466
  );
2467
 
2468
  }
2469
+ }
2470
 
2471
  if (defined("EDD_SL_PLUGIN_DIR") && (get_locale() === 'nl_NL')) {
2472
  $this->get_banner_html(array(
2489
  );
2490
 
2491
  }
2492
+ ?>
2493
  </div>
2494
  <?php }
2495
  ?>
2716
  $newinput['site_has_ssl'] = $this->site_has_ssl;
2717
  $newinput['ssl_success_message_shown'] = $this->ssl_success_message_shown;
2718
  $newinput['htaccess_warning_shown'] = $this->htaccess_warning_shown;
2719
+ $newinput['review_notice_shown'] = $this->review_notice_shown;
2720
  $newinput['plugin_db_version'] = $this->plugin_db_version;
2721
  $newinput['ssl_enabled'] = $this->ssl_enabled;
2722
  $newinput['debug_log'] = $this->debug_log;
2784
 
2785
  public function get_option_debug()
2786
  {
2787
+ $options = get_option('rlrsssl_options');
2788
  echo '<input id="rlrsssl_options" name="rlrsssl_options[debug]" size="40" type="checkbox" value="1"' . checked(1, $this->debug, false) . " />";
2789
  RSSSL()->rsssl_help->get_help_tip(__("Enable this option to get debug info in the debug tab.", "really-simple-ssl"));
2790
 
2809
  $javascript_redirect = TRUE;
2810
  $comment = __("This option is enabled on the network menu.", "really-simple-ssl");
2811
  }
 
2812
  echo '<input ' . $disabled . ' id="rlrsssl_options" name="rlrsssl_options[javascript_redirect]" size="40" type="checkbox" value="1"' . checked(1, $javascript_redirect, false) . " />";
2813
  RSSSL()->rsssl_help->get_help_tip(__("This is a fallback you should only use if other redirection methods do not work.", "really-simple-ssl"));
2814
  echo $comment;
3175
  return $filecontents;
3176
  }
3177
 
 
3178
  } //class closure
class-certificate.php CHANGED
@@ -37,6 +37,9 @@ if ( ! class_exists( 'rsssl_certificate' ) ) {
37
 
38
  //Get current domain
39
  $domain = site_url();
 
 
 
40
 
41
  if (function_exists('stream_context_get_params')) {
42
  //get certificate info
@@ -49,9 +52,10 @@ if ( ! class_exists( 'rsssl_certificate' ) ) {
49
  //Check if date is valid
50
  $date_valid = $this->is_date_valid($certinfo);
51
  //Domain and date valid? Return true
52
- if ($domain_valid && $date_valid) return true;
 
 
53
  }
54
-
55
  return false;
56
  }
57
 
@@ -75,8 +79,9 @@ if ( ! class_exists( 'rsssl_certificate' ) ) {
75
  $certificate_alternative_names = isset($certinfo['extensions']['subjectAltName']) ? $certinfo['extensions']['subjectAltName'] : false;
76
 
77
  //Check if the domain is found in either the certificate common name(s) (CN) or alternative name(s) (AN)
78
- $pos_cn = strpos($domain, $certificate_common_names);
79
- $pos_an = strpos($domain, $certificate_alternative_names);
 
80
 
81
  //If the domain is found, return true
82
  if (($pos_cn !== false) || ($pos_an !== false)) return true;
@@ -130,7 +135,6 @@ if ( ! class_exists( 'rsssl_certificate' ) ) {
130
 
131
  public function is_wildcard()
132
  {
133
- //$domain = "http://cnet.com";
134
  $domain = network_site_url();
135
 
136
  $certinfo = $this->get_certinfo($domain);
@@ -161,10 +165,10 @@ if ( ! class_exists( 'rsssl_certificate' ) ) {
161
  */
162
 
163
 
164
- public function get_certinfo($domain)
165
  {
 
166
  //check if the certificate is still valid, and send an email to the administrator if this is not the case.
167
- $url = $domain;
168
  $original_parse = parse_url($url, PHP_URL_HOST);
169
 
170
  if ($original_parse) {
37
 
38
  //Get current domain
39
  $domain = site_url();
40
+ //Parse to strip off any /subfolder/
41
+ $parse = parse_url($domain);
42
+ $domain = $parse['host'];
43
 
44
  if (function_exists('stream_context_get_params')) {
45
  //get certificate info
52
  //Check if date is valid
53
  $date_valid = $this->is_date_valid($certinfo);
54
  //Domain and date valid? Return true
55
+ if ($domain_valid && $date_valid) {
56
+ return true;
57
+ }
58
  }
 
59
  return false;
60
  }
61
 
79
  $certificate_alternative_names = isset($certinfo['extensions']['subjectAltName']) ? $certinfo['extensions']['subjectAltName'] : false;
80
 
81
  //Check if the domain is found in either the certificate common name(s) (CN) or alternative name(s) (AN)
82
+
83
+ $pos_cn = strpos($certificate_common_names, $domain);
84
+ $pos_an = strpos($certificate_alternative_names, $domain);
85
 
86
  //If the domain is found, return true
87
  if (($pos_cn !== false) || ($pos_an !== false)) return true;
135
 
136
  public function is_wildcard()
137
  {
 
138
  $domain = network_site_url();
139
 
140
  $certinfo = $this->get_certinfo($domain);
165
  */
166
 
167
 
168
+ public function get_certinfo($url)
169
  {
170
+ $url = 'https://'.$url;
171
  //check if the certificate is still valid, and send an email to the administrator if this is not the case.
 
172
  $original_parse = parse_url($url, PHP_URL_HOST);
173
 
174
  if ($original_parse) {
class-multisite.php CHANGED
@@ -50,15 +50,21 @@ if (!class_exists('rsssl_multisite')) {
50
 
51
  if (is_network_admin()) {
52
  add_action('network_admin_notices', array($this, 'show_notices'), 10);
 
53
  add_action('admin_print_footer_scripts', array($this, 'insert_dismiss_success'));
 
54
  }
55
 
56
  add_action('wp_ajax_dismiss_success_message_multisite', array($this, 'dismiss_success_message_callback'));
 
57
  add_action('wp_ajax_rsssl_pro_dismiss_pro_option_notice', array($this, 'dismiss_pro_option_notice'));
58
  add_action("network_admin_notices", array($this, 'show_pro_option_notice'));
59
  add_action("rsssl_show_network_tab_settings", array($this, 'settings_tab'));
60
  add_action('wpmu_new_blog', array($this, 'maybe_activate_ssl_in_new_blog'), 10, 6);
61
 
 
 
 
62
  }
63
 
64
  static function this()
@@ -66,6 +72,7 @@ if (!class_exists('rsssl_multisite')) {
66
  return self::$_this;
67
  }
68
 
 
69
  /*
70
 
71
  When a new site is added, maybe activate SSL as well.
@@ -242,19 +249,17 @@ if (!class_exists('rsssl_multisite')) {
242
 
243
  $this->save_options();
244
 
245
- if ($this->ssl_enabled_networkwide) {
 
 
246
  //enable SSL on all sites on the network
247
- $this->activate_ssl_networkwide();
248
- } elseif ($prev_ssl_enabled_networkwide != $this->ssl_enabled_networkwide) {
249
- //if we switch to per page, we deactivate SSL on all pages first, but only if the setting was changed.
250
- $sites = $this->get_sites_bw_compatible();
251
- foreach ($sites as $site) {
252
- $this->switch_to_blog_bw_compatible($site);
253
- RSSSL()->really_simple_ssl->deactivate_ssl();
254
- restore_current_blog(); //switches back to previous blog, not current, so we have to do it each loop
255
- }
256
  }
257
 
 
 
 
 
 
258
 
259
  // At last we redirect back to our options page.
260
  wp_redirect(add_query_arg(array('page' => $this->page_slug, 'updated' => 'true'), network_admin_url('settings.php')));
@@ -382,7 +387,8 @@ if (!class_exists('rsssl_multisite')) {
382
  $this->save_options();
383
 
384
  //enable SSL on all sites on the network
385
- $this->activate_ssl_networkwide();
 
386
 
387
  }
388
 
@@ -417,29 +423,120 @@ if (!class_exists('rsssl_multisite')) {
417
  }
418
 
419
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
420
  public function activate_ssl_networkwide()
421
  {
 
 
 
422
 
423
- //set all sites as enabled
424
- $sites = $this->get_sites_bw_compatible();
425
 
426
- foreach ($sites as $site) {
427
- $this->switch_to_blog_bw_compatible($site);
428
- RSSSL()->really_simple_ssl->activate_ssl();
429
- restore_current_blog(); //switches back to previous blog, not current, so we have to do it each loop
 
 
 
 
 
 
430
  }
431
 
 
432
  }
433
 
434
 
435
  //change deprecated function depending on version.
436
- public function get_sites_bw_compatible()
 
 
 
 
 
 
437
  {
438
  global $wp_version;
439
 
440
- //make sure all blogs are returned, not only the first 100.
441
  $args = array(
442
- 'number' => get_blog_count()
 
443
  );
444
  $sites = ($wp_version >= 4.6) ? get_sites($args) : wp_get_sites();
445
  return $sites;
@@ -462,7 +559,6 @@ if (!class_exists('rsssl_multisite')) {
462
 
463
  public function deactivate()
464
  {
465
-
466
  $options = get_site_option("rlrsssl_network_options");
467
  $options["selected_networkwide_or_per_site"] = false;
468
  $options["wp_redirect"] = false;
@@ -478,7 +574,8 @@ if (!class_exists('rsssl_multisite')) {
478
  unset($options["ssl_enabled_networkwide"]);
479
  update_site_option("rlrsssl_network_options", $options);
480
 
481
- $sites = $this->get_sites_bw_compatible();
 
482
  foreach ($sites as $site) {
483
  $this->switch_to_blog_bw_compatible($site);
484
  RSSSL()->really_simple_ssl->deactivate_ssl();
@@ -557,7 +654,7 @@ if (!class_exists('rsssl_multisite')) {
557
  if (!is_multisite()) return FALSE;
558
  //we check this manually, as the SUBDOMAIN_INSTALL constant of wordpress might return false for domain mapping configs
559
  $is_subfolder = FALSE;
560
- $sites = $this->get_sites_bw_compatible();
561
  foreach ($sites as $site) {
562
  $this->switch_to_blog_bw_compatible($site);
563
  if ($this->is_subfolder(home_url())) {
@@ -627,6 +724,22 @@ if (!class_exists('rsssl_multisite')) {
627
  <?php
628
  }
629
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
630
  /*
631
  SSL success message
632
  */
@@ -669,7 +782,7 @@ if (!class_exists('rsssl_multisite')) {
669
 
670
  if (!RSSSL()->really_simple_ssl->ssl_enabled && !$this->is_multisite_subfolder_install() && !RSSSL()->rsssl_certificate->is_wildcard() && !get_site_option("rsssl_wildcard_message_shown")) {
671
  ?>
672
- <div id="message" class="error fade notice is-dismissible">
673
  <p>
674
  <?php _e("You run a Multisite installation with subdomains, but your site doesn't have a wildcard certificate.", 'really-simple-ssl'); ?>
675
  <?php _e("This leads to issues when activating SSL networkwide since subdomains will be forced over SSL as well while they don't have a valid certificate.", 'really-simple-ssl'); ?>
@@ -715,6 +828,31 @@ if (!class_exists('rsssl_multisite')) {
715
  }
716
  }
717
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
718
  /**
719
  * Process the ajax dismissal of the success message.
720
  *
@@ -726,8 +864,6 @@ if (!class_exists('rsssl_multisite')) {
726
 
727
  public function dismiss_success_message_callback()
728
  {
729
- //nonce check fails if url is changed to SSL.
730
- //check_ajax_referer( 'really-simple-ssl-dismiss', 'security' );
731
  update_site_option("rsssl_success_message_shown", true);
732
  wp_die();
733
  }
@@ -740,6 +876,12 @@ if (!class_exists('rsssl_multisite')) {
740
  wp_die();
741
  }
742
 
 
 
 
 
 
 
743
  public function dismiss_pro_option_script()
744
  {
745
  $ajax_nonce = wp_create_nonce("rsssl-pro-dismiss-pro-option-notice");
50
 
51
  if (is_network_admin()) {
52
  add_action('network_admin_notices', array($this, 'show_notices'), 10);
53
+
54
  add_action('admin_print_footer_scripts', array($this, 'insert_dismiss_success'));
55
+ add_action('admin_print_footer_scripts', array($this, 'insert_dismiss_wildcard_warning'));
56
  }
57
 
58
  add_action('wp_ajax_dismiss_success_message_multisite', array($this, 'dismiss_success_message_callback'));
59
+ add_action('wp_ajax_dismiss_wildcard_warning', array($this, 'dismiss_wildcard_message_callback'));
60
  add_action('wp_ajax_rsssl_pro_dismiss_pro_option_notice', array($this, 'dismiss_pro_option_notice'));
61
  add_action("network_admin_notices", array($this, 'show_pro_option_notice'));
62
  add_action("rsssl_show_network_tab_settings", array($this, 'settings_tab'));
63
  add_action('wpmu_new_blog', array($this, 'maybe_activate_ssl_in_new_blog'), 10, 6);
64
 
65
+ //add_action('admin_init', array($this, 'run_ssl_process'));
66
+
67
+
68
  }
69
 
70
  static function this()
72
  return self::$_this;
73
  }
74
 
75
+
76
  /*
77
 
78
  When a new site is added, maybe activate SSL as well.
249
 
250
  $this->save_options();
251
 
252
+ if ($this->ssl_enabled_networkwide && !$prev_ssl_enabled_networkwide) {
253
+ //reset
254
+ $this->start_ssl_activation();
255
  //enable SSL on all sites on the network
 
 
 
 
 
 
 
 
 
256
  }
257
 
258
+ if (!$this->ssl_enabled_networkwide && $prev_ssl_enabled_networkwide ) {
259
+ //if we switch to per page, we deactivate SSL on all pages first, but only if the setting was changed.
260
+ $this->start_ssl_deactivation();
261
+
262
+ }
263
 
264
  // At last we redirect back to our options page.
265
  wp_redirect(add_query_arg(array('page' => $this->page_slug, 'updated' => 'true'), network_admin_url('settings.php')));
387
  $this->save_options();
388
 
389
  //enable SSL on all sites on the network
390
+ update_site_option('rsssl_ssl_enabled_progress', 0);
391
+ //$this->activate_ssl_networkwide();
392
 
393
  }
394
 
423
  }
424
 
425
 
426
+ public function ssl_process_active(){
427
+
428
+ if (get_site_option('rsssl_ssl_activation_active')){
429
+ return true;
430
+ }
431
+
432
+ if ( get_site_option('rsssl_ssl_deactivation_active')){
433
+ return true;
434
+ }
435
+
436
+ return false;
437
+ }
438
+
439
+ public function run_ssl_process(){
440
+ // if (!get_site_option('rsssl_run')) return;
441
+
442
+ if (get_site_option('rsssl_ssl_activation_active')){
443
+ $this->activate_ssl_networkwide();
444
+ }
445
+
446
+ if (get_site_option('rsssl_ssl_deactivation_active')){
447
+ $this->deactivate_ssl_networkwide();
448
+ }
449
+
450
+ update_site_option('rsssl_run', false);
451
+ }
452
+
453
+ public function get_process_completed_percentage(){
454
+ $complete_count = get_site_option('rsssl_siteprocessing_progress');
455
+ $percentage = round(($complete_count/get_blog_count())*100,0);
456
+ if ($percentage > 99) $percentage = 99;
457
+ return $percentage;
458
+ }
459
+
460
+ public function start_ssl_activation(){
461
+ update_site_option('rsssl_siteprocessing_progress', 0);
462
+ update_site_option('rsssl_ssl_activation_active', true);
463
+ }
464
+
465
+ public function end_ssl_activation(){
466
+ update_site_option('rsssl_ssl_activation_active', false);
467
+ }
468
+
469
+ public function start_ssl_deactivation(){
470
+ update_site_option('rsssl_siteprocessing_progress', 0);
471
+ update_site_option('rsssl_ssl_deactivation_active', true);
472
+ }
473
+
474
+ public function end_ssl_deactivation(){
475
+ update_site_option('rsssl_ssl_deactivation_active', false);
476
+ }
477
+
478
+ public function deactivate_ssl_networkwide(){
479
+ //run chunked
480
+ $nr_of_sites = 200;
481
+ $current_offset = get_site_option('rsssl_siteprocessing_progress');
482
+
483
+ //set batch of sites
484
+ $sites = $this->get_sites_bw_compatible($current_offset, $nr_of_sites);
485
+
486
+ //if no sites are found, we assume we're done.
487
+ if (count($sites)==0) {
488
+ $this->end_ssl_deactivation();
489
+ } else {
490
+ foreach ($sites as $site) {
491
+ $this->switch_to_blog_bw_compatible($site);
492
+ RSSSL()->really_simple_ssl->deactivate_ssl();
493
+ restore_current_blog(); //switches back to previous blog, not current, so we have to do it each loop
494
+ update_site_option('rsssl_siteprocessing_progress', $current_offset+$nr_of_sites);
495
+ }
496
+ }
497
+
498
+ }
499
+
500
+
501
  public function activate_ssl_networkwide()
502
  {
503
+ //run chunked
504
+ $nr_of_sites = 200;
505
+ $current_offset = get_site_option('rsssl_siteprocessing_progress');
506
 
507
+ //set batch of sites
508
+ $sites = $this->get_sites_bw_compatible($current_offset, $nr_of_sites);
509
 
510
+ //if no sites are found, we assume we're done.
511
+ if (count($sites)==0) {
512
+ $this->end_ssl_activation();
513
+ } else {
514
+ foreach ($sites as $site) {
515
+ $this->switch_to_blog_bw_compatible($site);
516
+ RSSSL()->really_simple_ssl->activate_ssl();
517
+ restore_current_blog(); //switches back to previous blog, not current, so we have to do it each loop
518
+ update_site_option('rsssl_siteprocessing_progress', $current_offset+$nr_of_sites);
519
+ }
520
  }
521
 
522
+
523
  }
524
 
525
 
526
  //change deprecated function depending on version.
527
+ /*
528
+ * Offset is used to chunk the site loops.
529
+ * But offset is not used in the pre 4.6 function.
530
+ *
531
+ *
532
+ * */
533
+ public function get_sites_bw_compatible($offset=0, $nr_of_sites=100)
534
  {
535
  global $wp_version;
536
 
 
537
  $args = array(
538
+ 'number' => $nr_of_sites,
539
+ 'offset' => $offset,
540
  );
541
  $sites = ($wp_version >= 4.6) ? get_sites($args) : wp_get_sites();
542
  return $sites;
559
 
560
  public function deactivate()
561
  {
 
562
  $options = get_site_option("rlrsssl_network_options");
563
  $options["selected_networkwide_or_per_site"] = false;
564
  $options["wp_redirect"] = false;
574
  unset($options["ssl_enabled_networkwide"]);
575
  update_site_option("rlrsssl_network_options", $options);
576
 
577
+ //because the deactivation should be a one click procedure, chunking this would cause dificulties
578
+ $sites = $this->get_sites_bw_compatible(0, get_blog_count());
579
  foreach ($sites as $site) {
580
  $this->switch_to_blog_bw_compatible($site);
581
  RSSSL()->really_simple_ssl->deactivate_ssl();
654
  if (!is_multisite()) return FALSE;
655
  //we check this manually, as the SUBDOMAIN_INSTALL constant of wordpress might return false for domain mapping configs
656
  $is_subfolder = FALSE;
657
+ $sites = $this->get_sites_bw_compatible(0, 10);
658
  foreach ($sites as $site) {
659
  $this->switch_to_blog_bw_compatible($site);
660
  if ($this->is_subfolder(home_url())) {
724
  <?php
725
  }
726
 
727
+ /*
728
+ * ssl switch for sites processing active
729
+ * */
730
+
731
+ if ($this->ssl_process_active()) {
732
+ ?>
733
+ <div id="message" class="error fade notice is-dismissible rlrsssl-fail">
734
+ <p>
735
+ <?php printf(__("Conversion of websites %s percent complete.", "really-simple-ssl"), $this->get_process_completed_percentage()); ?>
736
+
737
+ <?php _e("You have just started enabling or disabling SSL on multiple websites at once, and this process is not completed yet. Please refresh this page to check if the process has finished. It will proceed in the background.", "really-simple-ssl"); ?>
738
+ </p>
739
+ </div>
740
+ <?php
741
+ }
742
+
743
  /*
744
  SSL success message
745
  */
782
 
783
  if (!RSSSL()->really_simple_ssl->ssl_enabled && !$this->is_multisite_subfolder_install() && !RSSSL()->rsssl_certificate->is_wildcard() && !get_site_option("rsssl_wildcard_message_shown")) {
784
  ?>
785
+ <div id="message" class="error fade notice is-dismissible rlrsssl-multisite-wildcard-warning">
786
  <p>
787
  <?php _e("You run a Multisite installation with subdomains, but your site doesn't have a wildcard certificate.", 'really-simple-ssl'); ?>
788
  <?php _e("This leads to issues when activating SSL networkwide since subdomains will be forced over SSL as well while they don't have a valid certificate.", 'really-simple-ssl'); ?>
828
  }
829
  }
830
 
831
+ public function insert_dismiss_wildcard_warning()
832
+ {
833
+ if ($this->selected_networkwide_or_per_site && !get_site_option("rsssl_success_message_shown")) {
834
+ $ajax_nonce = wp_create_nonce("really-simple-ssl-dismiss");
835
+ ?>
836
+ <script type='text/javascript'>
837
+ jQuery(document).ready(function ($) {
838
+ $(".rlrsssl-multisite-wildcard-warning.notice.is-dismissible").on("click", ".notice-dismiss", function (event) {
839
+
840
+ var data = {
841
+ 'action': 'dismiss_wildcard_warning',
842
+ 'security': '<?php echo $ajax_nonce; ?>'
843
+ };
844
+
845
+ $.post(ajaxurl, data, function (response) {
846
+
847
+ });
848
+ });
849
+ });
850
+ </script>
851
+ <?php
852
+ }
853
+ }
854
+
855
+
856
  /**
857
  * Process the ajax dismissal of the success message.
858
  *
864
 
865
  public function dismiss_success_message_callback()
866
  {
 
 
867
  update_site_option("rsssl_success_message_shown", true);
868
  wp_die();
869
  }
876
  wp_die();
877
  }
878
 
879
+ public function dismiss_wildcard_message_callback()
880
+ {
881
+ update_site_option("rsssl_wildcard_message_shown", true);
882
+ wp_die();
883
+ }
884
+
885
  public function dismiss_pro_option_script()
886
  {
887
  $ajax_nonce = wp_create_nonce("rsssl-pro-dismiss-pro-option-notice");
css/main.css CHANGED
@@ -468,4 +468,59 @@ hr {
468
  float: left;
469
  margin-top: 17px;
470
  margin-right: 5px;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
471
  }
468
  float: left;
469
  margin-top: 17px;
470
  margin-right: 5px;
471
+ }
472
+
473
+ /*
474
+ cool checkbox sliders
475
+ */
476
+ .rsssl-switch {
477
+ position: relative;
478
+ display: inline-block;
479
+ width: 40px;
480
+ height: 21px;
481
+ }
482
+ .rsssl-switch input {
483
+ display: none;
484
+ }
485
+ .rsssl-slider {
486
+ position: absolute;
487
+ cursor: pointer;
488
+ top: 0;
489
+ left: 0;
490
+ right: 0;
491
+ bottom: 0;
492
+ background-color: #ccc;
493
+ -webkit-transition: .4s;
494
+ transition: .4s;
495
+ }
496
+ .rsssl-slider:before {
497
+ position: absolute;
498
+ content: "";
499
+ height: 15px;
500
+ width: 15px;
501
+ left: 4px;
502
+ bottom: 3px;
503
+ background-color: white;
504
+ -webkit-transition: .4s;
505
+ transition: .4s;
506
+ }
507
+ .rsssl-slider.rsssl-round {
508
+ border-radius: 20px;
509
+ }
510
+ .rsssl-slider.rsssl-round:before {
511
+ border-radius: 50%;
512
+ }
513
+ input:checked + .rsssl-slider {
514
+ background-color: #2DAAE1;
515
+ }
516
+ input:checked + .rsssl-slider:before {
517
+ -webkit-transform: translateX(17px);
518
+ -ms-transform: translateX(17px);
519
+ transform: translateX(17px);
520
+ }
521
+ input:disabled + .rsssl-slider {
522
+ background-color: #b3e0f4;
523
+ }
524
+ input:focus + .rsssl-slider {
525
+ box-shadow: 0 0 1px #2DAAE1;
526
  }
multisite-cron.php ADDED
@@ -0,0 +1,28 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ defined('ABSPATH') or die("you do not have access to this page!");
4
+
5
+ // add custom time to cron
6
+ add_filter('cron_schedules', 'rsssl_filter_cron_schedules');
7
+ function rsssl_filter_cron_schedules($schedules)
8
+ {
9
+ $schedules['oneminute'] = array(
10
+ 'interval' => 60, // seconds
11
+ 'display' => __('Once every minute')
12
+ );
13
+ return $schedules;
14
+ }
15
+
16
+ add_action('plugins_loaded', 'rsssl_schedule_cron', 15);
17
+ function rsssl_schedule_cron()
18
+ {
19
+ if (get_site_option('rsssl_ssl_activation_active') || get_site_option('rsssl_ssl_deactivation_active')) {
20
+ if (!wp_next_scheduled('rsssl_ssl_process_hook')) {
21
+ wp_schedule_event(time(), 'oneminute', 'rsssl_ssl_process_hook');
22
+ }
23
+ } else {
24
+ wp_clear_scheduled_hook('rsssl_ssl_process_hook');
25
+ }
26
+
27
+ add_action('rsssl_ssl_process_hook', array(RSSSL()->rsssl_multisite, 'run_ssl_process'));
28
+ }
readme.txt CHANGED
@@ -6,7 +6,7 @@ Requires at least: 4.2
6
  License: GPL2
7
  Tested up to: 4.9.5
8
  Requires PHP: 5.4
9
- Stable tag: 3.0.5
10
 
11
  No setup required! You only need an SSL certificate, and this plugin will do the rest.
12
 
@@ -79,6 +79,14 @@ If you are experiencing redirect loops on your site, try these [instructions](ht
79
  Yes. There is a dedicated network settings page where you can switch between network activated SSL and per page SSL. In the dedicated pro for multisite plugin, you can override all site settings for SSL on the network level, and can activate and deactivate SSL in the network menu for each site.
80
 
81
  == Changelog ==
 
 
 
 
 
 
 
 
82
  = 3.0.5 =
83
  * Fix: untranslatable string made translatable.
84
 
6
  License: GPL2
7
  Tested up to: 4.9.5
8
  Requires PHP: 5.4
9
+ Stable tag: 3.1
10
 
11
  No setup required! You only need an SSL certificate, and this plugin will do the rest.
12
 
79
  Yes. There is a dedicated network settings page where you can switch between network activated SSL and per page SSL. In the dedicated pro for multisite plugin, you can override all site settings for SSL on the network level, and can activate and deactivate SSL in the network menu for each site.
80
 
81
  == Changelog ==
82
+ = 3.1 =
83
+ * Fix: fixed a bug in certificate detection
84
+ * Tweak: added HTTP_X_PROTO as supported header
85
+ * Tweak: split HTTP_X_FORWARDED_SSL into a variation which can be either '1' or 'on'
86
+ * Tweak: improved certificate detection by stripping domains of subfolders.
87
+ * Tweak: Multisite bulk SSL activation now chunked in 200 site blocks, to prevent time out issues on large multisite networks.
88
+ * Tweak: a 'leave review' notice for new free users
89
+
90
  = 3.0.5 =
91
  * Fix: untranslatable string made translatable.
92
 
rlrsssl-really-simple-ssl.php CHANGED
@@ -3,7 +3,7 @@
3
  * Plugin Name: Really Simple SSL
4
  * Plugin URI: https://www.really-simple-ssl.com
5
  * Description: Lightweight plugin without any setup to make your site SSL proof
6
- * Version: 3.0.5
7
  * Text Domain: really-simple-ssl
8
  * Domain Path: /languages
9
  * Author: Rogier Lankhorst, Mark Wolters
@@ -27,100 +27,114 @@
27
  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
28
  */
29
 
30
- defined('ABSPATH') or die("you do not have access to this page!");
31
 
32
- class REALLY_SIMPLE_SSL {
 
33
 
34
- private static $instance;
35
- public $rssl_front_end;
36
- public $rssl_mixed_content_fixer;
37
- public $rsssl_multisite;
38
- public $rsssl_cache;
39
- public $rsssl_server;
40
- public $really_simple_ssl;
41
- public $rsssl_help;
42
- public $rsssl_certificate;
43
 
44
- private function __construct() {}
 
 
45
 
46
- public static function instance() {
47
- if ( ! isset( self::$instance ) && ! ( self::$instance instanceof REALLY_SIMPLE_SSL ) ) {
48
- self::$instance = new REALLY_SIMPLE_SSL;
49
- self::$instance->setup_constants();
50
- self::$instance->includes();
 
51
 
52
- self::$instance->rsssl_front_end = new rsssl_front_end();
53
- self::$instance->rsssl_mixed_content_fixer = new rsssl_mixed_content_fixer();
54
 
55
- // Backwards compatibility for add-ons
56
  global $rsssl_front_end, $rsssl_mixed_content_fixer;
57
- $rsssl_front_end = self::$instance->rsssl_front_end;
58
  $rsssl_mixed_content_fixer = self::$instance->rsssl_mixed_content_fixer;
59
 
60
- if ( is_admin() ) {
61
- if ( is_multisite() ) {
62
- self::$instance->rsssl_multisite = new rsssl_multisite();
63
- }
64
-
65
- self::$instance->rsssl_cache = new rsssl_cache();
66
- self::$instance->rsssl_server = new rsssl_server();
67
- self::$instance->really_simple_ssl = new rsssl_admin();
68
- self::$instance->rsssl_help = new rsssl_help();
69
- self::$instance->rsssl_certificate = new rsssl_certificate();
70
-
71
- // Backwards compatibility for add-ons
72
- global $rsssl_cache, $rsssl_server, $really_simple_ssl, $rsssl_help;
73
- $rsssl_cache = self::$instance->rsssl_cache;
74
- $rsssl_server = self::$instance->rsssl_server;
75
- $really_simple_ssl = self::$instance->really_simple_ssl;
76
- $rsssl_help = self::$instance->rsssl_help;
77
- }
78
-
79
- self::$instance->hooks();
80
-
81
- }
82
-
83
- return self::$instance;
84
- }
85
-
86
- private function setup_constants() {
87
- define('rsssl_url', plugin_dir_url(__FILE__ ));
88
- define('rsssl_path', trailingslashit(plugin_dir_path(__FILE__ )));
89
- define('rsssl_plugin', plugin_basename( __FILE__ ) );
90
-
91
- require_once(ABSPATH.'wp-admin/includes/plugin.php');
92
- $plugin_data = get_plugin_data( __FILE__ );
93
- define('rsssl_version', $plugin_data['Version']);
94
- }
95
-
96
- private function includes() {
97
- require_once( rsssl_path . 'class-front-end.php' );
98
-
99
- require_once( rsssl_path . 'class-mixed-content-fixer.php' );
100
-
101
- if ( is_admin() ) {
102
- require_once( rsssl_path . 'class-admin.php' );
103
- require_once( rsssl_path . 'class-cache.php' );
104
- require_once( rsssl_path . 'class-server.php' );
105
- require_once( rsssl_path . 'class-help.php' );
106
- require_once( rsssl_path . 'class-certificate.php' );
107
-
108
- if ( is_multisite() ) {
109
- require_once( rsssl_path . 'class-multisite.php' );
110
- }
111
- }
112
- }
113
-
114
- private function hooks() {
115
- add_action( 'wp_loaded', array( self::$instance->rsssl_front_end, 'force_ssl' ), 20 );
116
-
117
- if ( is_admin() ) {
118
- add_action( 'plugins_loaded', array( self::$instance->really_simple_ssl, 'init' ), 10 );
119
- }
120
- }
121
- }
122
-
123
- function RSSSL() {
124
- return REALLY_SIMPLE_SSL::instance();
 
 
 
 
125
  }
126
- add_action( 'plugins_loaded', 'RSSSL', 8 );
 
 
 
 
 
 
3
  * Plugin Name: Really Simple SSL
4
  * Plugin URI: https://www.really-simple-ssl.com
5
  * Description: Lightweight plugin without any setup to make your site SSL proof
6
+ * Version: 3.1
7
  * Text Domain: really-simple-ssl
8
  * Domain Path: /languages
9
  * Author: Rogier Lankhorst, Mark Wolters
27
  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
28
  */
29
 
30
+ defined('ABSPATH') or die("you do not have access to this page!");
31
 
32
+ class REALLY_SIMPLE_SSL
33
+ {
34
 
35
+ private static $instance;
36
+ public $rssl_front_end;
37
+ public $rssl_mixed_content_fixer;
38
+ public $rsssl_multisite;
39
+ public $rsssl_cache;
40
+ public $rsssl_server;
41
+ public $really_simple_ssl;
42
+ public $rsssl_help;
43
+ public $rsssl_certificate;
44
 
45
+ private function __construct()
46
+ {
47
+ }
48
 
49
+ public static function instance()
50
+ {
51
+ if (!isset(self::$instance) && !(self::$instance instanceof REALLY_SIMPLE_SSL)) {
52
+ self::$instance = new REALLY_SIMPLE_SSL;
53
+ self::$instance->setup_constants();
54
+ self::$instance->includes();
55
 
56
+ self::$instance->rsssl_front_end = new rsssl_front_end();
57
+ self::$instance->rsssl_mixed_content_fixer = new rsssl_mixed_content_fixer();
58
 
59
+ // Backwards compatibility for add-ons
60
  global $rsssl_front_end, $rsssl_mixed_content_fixer;
61
+ $rsssl_front_end = self::$instance->rsssl_front_end;
62
  $rsssl_mixed_content_fixer = self::$instance->rsssl_mixed_content_fixer;
63
 
64
+
65
+ if (is_admin() || get_site_option('rsssl_ssl_activation_active') || get_site_option('rsssl_ssl_deactivation_active')) {
66
+ if (is_multisite()) {
67
+ self::$instance->rsssl_multisite = new rsssl_multisite();
68
+ }
69
+ self::$instance->rsssl_cache = new rsssl_cache();
70
+ self::$instance->rsssl_server = new rsssl_server();
71
+ self::$instance->really_simple_ssl = new rsssl_admin();
72
+ self::$instance->rsssl_help = new rsssl_help();
73
+ self::$instance->rsssl_certificate = new rsssl_certificate();
74
+
75
+ // Backwards compatibility for add-ons
76
+ global $rsssl_cache, $rsssl_server, $really_simple_ssl, $rsssl_help;
77
+ $rsssl_cache = self::$instance->rsssl_cache;
78
+ $rsssl_server = self::$instance->rsssl_server;
79
+ $really_simple_ssl = self::$instance->really_simple_ssl;
80
+ $rsssl_help = self::$instance->rsssl_help;
81
+ }
82
+
83
+ self::$instance->hooks();
84
+
85
+ }
86
+
87
+ return self::$instance;
88
+ }
89
+
90
+ private function setup_constants()
91
+ {
92
+ define('rsssl_url', plugin_dir_url(__FILE__));
93
+ define('rsssl_path', trailingslashit(plugin_dir_path(__FILE__)));
94
+ define('rsssl_plugin', plugin_basename(__FILE__));
95
+
96
+ require_once(ABSPATH . 'wp-admin/includes/plugin.php');
97
+ $plugin_data = get_plugin_data(__FILE__);
98
+ define('rsssl_version', $plugin_data['Version']);
99
+ }
100
+
101
+ private function includes()
102
+ {
103
+ require_once(rsssl_path . 'class-front-end.php');
104
+
105
+ require_once(rsssl_path . 'class-mixed-content-fixer.php');
106
+
107
+
108
+ if (is_admin() || get_site_option('rsssl_ssl_activation_active') || get_site_option('rsssl_ssl_deactivation_active')) {
109
+ if (is_multisite()) {
110
+ require_once(rsssl_path . 'class-multisite.php');
111
+ require_once(rsssl_path . 'multisite-cron.php');
112
+ }
113
+ require_once(rsssl_path . 'class-admin.php');
114
+ require_once(rsssl_path . 'class-cache.php');
115
+ require_once(rsssl_path . 'class-server.php');
116
+ require_once(rsssl_path . 'class-help.php');
117
+ require_once(rsssl_path . 'class-certificate.php');
118
+
119
+
120
+ }
121
+
122
+
123
+ }
124
+
125
+ private function hooks()
126
+ {
127
+ add_action('wp_loaded', array(self::$instance->rsssl_front_end, 'force_ssl'), 20);
128
+
129
+ if (is_admin()) {
130
+ add_action('plugins_loaded', array(self::$instance->really_simple_ssl, 'init'), 10);
131
+ }
132
+ }
133
  }
134
+
135
+ function RSSSL()
136
+ {
137
+ return REALLY_SIMPLE_SSL::instance();
138
+ }
139
+
140
+ add_action('plugins_loaded', 'RSSSL', 8);
ssl-test-page.php CHANGED
@@ -1,60 +1,70 @@
1
  <html>
2
  <head>
3
- <meta charset="UTF-8">
4
- <META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
5
  </head>
6
  <body>
7
  <h1>#SSL TEST PAGE#</h1>
8
  <p>This page is used purely to test for SSL availability.</p>
9
  <?php
10
- $ssl = FALSE;
11
- if (isset($_SERVER['HTTPS']) ) {
12
- if ( strtolower($_SERVER['HTTPS']) == 'on') {
13
-
14
- echo "#SERVER-HTTPS-ON#"." (".htmlentities($_SERVER['HTTPS'], ENT_QUOTES, 'UTF-8').")<br>";
15
- $ssl = TRUE;
16
- }
17
- if ( '1' == $_SERVER['HTTPS'] ) {
18
- echo "#SERVER-HTTPS-1#<br>";
19
- $ssl = TRUE;
20
- }
21
- }
22
-
23
- if (isset($_SERVER['SERVER_PORT']) && ( '443' == $_SERVER['SERVER_PORT'] )) {
24
- echo "#SERVERPORT443#<br>";
25
- $ssl = TRUE;
26
- }
27
-
28
- if (isset($_ENV['HTTPS']) && ( 'on' == $_ENV['HTTPS'] )) {
29
- echo "#ENVHTTPS#<br>";
30
- $ssl = TRUE;
31
- }
32
-
33
- if (!empty($_SERVER['HTTP_CLOUDFRONT_FORWARDED_PROTO']) && ($_SERVER['HTTP_CLOUDFRONT_FORWARDED_PROTO'] == 'https')){
34
  echo "#CLOUDFRONT#<br>";
35
  $ssl = TRUE;
36
- }
37
 
38
- if(!empty($_SERVER['HTTP_CF_VISITOR']) && ($_SERVER['HTTP_CF_VISITOR'] == 'https')){
39
  echo "#CLOUDFLARE#<br>";
40
  $ssl = TRUE;
41
- }
42
 
43
- if(!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')){
44
  echo "#LOADBALANCER#<br>";
45
  $ssl = TRUE;
46
- }
 
 
 
 
 
 
 
 
 
 
47
 
48
- if (!empty($_SERVER['HTTP_X_FORWARDED_SSL']) && ($_SERVER['HTTP_X_FORWARDED_SSL'] == 'on' || $_SERVER['HTTP_X_FORWARDED_SSL'] == 1)){
49
- echo "#CDN#<br>";
50
  $ssl = TRUE;
51
- }
52
 
53
- if ($ssl) {
54
- echo "<br>#SUCCESFULLY DETECTED SSL#";
55
- } else {
56
- echo "<br>#NO KNOWN SSL CONFIGURATION DETECTED#";
57
- }
58
  ?>
59
 
60
  </body>
1
  <html>
2
  <head>
3
+ <meta charset="UTF-8">
4
+ <META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
5
  </head>
6
  <body>
7
  <h1>#SSL TEST PAGE#</h1>
8
  <p>This page is used purely to test for SSL availability.</p>
9
  <?php
10
+ $ssl = FALSE;
11
+ if (isset($_SERVER['HTTPS'])) {
12
+ if (strtolower($_SERVER['HTTPS']) == 'on') {
13
+
14
+ echo "#SERVER-HTTPS-ON#" . " (" . htmlentities($_SERVER['HTTPS'], ENT_QUOTES, 'UTF-8') . ")<br>";
15
+ $ssl = TRUE;
16
+ }
17
+ if ('1' == $_SERVER['HTTPS']) {
18
+ echo "#SERVER-HTTPS-1#<br>";
19
+ $ssl = TRUE;
20
+ }
21
+ }
22
+
23
+ if (isset($_SERVER['SERVER_PORT']) && ('443' == $_SERVER['SERVER_PORT'])) {
24
+ echo "#SERVERPORT443#<br>";
25
+ $ssl = TRUE;
26
+ }
27
+
28
+ if (isset($_ENV['HTTPS']) && ('on' == $_ENV['HTTPS'])) {
29
+ echo "#ENVHTTPS#<br>";
30
+ $ssl = TRUE;
31
+ }
32
+
33
+ if (!empty($_SERVER['HTTP_CLOUDFRONT_FORWARDED_PROTO']) && ($_SERVER['HTTP_CLOUDFRONT_FORWARDED_PROTO'] == 'https')) {
34
  echo "#CLOUDFRONT#<br>";
35
  $ssl = TRUE;
36
+ }
37
 
38
+ if (!empty($_SERVER['HTTP_CF_VISITOR']) && ($_SERVER['HTTP_CF_VISITOR'] == 'https')) {
39
  echo "#CLOUDFLARE#<br>";
40
  $ssl = TRUE;
41
+ }
42
 
43
+ if (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')) {
44
  echo "#LOADBALANCER#<br>";
45
  $ssl = TRUE;
46
+ }
47
+
48
+ if (!empty($_SERVER['HTTP_X_PROTO']) && ($_SERVER['HTTP_X_PROTO'] == 'SSL')) {
49
+ echo "#HTTP_X_PROTO#<br>";
50
+ $ssl = TRUE;
51
+ }
52
+
53
+ if (!empty($_SERVER['HTTP_X_FORWARDED_SSL']) && ($_SERVER['HTTP_X_FORWARDED_SSL'] == 'on')) {
54
+ echo "#HTTP_X_FORWARDED_SSL_ON#<br>";
55
+ $ssl = TRUE;
56
+ }
57
 
58
+ if (!empty($_SERVER['HTTP_X_FORWARDED_SSL']) && ($_SERVER['HTTP_X_FORWARDED_SSL'] == '1')) {
59
+ echo "#HTTP_X_FORWARDED_SSL_1#<br>";
60
  $ssl = TRUE;
61
+ }
62
 
63
+ if ($ssl) {
64
+ echo "<br>#SUCCESFULLY DETECTED SSL#";
65
+ } else {
66
+ echo "<br>#NO KNOWN SSL CONFIGURATION DETECTED#";
67
+ }
68
  ?>
69
 
70
  </body>
testssl/serverhttpxforwardedssl1/.htaccess ADDED
@@ -0,0 +1,5 @@
 
 
 
 
 
1
+ <IfModule mod_rewrite.c>
2
+ RewriteEngine on
3
+ RewriteCond %{HTTP:X-Forwarded-SSL} !=1
4
+ RewriteRule ^(.*) https://%{HTTP_HOST}%{REQUEST_URI} [L]
5
+ </IfModule>
testssl/serverhttpxforwardedssl1/ssl-test-page.html ADDED
@@ -0,0 +1,9 @@
 
 
 
 
 
 
 
 
 
1
+ <html>
2
+ <head>
3
+ <META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
4
+ </head>
5
+ <body>
6
+ This page is for testing SSL functionality.
7
+ #SSL TEST PAGE#
8
+ </body>
9
+ </html>
testssl/serverhttpxforwardedsslon/.htaccess ADDED
@@ -0,0 +1,5 @@
 
 
 
 
 
1
+ <IfModule mod_rewrite.c>
2
+ RewriteEngine on
3
+ RewriteCond %{HTTP:X-Forwarded-SSL} !on
4
+ RewriteRule ^(.*) https://%{HTTP_HOST}%{REQUEST_URI} [L]
5
+ </IfModule>
testssl/serverhttpxforwardedsslon/ssl-test-page.html ADDED
@@ -0,0 +1,9 @@
 
 
 
 
 
 
 
 
 
1
+ <html>
2
+ <head>
3
+ <META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
4
+ </head>
5
+ <body>
6
+ This page is for testing SSL functionality.
7
+ #SSL TEST PAGE#
8
+ </body>
9
+ </html>
testssl/serverhttpxproto/.htaccess ADDED
@@ -0,0 +1,5 @@
 
 
 
 
 
1
+ <IfModule mod_rewrite.c>
2
+ RewriteEngine on
3
+ RewriteCond %{HTTP:X-Proto} !SSL
4
+ RewriteRule ^(.*) https://%{HTTP_HOST}%{REQUEST_URI} [L]
5
+ </IfModule>
testssl/serverhttpxproto/ssl-test-page.html ADDED
@@ -0,0 +1,9 @@
 
 
 
 
 
 
 
 
 
1
+ <html>
2
+ <head>
3
+ <META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
4
+ </head>
5
+ <body>
6
+ This page is for testing SSL functionality.
7
+ #SSL TEST PAGE#
8
+ </body>
9
+ </html>