Version Description
- Tweak: added cool checkboxes
- Tweak: .well-known/acme-challenge/ is excluded from .htaccess https:// redirect
- Tweak: implemented transients for functions that use curl/wp_remote_get()
- Tweak: improved mixed content fixer detection notifications
- Tweak: removed review notice for multisite
Download this release
Release Info
Developer | RogierLankhorst |
Plugin | Really Simple SSL |
Version | 3.1.2 |
Comparing to | |
See all releases |
Code changes from version 3.1.1 to 3.1.2
- class-admin.php +255 -113
- class-certificate.php +18 -13
- class-front-end.php +1 -0
- readme.txt +9 -2
- rlrsssl-really-simple-ssl.php +1 -1
class-admin.php
CHANGED
@@ -187,7 +187,7 @@ class rsssl_admin extends rsssl_front_end
|
|
187 |
//handle notices
|
188 |
add_action('admin_notices', array($this, 'show_notices'));
|
189 |
//show review notice, only to free users
|
190 |
-
if (!defined("rsssl_pro_version") && (!defined("rsssl_pp_version")) && (!defined("rsssl_soc_version")) && (!class_exists('RSSSL_PRO'))) {
|
191 |
add_action('admin_notices', array($this, 'show_leave_review_notice'));
|
192 |
}
|
193 |
add_action("update_option_rlrsssl_options", array($this, "update_htaccess_after_settings_save"), 20, 3);
|
@@ -399,7 +399,7 @@ class rsssl_admin extends rsssl_front_end
|
|
399 |
$link_open = '<p><a class="button" target="_blank" href="' . $reload_https_url . '">';
|
400 |
$link_close = '</a></p>';
|
401 |
|
402 |
-
printf(__("Really Simple SSL failed to detect a valid SSL certificate. If you do have an SSL certificate, try to reload this page over https by clicking this button: %sReload over https%s ", "really-simple-ssl"), $link_open, $link_close);
|
403 |
|
404 |
$ssl_test_url = "https://www.ssllabs.com/ssltest/";
|
405 |
$link_open = '<a target="_blank" href="' . $ssl_test_url . '">';
|
@@ -1295,66 +1295,88 @@ class rsssl_admin extends rsssl_front_end
|
|
1295 |
public function test_htaccess_redirect()
|
1296 |
{
|
1297 |
if (!current_user_can($this->capability)) return;
|
1298 |
-
|
1299 |
-
|
1300 |
-
|
1301 |
-
|
1302 |
-
|
1303 |
-
|
1304 |
-
|
1305 |
-
|
1306 |
-
|
1307 |
-
|
1308 |
-
|
1309 |
-
|
1310 |
-
|
1311 |
-
|
1312 |
-
|
1313 |
-
|
1314 |
-
|
1315 |
-
|
1316 |
-
|
1317 |
-
|
1318 |
-
|
1319 |
-
|
1320 |
-
|
1321 |
-
|
1322 |
-
|
1323 |
-
|
1324 |
-
|
1325 |
-
|
1326 |
-
|
1327 |
-
|
1328 |
-
|
1329 |
-
|
1330 |
-
|
1331 |
-
|
1332 |
-
|
1333 |
-
|
1334 |
-
|
1335 |
-
|
1336 |
-
|
1337 |
-
|
1338 |
-
|
1339 |
-
|
1340 |
-
|
1341 |
-
$
|
1342 |
-
|
1343 |
-
|
1344 |
-
|
1345 |
-
|
1346 |
-
|
1347 |
-
|
1348 |
-
|
1349 |
-
|
1350 |
-
|
1351 |
-
$
|
1352 |
-
|
1353 |
-
$this->trace_log("htaccess rules
|
1354 |
} else {
|
1355 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
1356 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1357 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1358 |
}
|
1359 |
|
1360 |
|
@@ -1677,23 +1699,43 @@ class rsssl_admin extends rsssl_front_end
|
|
1677 |
|
1678 |
public function mixed_content_fixer_detected()
|
1679 |
{
|
1680 |
-
|
1681 |
$status = 0;
|
1682 |
-
$web_source = "";
|
1683 |
-
//check if the mixed content fixer is active
|
1684 |
-
$response = wp_remote_get(home_url());
|
1685 |
|
1686 |
-
|
1687 |
-
|
1688 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1689 |
}
|
1690 |
|
1691 |
-
if ($
|
1692 |
-
$this->trace_log("
|
1693 |
-
|
1694 |
-
}
|
|
|
|
|
|
|
|
|
|
|
1695 |
$this->trace_log("Mixed content fixer was successfully detected on the front end.");
|
1696 |
-
|
1697 |
}
|
1698 |
}
|
1699 |
|
@@ -1737,11 +1779,11 @@ class rsssl_admin extends rsssl_front_end
|
|
1737 |
$rule .= "RewriteCond %{HTTP:X-Forwarded-SSL} !on" . "\n";
|
1738 |
} elseif ($this->ssl_type == "HTTP_X_FORWARDED_SSL_1") {
|
1739 |
$rule .= "RewriteCond %{HTTP:X-Forwarded-SSL} !=1" . "\n";
|
1740 |
-
} elseif ($
|
1741 |
$rule .= "RewriteCond %{ENV:HTTPS} !=on" . "\n";
|
1742 |
}
|
1743 |
|
1744 |
-
//if multisite, and NOT subfolder install (checked for in the
|
1745 |
//, add a condition so it only applies to sites where plugin is activated
|
1746 |
if (is_multisite() && !RSSSL()->rsssl_multisite->ssl_enabled_networkwide) {
|
1747 |
$this->trace_log("multisite, per site activation");
|
@@ -1777,9 +1819,14 @@ class rsssl_admin extends rsssl_front_end
|
|
1777 |
$rule .= "RewriteCond %{REQUEST_URI} !wp-content\/cache\/(all|wpfc-mobile-cache)" . "\n";
|
1778 |
}
|
1779 |
|
|
|
|
|
|
|
|
|
|
|
1780 |
$rule .= "RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]" . "\n";
|
1781 |
|
1782 |
-
|
1783 |
}
|
1784 |
|
1785 |
if (strlen($rule) > 0) {
|
@@ -1846,6 +1893,46 @@ class rsssl_admin extends rsssl_front_end
|
|
1846 |
<?php
|
1847 |
}
|
1848 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1849 |
public function show_leave_review_notice()
|
1850 |
{
|
1851 |
if (!$this->review_notice_shown && get_option('rsssl_activation_timestamp') && get_option('rsssl_activation_timestamp') < strtotime("-1 month")) {
|
@@ -1876,11 +1963,12 @@ class rsssl_admin extends rsssl_front_end
|
|
1876 |
|
1877 |
public function show_notices()
|
1878 |
{
|
1879 |
-
|
1880 |
show a notice when the .htaccess file does not contain redirect rules
|
1881 |
-
|
1882 |
|
1883 |
if (!$this->wp_redirect && $this->ssl_enabled && !$this->htaccess_warning_shown && !$this->htaccess_contains_redirect_rules()) {
|
|
|
1884 |
add_action('admin_print_footer_scripts', array($this, 'insert_dismiss_htaccess'));
|
1885 |
?>
|
1886 |
<div id="message" class="error fade notice is-dismissible rlrsssl-htaccess">
|
@@ -2233,15 +2321,21 @@ class rsssl_admin extends rsssl_front_end
|
|
2233 |
|
2234 |
/* check if the mixed content fixer is working */
|
2235 |
if ($this->ssl_enabled && $this->autoreplace_insecure_links && $this->site_has_ssl) {
|
2236 |
-
$
|
|
|
2237 |
?>
|
2238 |
<tr>
|
2239 |
-
<td><?php echo $mixed_content_fixer_detected ? $this->img("success") : $this->img("error"); ?></td>
|
2240 |
<td><?php
|
2241 |
-
if ($mixed_content_fixer_detected) {
|
2242 |
-
|
2243 |
-
}
|
2244 |
-
|
|
|
|
|
|
|
|
|
|
|
2245 |
echo ' <a target="_blank" href="https://www.really-simple-ssl.com/knowledge-base/how-to-check-if-the-mixed-content-fixer-is-active/">';
|
2246 |
_e('Instructions', 'really-simple-ssl');
|
2247 |
echo '</a>';
|
@@ -2421,7 +2515,7 @@ class rsssl_admin extends rsssl_front_end
|
|
2421 |
$this->get_banner_html(array(
|
2422 |
'img' => 'complianz.jpg',
|
2423 |
'title' => 'ComplianZ',
|
2424 |
-
'description' => __("The Complianz
|
2425 |
'url' => 'https://wordpress.org/plugins/complianz-gdpr/',
|
2426 |
'pro' => true,
|
2427 |
)
|
@@ -2503,7 +2597,7 @@ class rsssl_admin extends rsssl_front_end
|
|
2503 |
*
|
2504 |
* @param string $type the type of image
|
2505 |
*
|
2506 |
-
* @return
|
2507 |
*/
|
2508 |
|
2509 |
public function img($type)
|
@@ -2652,7 +2746,7 @@ class rsssl_admin extends rsssl_front_end
|
|
2652 |
{
|
2653 |
register_setting('rlrsssl_options', 'rlrsssl_options', array($this, 'options_validate'));
|
2654 |
add_settings_section('rlrsssl_settings', __("Settings", "really-simple-ssl"), array($this, 'section_text'), 'rlrsssl');
|
2655 |
-
add_settings_field('id_autoreplace_insecure_links', __("
|
2656 |
|
2657 |
//only show option to enable or disable mixed content and redirect when SSL is detected
|
2658 |
if ($this->ssl_enabled) {
|
@@ -2779,8 +2873,14 @@ class rsssl_admin extends rsssl_front_end
|
|
2779 |
|
2780 |
public function get_option_debug()
|
2781 |
{
|
2782 |
-
|
2783 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
2784 |
RSSSL()->rsssl_help->get_help_tip(__("Enable this option to get debug info in the debug tab.", "really-simple-ssl"));
|
2785 |
|
2786 |
}
|
@@ -2804,7 +2904,14 @@ class rsssl_admin extends rsssl_front_end
|
|
2804 |
$javascript_redirect = TRUE;
|
2805 |
$comment = __("This option is enabled on the network menu.", "really-simple-ssl");
|
2806 |
}
|
2807 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2808 |
RSSSL()->rsssl_help->get_help_tip(__("This is a fallback you should only use if other redirection methods do not work.", "really-simple-ssl"));
|
2809 |
echo $comment;
|
2810 |
|
@@ -2830,7 +2937,13 @@ class rsssl_admin extends rsssl_front_end
|
|
2830 |
$comment = __("This option is enabled on the network menu.", "really-simple-ssl");
|
2831 |
}
|
2832 |
|
2833 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
2834 |
RSSSL()->rsssl_help->get_help_tip(__("Enable this if you want to use the internal WordPress 301 redirect. Needed on NGINX servers, or if the .htaccess redirect cannot be used.", "really-simple-ssl"));
|
2835 |
echo $comment;
|
2836 |
|
@@ -2865,7 +2978,13 @@ class rsssl_admin extends rsssl_front_end
|
|
2865 |
$disabled = ($this->do_not_edit_htaccess) ? "disabled" : "";
|
2866 |
}
|
2867 |
|
2868 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
2869 |
RSSSL()->rsssl_help->get_help_tip(__("A .htaccess redirect is faster. Really Simple SSL detects the redirect code that is most likely to work (99% of websites), but this is not 100%. Make sure you know how to regain access to your site if anything goes wrong!", "really-simple-ssl"));
|
2870 |
echo $comment;
|
2871 |
|
@@ -2920,9 +3039,13 @@ class rsssl_admin extends rsssl_front_end
|
|
2920 |
|
2921 |
public function get_option_do_not_edit_htaccess()
|
2922 |
{
|
2923 |
-
|
2924 |
-
|
2925 |
-
|
|
|
|
|
|
|
|
|
2926 |
RSSSL()->rsssl_help->get_help_tip(__("If you want to customize the Really Simple SSL .htaccess, you need to prevent Really Simple SSL from rewriting it. Enabling this option will do that.", "really-simple-ssl"));
|
2927 |
if (!$this->do_not_edit_htaccess && !is_writable($this->ABSpath . ".htaccess")) _e(".htaccess is currently not writable.", "really-simple-ssl");
|
2928 |
}
|
@@ -2938,8 +3061,14 @@ class rsssl_admin extends rsssl_front_end
|
|
2938 |
|
2939 |
public function get_option_switch_mixed_content_fixer_hook()
|
2940 |
{
|
2941 |
-
|
2942 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
2943 |
RSSSL()->rsssl_help->get_help_tip(__("If this option is set to true, the mixed content fixer will fire on the init hook instead of the template_redirect hook. Only use this option when you experience problems with the mixed content fixer.", "really-simple-ssl"));
|
2944 |
}
|
2945 |
|
@@ -3005,7 +3134,14 @@ class rsssl_admin extends rsssl_front_end
|
|
3005 |
$autoreplace_mixed_content = TRUE;
|
3006 |
$comment = __("This option is enabled on the network menu.", "really-simple-ssl");
|
3007 |
}
|
3008 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3009 |
RSSSL()->rsssl_help->get_help_tip(__("In most cases you need to leave this enabled, to prevent mixed content issues on your site.", "really-simple-ssl"));
|
3010 |
echo $comment;
|
3011 |
}
|
@@ -3142,31 +3278,37 @@ class rsssl_admin extends rsssl_front_end
|
|
3142 |
|
3143 |
protected function get_test_page_contents()
|
3144 |
{
|
3145 |
-
$filecontents = "";
|
3146 |
|
3147 |
-
$
|
3148 |
-
|
|
|
3149 |
|
3150 |
-
|
|
|
3151 |
|
3152 |
-
|
3153 |
-
$status = wp_remote_retrieve_response_code($response);
|
3154 |
-
$filecontents = wp_remote_retrieve_body($response);
|
3155 |
-
}
|
3156 |
|
3157 |
-
|
|
|
|
|
|
|
3158 |
|
3159 |
-
|
3160 |
|
3161 |
-
$
|
3162 |
-
} else {
|
3163 |
-
|
3164 |
-
$error = "";
|
3165 |
-
if (is_wp_error($response)) $error = $response->get_error_message();
|
3166 |
-
$this->trace_log("Could not open testpage " . $error);
|
3167 |
-
}
|
3168 |
|
|
|
|
|
3169 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3170 |
return $filecontents;
|
3171 |
}
|
3172 |
|
187 |
//handle notices
|
188 |
add_action('admin_notices', array($this, 'show_notices'));
|
189 |
//show review notice, only to free users
|
190 |
+
if (!defined("rsssl_pro_version") && (!defined("rsssl_pp_version")) && (!defined("rsssl_soc_version")) && (!class_exists('RSSSL_PRO')) && (!is_multisite())) {
|
191 |
add_action('admin_notices', array($this, 'show_leave_review_notice'));
|
192 |
}
|
193 |
add_action("update_option_rlrsssl_options", array($this, "update_htaccess_after_settings_save"), 20, 3);
|
399 |
$link_open = '<p><a class="button" target="_blank" href="' . $reload_https_url . '">';
|
400 |
$link_close = '</a></p>';
|
401 |
|
402 |
+
printf(__("Really Simple SSL failed to detect a valid SSL certificate. If you do have an SSL certificate, try to reload this page over https by clicking this button: %sReload over https%s. The built-in certificate check will run once daily, to force a new certificate check visit the SSL settings page. ", "really-simple-ssl"), $link_open, $link_close);
|
403 |
|
404 |
$ssl_test_url = "https://www.ssllabs.com/ssltest/";
|
405 |
$link_open = '<a target="_blank" href="' . $ssl_test_url . '">';
|
1295 |
public function test_htaccess_redirect()
|
1296 |
{
|
1297 |
if (!current_user_can($this->capability)) return;
|
1298 |
+
|
1299 |
+
$this->htaccess_test_success = get_transient('rsssl_htaccess_test_success');
|
1300 |
+
if (!$this->htaccess_test_success) {
|
1301 |
+
|
1302 |
+
if ($this->debug) {
|
1303 |
+
$this->trace_log("testing htaccess rules...");
|
1304 |
+
}
|
1305 |
+
|
1306 |
+
$filecontents = "";
|
1307 |
+
$testpage_url = trailingslashit($this->test_url()) . "testssl/";
|
1308 |
+
switch ($this->ssl_type) {
|
1309 |
+
case "CLOUDFRONT":
|
1310 |
+
$testpage_url .= "cloudfront";
|
1311 |
+
break;
|
1312 |
+
case "CLOUDFLARE":
|
1313 |
+
$testpage_url .= "cloudflare";
|
1314 |
+
break;
|
1315 |
+
case "LOADBALANCER":
|
1316 |
+
$testpage_url .= "loadbalancer";
|
1317 |
+
break;
|
1318 |
+
case "HTTP_X_PROTO":
|
1319 |
+
$testpage_url .= "serverhttpxproto";
|
1320 |
+
break;
|
1321 |
+
case "HTTP_X_FORWARDED_SSL_ON":
|
1322 |
+
$testpage_url .= "serverhttpxforwardedsslon";
|
1323 |
+
break;
|
1324 |
+
case "HTTP_X_FORWARDED_SSL_1":
|
1325 |
+
$testpage_url .= "serverhttpxforwardedssl1";
|
1326 |
+
break;
|
1327 |
+
case "SERVER-HTTPS-ON":
|
1328 |
+
$testpage_url .= "serverhttpson";
|
1329 |
+
break;
|
1330 |
+
case "SERVER-HTTPS-1":
|
1331 |
+
$testpage_url .= "serverhttps1";
|
1332 |
+
break;
|
1333 |
+
case "SERVERPORT443":
|
1334 |
+
$testpage_url .= "serverport443";
|
1335 |
+
break;
|
1336 |
+
case "ENVHTTPS":
|
1337 |
+
$testpage_url .= "envhttps";
|
1338 |
+
break;
|
1339 |
+
}
|
1340 |
+
|
1341 |
+
$testpage_url .= ("/ssl-test-page.html");
|
1342 |
+
|
1343 |
+
$response = wp_remote_get($testpage_url);
|
1344 |
+
if (is_array($response)) {
|
1345 |
+
$status = wp_remote_retrieve_response_code($response);
|
1346 |
+
$filecontents = wp_remote_retrieve_body($response);
|
1347 |
+
}
|
1348 |
+
|
1349 |
+
$this->trace_log("test page url, enter in browser to check manually: " . $testpage_url);
|
1350 |
+
|
1351 |
+
if (!is_wp_error($response) && (strpos($filecontents, "#SSL TEST PAGE#") !== false)) {
|
1352 |
+
$htaccess_test_success = 'success';
|
1353 |
+
$this->trace_log("htaccess rules tested successfully.");
|
1354 |
} else {
|
1355 |
+
//.htaccess rewrite rule seems to be giving problems.
|
1356 |
+
$htaccess_test_success = 'error';
|
1357 |
+
if (is_wp_error($response)) {
|
1358 |
+
$this->trace_log("htaccess rules test failed with error: " . $response->get_error_message());
|
1359 |
+
} else {
|
1360 |
+
$this->trace_log("htaccess test rules failed. Set WordPress redirect in settings/SSL");
|
1361 |
+
}
|
1362 |
}
|
1363 |
+
if (empty($filecontents)) {
|
1364 |
+
$htaccess_test_success = 'no-response';
|
1365 |
+
}
|
1366 |
+
set_transient('rsssl_htaccess_test_success', $this->htaccess_test_success, 600);
|
1367 |
+
}
|
1368 |
+
|
1369 |
+
|
1370 |
+
if ($htaccess_test_success == 'no-response'){
|
1371 |
+
$this->htaccess_test_success = FALSE;
|
1372 |
}
|
1373 |
+
if ($htaccess_test_success == 'success'){
|
1374 |
+
$this->htaccess_test_success = true;
|
1375 |
+
}
|
1376 |
+
if ($htaccess_test_success == 'error'){
|
1377 |
+
$this->htaccess_test_success = FALSE;
|
1378 |
+
}
|
1379 |
+
|
1380 |
}
|
1381 |
|
1382 |
|
1699 |
|
1700 |
public function mixed_content_fixer_detected()
|
1701 |
{
|
|
|
1702 |
$status = 0;
|
|
|
|
|
|
|
1703 |
|
1704 |
+
$mixed_content_fixer_detected = get_transient('rsssl_mixed_content_fixer_detected');
|
1705 |
+
|
1706 |
+
if (!$mixed_content_fixer_detected) {
|
1707 |
+
|
1708 |
+
$web_source = "";
|
1709 |
+
//check if the mixed content fixer is active
|
1710 |
+
$response = wp_remote_get(home_url());
|
1711 |
+
|
1712 |
+
if (is_array($response)) {
|
1713 |
+
$status = wp_remote_retrieve_response_code($response);
|
1714 |
+
$web_source = wp_remote_retrieve_body($response);
|
1715 |
+
}
|
1716 |
+
|
1717 |
+
if ($status != 200) {
|
1718 |
+
$mixed_content_fixer_detected = 'no-response';
|
1719 |
+
} elseif (strpos($web_source, "data-rsssl=") === false) {
|
1720 |
+
$mixed_content_fixer_detected = 'error';
|
1721 |
+
} else {
|
1722 |
+
$mixed_content_fixer_detected = 'success';
|
1723 |
+
}
|
1724 |
+
|
1725 |
+
set_transient('rsssl_mixed_content_fixer_detected', $mixed_content_fixer_detected, 600);
|
1726 |
}
|
1727 |
|
1728 |
+
if ($mixed_content_fixer_detected === 'no-response'){
|
1729 |
+
$this->trace_log("Could not connect to website");
|
1730 |
+
$this->mixed_content_fixer_detected = FALSE;
|
1731 |
+
}
|
1732 |
+
if ($mixed_content_fixer_detected === 'error'){
|
1733 |
+
$this->trace_log("Mixed content fixer marker not found in the websource");
|
1734 |
+
$this->mixed_content_fixer_detected = FALSE;
|
1735 |
+
}
|
1736 |
+
if ($mixed_content_fixer_detected === 'success'){
|
1737 |
$this->trace_log("Mixed content fixer was successfully detected on the front end.");
|
1738 |
+
$this->mixed_content_fixer_detected = true;
|
1739 |
}
|
1740 |
}
|
1741 |
|
1779 |
$rule .= "RewriteCond %{HTTP:X-Forwarded-SSL} !on" . "\n";
|
1780 |
} elseif ($this->ssl_type == "HTTP_X_FORWARDED_SSL_1") {
|
1781 |
$rule .= "RewriteCond %{HTTP:X-Forwarded-SSL} !=1" . "\n";
|
1782 |
+
} elseif ($this->ssl_type == "ENVHTTPS") {
|
1783 |
$rule .= "RewriteCond %{ENV:HTTPS} !=on" . "\n";
|
1784 |
}
|
1785 |
|
1786 |
+
//if multisite, and NOT subfolder install (checked for in the detect_config function)
|
1787 |
//, add a condition so it only applies to sites where plugin is activated
|
1788 |
if (is_multisite() && !RSSSL()->rsssl_multisite->ssl_enabled_networkwide) {
|
1789 |
$this->trace_log("multisite, per site activation");
|
1819 |
$rule .= "RewriteCond %{REQUEST_URI} !wp-content\/cache\/(all|wpfc-mobile-cache)" . "\n";
|
1820 |
}
|
1821 |
|
1822 |
+
//Exclude .well-known/acme-challenge for Let's Encrypt validation
|
1823 |
+
if ($this->has_acme_challenge_directory() && !$this->has_well_known_needle()) {
|
1824 |
+
$rule .= "RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/" . "\n";
|
1825 |
+
}
|
1826 |
+
|
1827 |
$rule .= "RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]" . "\n";
|
1828 |
|
1829 |
+
$rule .= "</IfModule>" . "\n";
|
1830 |
}
|
1831 |
|
1832 |
if (strlen($rule) > 0) {
|
1893 |
<?php
|
1894 |
}
|
1895 |
|
1896 |
+
|
1897 |
+
/**
|
1898 |
+
*
|
1899 |
+
* @return bool
|
1900 |
+
* since 3.1
|
1901 |
+
* Check if .well-known/acme-challenge directory exists
|
1902 |
+
*
|
1903 |
+
*/
|
1904 |
+
|
1905 |
+
public function has_acme_challenge_directory()
|
1906 |
+
{
|
1907 |
+
if (file_exists("$this->ABSpath.well-known/acme-challenge")) {
|
1908 |
+
return true;
|
1909 |
+
}
|
1910 |
+
|
1911 |
+
return false;
|
1912 |
+
}
|
1913 |
+
|
1914 |
+
/**
|
1915 |
+
*
|
1916 |
+
* @return bool
|
1917 |
+
* since 3.1
|
1918 |
+
* Check if there are already .well-known rules in .htaccess file
|
1919 |
+
*
|
1920 |
+
*/
|
1921 |
+
|
1922 |
+
public function has_well_known_needle()
|
1923 |
+
{
|
1924 |
+
$htaccess = file_get_contents($this->ABSpath . ".htaccess");
|
1925 |
+
|
1926 |
+
$well_known_needle = ".well-known";
|
1927 |
+
|
1928 |
+
if (strpos($htaccess, $well_known_needle) !== false) {
|
1929 |
+
return true;
|
1930 |
+
}
|
1931 |
+
|
1932 |
+
return false;
|
1933 |
+
|
1934 |
+
}
|
1935 |
+
|
1936 |
public function show_leave_review_notice()
|
1937 |
{
|
1938 |
if (!$this->review_notice_shown && get_option('rsssl_activation_timestamp') && get_option('rsssl_activation_timestamp') < strtotime("-1 month")) {
|
1963 |
|
1964 |
public function show_notices()
|
1965 |
{
|
1966 |
+
/*
|
1967 |
show a notice when the .htaccess file does not contain redirect rules
|
1968 |
+
*/
|
1969 |
|
1970 |
if (!$this->wp_redirect && $this->ssl_enabled && !$this->htaccess_warning_shown && !$this->htaccess_contains_redirect_rules()) {
|
1971 |
+
|
1972 |
add_action('admin_print_footer_scripts', array($this, 'insert_dismiss_htaccess'));
|
1973 |
?>
|
1974 |
<div id="message" class="error fade notice is-dismissible rlrsssl-htaccess">
|
2321 |
|
2322 |
/* check if the mixed content fixer is working */
|
2323 |
if ($this->ssl_enabled && $this->autoreplace_insecure_links && $this->site_has_ssl) {
|
2324 |
+
$this->mixed_content_fixer_detected();
|
2325 |
+
$mixed_content_fixer_detected = get_transient('rsssl_mixed_content_fixer_detected');
|
2326 |
?>
|
2327 |
<tr>
|
2328 |
+
<td><?php echo $mixed_content_fixer_detected==="success" ? $this->img("success") : $this->img("error"); ?></td>
|
2329 |
<td><?php
|
2330 |
+
if ($mixed_content_fixer_detected === 'success') {
|
2331 |
+
echo __("Mixed content fixer was successfully detected on the front-end", "really-simple-ssl") . " ";
|
2332 |
+
} elseif ($mixed_content_fixer_detected === 'no-response') {
|
2333 |
+
$link_open = '<a target="_blank" href="https://really-simple-ssl.com/knowledge-base/how-to-fix-no-response-from-webpage-warning/">';
|
2334 |
+
$link_close = '</a>';
|
2335 |
+
echo sprintf(__("Really Simple SSL has received no response from the webpage. See our knowledge base for %sinstructions on how to fix this warning%s.", 'really-simple-ssl'), $link_open, $link_close);
|
2336 |
+
}
|
2337 |
+
else {
|
2338 |
+
echo __('The mixed content fixer is active, but was not detected on the frontpage. Please follow these steps to check if the mixed content fixer is working.', "really-simple-ssl") . ": ";
|
2339 |
echo ' <a target="_blank" href="https://www.really-simple-ssl.com/knowledge-base/how-to-check-if-the-mixed-content-fixer-is-active/">';
|
2340 |
_e('Instructions', 'really-simple-ssl');
|
2341 |
echo '</a>';
|
2515 |
$this->get_banner_html(array(
|
2516 |
'img' => 'complianz.jpg',
|
2517 |
'title' => 'ComplianZ',
|
2518 |
+
'description' => __("The Complianz Privacy Suite (GDPR/CaCPA) for WordPress. Simple, Quick and Complete. Up-to-date customized legal documents by a prominent IT Law firm.", "really-simple-ssl"),
|
2519 |
'url' => 'https://wordpress.org/plugins/complianz-gdpr/',
|
2520 |
'pro' => true,
|
2521 |
)
|
2597 |
*
|
2598 |
* @param string $type the type of image
|
2599 |
*
|
2600 |
+
* @return string
|
2601 |
*/
|
2602 |
|
2603 |
public function img($type)
|
2746 |
{
|
2747 |
register_setting('rlrsssl_options', 'rlrsssl_options', array($this, 'options_validate'));
|
2748 |
add_settings_section('rlrsssl_settings', __("Settings", "really-simple-ssl"), array($this, 'section_text'), 'rlrsssl');
|
2749 |
+
add_settings_field('id_autoreplace_insecure_links', __("Mixed content fixer", "really-simple-ssl"), array($this, 'get_option_autoreplace_insecure_links'), 'rlrsssl', 'rlrsssl_settings');
|
2750 |
|
2751 |
//only show option to enable or disable mixed content and redirect when SSL is detected
|
2752 |
if ($this->ssl_enabled) {
|
2873 |
|
2874 |
public function get_option_debug()
|
2875 |
{
|
2876 |
+
|
2877 |
+
?>
|
2878 |
+
<label class="rsssl-switch">
|
2879 |
+
<input id="rlrsssl_options" name="rlrsssl_options[debug]" size="40" value="1"
|
2880 |
+
type="checkbox" <?php checked(1, $this->debug, true) ?> />
|
2881 |
+
<span class="rsssl-slider rsssl-round"></span>
|
2882 |
+
</label>
|
2883 |
+
<?php
|
2884 |
RSSSL()->rsssl_help->get_help_tip(__("Enable this option to get debug info in the debug tab.", "really-simple-ssl"));
|
2885 |
|
2886 |
}
|
2904 |
$javascript_redirect = TRUE;
|
2905 |
$comment = __("This option is enabled on the network menu.", "really-simple-ssl");
|
2906 |
}
|
2907 |
+
|
2908 |
+
?>
|
2909 |
+
<label class="rsssl-switch">
|
2910 |
+
<input id="rlrsssl_options" name="rlrsssl_options[javascript_redirect]" size="40" value="1"
|
2911 |
+
type="checkbox" <?php checked(1, $javascript_redirect, true) ?> />
|
2912 |
+
<span class="rsssl-slider rsssl-round"></span>
|
2913 |
+
</label>
|
2914 |
+
<?php
|
2915 |
RSSSL()->rsssl_help->get_help_tip(__("This is a fallback you should only use if other redirection methods do not work.", "really-simple-ssl"));
|
2916 |
echo $comment;
|
2917 |
|
2937 |
$comment = __("This option is enabled on the network menu.", "really-simple-ssl");
|
2938 |
}
|
2939 |
|
2940 |
+
?>
|
2941 |
+
<label class="rsssl-switch">
|
2942 |
+
<input id="rlrsssl_options" name="rlrsssl_options[wp_redirect]" size="40" value="1"
|
2943 |
+
type="checkbox" <?php checked(1, $wp_redirect, true) ?> />
|
2944 |
+
<span class="rsssl-slider rsssl-round"></span>
|
2945 |
+
</label>
|
2946 |
+
<?php
|
2947 |
RSSSL()->rsssl_help->get_help_tip(__("Enable this if you want to use the internal WordPress 301 redirect. Needed on NGINX servers, or if the .htaccess redirect cannot be used.", "really-simple-ssl"));
|
2948 |
echo $comment;
|
2949 |
|
2978 |
$disabled = ($this->do_not_edit_htaccess) ? "disabled" : "";
|
2979 |
}
|
2980 |
|
2981 |
+
?>
|
2982 |
+
<label class="rsssl-switch">
|
2983 |
+
<input id="rlrsssl_options" name="rlrsssl_options[htaccess_redirect]" size="40" value="1"
|
2984 |
+
type="checkbox" <?php checked(1, $this->htaccess_redirect, true) ?> />
|
2985 |
+
<span class="rsssl-slider rsssl-round"></span>
|
2986 |
+
</label>
|
2987 |
+
<?php
|
2988 |
RSSSL()->rsssl_help->get_help_tip(__("A .htaccess redirect is faster. Really Simple SSL detects the redirect code that is most likely to work (99% of websites), but this is not 100%. Make sure you know how to regain access to your site if anything goes wrong!", "really-simple-ssl"));
|
2989 |
echo $comment;
|
2990 |
|
3039 |
|
3040 |
public function get_option_do_not_edit_htaccess()
|
3041 |
{
|
3042 |
+
?>
|
3043 |
+
<label class="rsssl-switch">
|
3044 |
+
<input id="rlrsssl_options" name="rlrsssl_options[do_not_edit_htaccess]" size="40" value="1"
|
3045 |
+
type="checkbox" <?php checked(1, $this->do_not_edit_htaccess, true) ?> />
|
3046 |
+
<span class="rsssl-slider rsssl-round"></span>
|
3047 |
+
</label>
|
3048 |
+
<?php
|
3049 |
RSSSL()->rsssl_help->get_help_tip(__("If you want to customize the Really Simple SSL .htaccess, you need to prevent Really Simple SSL from rewriting it. Enabling this option will do that.", "really-simple-ssl"));
|
3050 |
if (!$this->do_not_edit_htaccess && !is_writable($this->ABSpath . ".htaccess")) _e(".htaccess is currently not writable.", "really-simple-ssl");
|
3051 |
}
|
3061 |
|
3062 |
public function get_option_switch_mixed_content_fixer_hook()
|
3063 |
{
|
3064 |
+
|
3065 |
+
?>
|
3066 |
+
<label class="rsssl-switch">
|
3067 |
+
<input id="rlrsssl_options" name="rlrsssl_options[switch_mixed_content_fixer_hook]" size="40" value="1"
|
3068 |
+
type="checkbox" <?php checked(1, $this->switch_mixed_content_fixer_hook, true) ?> />
|
3069 |
+
<span class="rsssl-slider rsssl-round"></span>
|
3070 |
+
</label>
|
3071 |
+
<?php
|
3072 |
RSSSL()->rsssl_help->get_help_tip(__("If this option is set to true, the mixed content fixer will fire on the init hook instead of the template_redirect hook. Only use this option when you experience problems with the mixed content fixer.", "really-simple-ssl"));
|
3073 |
}
|
3074 |
|
3134 |
$autoreplace_mixed_content = TRUE;
|
3135 |
$comment = __("This option is enabled on the network menu.", "really-simple-ssl");
|
3136 |
}
|
3137 |
+
|
3138 |
+
?>
|
3139 |
+
<label class="rsssl-switch">
|
3140 |
+
<input id="rlrsssl_options" name="rlrsssl_options[autoreplace_insecure_links]" size="40" value="1"
|
3141 |
+
type="checkbox" <?php checked(1, $autoreplace_mixed_content, true) ?> />
|
3142 |
+
<span class="rsssl-slider rsssl-round"></span>
|
3143 |
+
</label>
|
3144 |
+
<?php
|
3145 |
RSSSL()->rsssl_help->get_help_tip(__("In most cases you need to leave this enabled, to prevent mixed content issues on your site.", "really-simple-ssl"));
|
3146 |
echo $comment;
|
3147 |
}
|
3278 |
|
3279 |
protected function get_test_page_contents()
|
3280 |
{
|
|
|
3281 |
|
3282 |
+
$filecontents = get_transient('rsssl_testpage');
|
3283 |
+
if (!$filecontents) {
|
3284 |
+
$filecontents = "";
|
3285 |
|
3286 |
+
$testpage_url = trailingslashit($this->test_url()) . "ssl-test-page.php";
|
3287 |
+
$this->trace_log("Opening testpage to check server configuration: " . $testpage_url);
|
3288 |
|
3289 |
+
$response = wp_remote_get($testpage_url);
|
|
|
|
|
|
|
3290 |
|
3291 |
+
if (is_array($response)) {
|
3292 |
+
$status = wp_remote_retrieve_response_code($response);
|
3293 |
+
$filecontents = wp_remote_retrieve_body($response);
|
3294 |
+
}
|
3295 |
|
3296 |
+
$this->trace_log("test page url, enter in browser to check manually: " . $testpage_url);
|
3297 |
|
3298 |
+
if (!is_wp_error($response) && (strpos($filecontents, "#SSL TEST PAGE#") !== false)) {
|
|
|
|
|
|
|
|
|
|
|
|
|
3299 |
|
3300 |
+
$this->trace_log("SSL test page loaded successfully");
|
3301 |
+
} else {
|
3302 |
|
3303 |
+
$error = "";
|
3304 |
+
if (is_wp_error($response)) $error = $response->get_error_message();
|
3305 |
+
$this->trace_log("Could not open testpage " . $error);
|
3306 |
+
}
|
3307 |
+
if (empty($filecontents)) {
|
3308 |
+
$filecontents = 'not-valid';
|
3309 |
+
}
|
3310 |
+
set_transient('rsssl_testpage', $filecontents, 600);
|
3311 |
+
}
|
3312 |
return $filecontents;
|
3313 |
}
|
3314 |
|
class-certificate.php
CHANGED
@@ -164,29 +164,34 @@ if ( ! class_exists( 'rsssl_certificate' ) ) {
|
|
164 |
*
|
165 |
*/
|
166 |
|
167 |
-
|
168 |
public function get_certinfo($url)
|
169 |
{
|
170 |
-
$url = 'https://'.$url;
|
171 |
-
//check if the certificate is still valid, and send an email to the administrator if this is not the case.
|
172 |
-
$original_parse = parse_url($url, PHP_URL_HOST);
|
173 |
|
174 |
-
|
|
|
|
|
|
|
|
|
175 |
|
176 |
-
|
177 |
-
|
178 |
-
|
179 |
-
|
180 |
-
|
181 |
|
182 |
-
|
183 |
|
184 |
-
|
185 |
-
|
|
|
186 |
}
|
187 |
}
|
|
|
|
|
188 |
}
|
189 |
|
|
|
|
|
190 |
if (!empty($certinfo)) return $certinfo;
|
191 |
|
192 |
return false;
|
164 |
*
|
165 |
*/
|
166 |
|
|
|
167 |
public function get_certinfo($url)
|
168 |
{
|
|
|
|
|
|
|
169 |
|
170 |
+
$certinfo = get_transient('rsssl_certinfo');
|
171 |
+
if (!$certinfo || RSSSL()->really_simple_ssl->is_settings_page()) {
|
172 |
+
$url = 'https://'.$url;
|
173 |
+
$original_parse = parse_url($url, PHP_URL_HOST);
|
174 |
+
if ($original_parse) {
|
175 |
|
176 |
+
$get = stream_context_create(array("ssl" => array("capture_peer_cert" => TRUE)));
|
177 |
+
if ($get) {
|
178 |
+
set_error_handler(array($this, 'custom_error_handling'));
|
179 |
+
$read = stream_socket_client("ssl://" . $original_parse . ":443", $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $get);
|
180 |
+
restore_error_handler();
|
181 |
|
182 |
+
if ($errno == 0 && $read) {
|
183 |
|
184 |
+
$cert = stream_context_get_params($read);
|
185 |
+
$certinfo = openssl_x509_parse($cert['options']['ssl']['peer_certificate']);
|
186 |
+
}
|
187 |
}
|
188 |
}
|
189 |
+
|
190 |
+
set_transient('rsssl_certinfo', $certinfo, DAY_IN_SECONDS);
|
191 |
}
|
192 |
|
193 |
+
if ($certinfo==='not-valid') return false;
|
194 |
+
|
195 |
if (!empty($certinfo)) return $certinfo;
|
196 |
|
197 |
return false;
|
class-front-end.php
CHANGED
@@ -100,6 +100,7 @@ if ( ! class_exists( 'rsssl_front_end' ) ) {
|
|
100 |
|
101 |
public function wp_redirect_to_ssl()
|
102 |
{
|
|
|
103 |
|
104 |
if (!is_ssl() && !(defined("rsssl_no_wp_redirect") && rsssl_no_wp_redirect)) {
|
105 |
$redirect_url = "https://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
|
100 |
|
101 |
public function wp_redirect_to_ssl()
|
102 |
{
|
103 |
+
if (!array_key_exists('HTTP_HOST', $_SERVER)) return;
|
104 |
|
105 |
if (!is_ssl() && !(defined("rsssl_no_wp_redirect") && rsssl_no_wp_redirect)) {
|
106 |
$redirect_url = "https://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
|
readme.txt
CHANGED
@@ -4,9 +4,9 @@ Donate link: https://www.paypal.me/reallysimplessl
|
|
4 |
Tags: SSL, https, force SSL, mixed content, insecure content, secure website, website security, TLS, security, secure socket layers, HSTS
|
5 |
Requires at least: 4.2
|
6 |
License: GPL2
|
7 |
-
Tested up to:
|
8 |
Requires PHP: 5.4
|
9 |
-
Stable tag: 3.1.
|
10 |
|
11 |
No setup required! You only need an SSL certificate, and this plugin will do the rest.
|
12 |
|
@@ -79,6 +79,13 @@ If you are experiencing redirect loops on your site, try these [instructions](ht
|
|
79 |
Yes. There is a dedicated network settings page where you can switch between network activated SSL and per page SSL. In the dedicated pro for multisite plugin, you can override all site settings for SSL on the network level, and can activate and deactivate SSL in the network menu for each site.
|
80 |
|
81 |
== Changelog ==
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
82 |
= 3.1.1 =
|
83 |
* Fix: Multisite network wide activation/deactivation cron not saving settings because user capability not set this early in the process.
|
84 |
|
4 |
Tags: SSL, https, force SSL, mixed content, insecure content, secure website, website security, TLS, security, secure socket layers, HSTS
|
5 |
Requires at least: 4.2
|
6 |
License: GPL2
|
7 |
+
Tested up to: 5.0
|
8 |
Requires PHP: 5.4
|
9 |
+
Stable tag: 3.1.2
|
10 |
|
11 |
No setup required! You only need an SSL certificate, and this plugin will do the rest.
|
12 |
|
79 |
Yes. There is a dedicated network settings page where you can switch between network activated SSL and per page SSL. In the dedicated pro for multisite plugin, you can override all site settings for SSL on the network level, and can activate and deactivate SSL in the network menu for each site.
|
80 |
|
81 |
== Changelog ==
|
82 |
+
= 3.1.2 =
|
83 |
+
* Tweak: added cool checkboxes
|
84 |
+
* Tweak: .well-known/acme-challenge/ is excluded from .htaccess https:// redirect
|
85 |
+
* Tweak: implemented transients for functions that use curl/wp_remote_get()
|
86 |
+
* Tweak: improved mixed content fixer detection notifications
|
87 |
+
* Tweak: removed review notice for multisite
|
88 |
+
|
89 |
= 3.1.1 =
|
90 |
* Fix: Multisite network wide activation/deactivation cron not saving settings because user capability not set this early in the process.
|
91 |
|
rlrsssl-really-simple-ssl.php
CHANGED
@@ -3,7 +3,7 @@
|
|
3 |
* Plugin Name: Really Simple SSL
|
4 |
* Plugin URI: https://www.really-simple-ssl.com
|
5 |
* Description: Lightweight plugin without any setup to make your site SSL proof
|
6 |
-
* Version: 3.1.
|
7 |
* Text Domain: really-simple-ssl
|
8 |
* Domain Path: /languages
|
9 |
* Author: Rogier Lankhorst, Mark Wolters
|
3 |
* Plugin Name: Really Simple SSL
|
4 |
* Plugin URI: https://www.really-simple-ssl.com
|
5 |
* Description: Lightweight plugin without any setup to make your site SSL proof
|
6 |
+
* Version: 3.1.2
|
7 |
* Text Domain: really-simple-ssl
|
8 |
* Domain Path: /languages
|
9 |
* Author: Rogier Lankhorst, Mark Wolters
|