WordPress HTTPS (SSL) - Version 0.3

Version Description

  • Added the option to change external elements to HTTPS if the external server allows the elements to be accessed via HTTPS.

=

Download this release

Release Info

Developer Mvied
Plugin Icon wp plugin WordPress HTTPS (SSL)
Version 0.3
Comparing to
See all releases

Code changes from version 0.2 to 0.3

Files changed (2) hide show
  1. readme.txt +16 -15
  2. wordpress-https.php +84 -35
readme.txt CHANGED
@@ -1,19 +1,20 @@
1
  === Plugin Name ===
2
  Contributors: Mvied
 
3
  Tags: encrypted, ssl, http, https
4
  Requires at least: 2.1.0
5
  Tested up to: 3.0.1
6
- Stable tag: trunk
7
 
8
- This plugin ensures that all elements on a page are accessed through HTTPS if the page is being accessed via HTTPS.
9
 
10
  == Description ==
11
 
12
- This plugin ensures that all elements on a page are accessed through HTTPS if the page is being accessed via HTTPS.
13
 
14
- Sometimes when a page is loaded via HTTPS, the elements on that page (images, scripts, and stylesheets) may not also be loaded via HTTPS. Some, but not all, plugins check for HTTPS when adding the extra scripts and stylesheets to your pages. The ones that do not will cause the page to be loaded insecurely. This is due to the way in which the plugin developer adds the elements to your pages.
15
 
16
- Unlike the [HTTPS for Wordpress](http://wordpress.org/extend/plugins/https-for-wordpress/ "HTTPS for Wordpress") plugin, elements will be loaded with HTTPS regardless of how the plugin author added the elements to the page.
17
 
18
  == Installation ==
19
 
@@ -22,23 +23,19 @@ Unlike the [HTTPS for Wordpress](http://wordpress.org/extend/plugins/https-for-w
22
 
23
  == Frequently Asked Questions ==
24
 
25
- = What exactly does this plugin do? =
26
 
27
  Sometimes when a page is loaded via HTTPS, the elements on that page (images, scripts, and stylesheets) may not also be loaded via HTTPS. This plugin ensures that that happens.
28
 
29
- = Why does this happen anyways? =
30
 
31
  Some, but not all, plugins check for HTTPS when adding the extra scripts and stylesheets to your pages. The ones that do not will cause the page to be loaded insecurely. This is due to the way in which the plugin developer adds the elements to your pages.
32
 
33
- = Shouldn't the developer fix this issue? =
34
-
35
- Yes, but some are not aware of this bug, and far too many plugin developers make this mistake.
36
-
37
- = Does the plugin do anything else? =
38
 
39
- Yes, actually! When WordPress loads a page via HTTPS, it does not go back through posts and pages to ensure that images within are loaded via HTTPS. This is mostly due to images being hard-coded with the full non-HTTPS path to your WordPress installation. This plugin will take care of all insecure images and change them to be loaded over HTTPS.
40
 
41
- An answer to that question.
42
 
43
  == Changelog ==
44
 
@@ -46,8 +43,12 @@ An answer to that question.
46
  * Initial Release.
47
  = 0.2 =
48
  * Changed the way in which HTTPS was detected to be more reliable.
 
 
49
 
50
  == Upgrade Notice ==
51
 
52
  = 0.2 =
53
- Version 0.1 did not correctly detect HTTPS on IIS and possibly other servers. Please update to version 0.2 to fix this issue.
 
 
1
  === Plugin Name ===
2
  Contributors: Mvied
3
+ Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=6ZL95VTJ388HG
4
  Tags: encrypted, ssl, http, https
5
  Requires at least: 2.1.0
6
  Tested up to: 3.0.1
7
+ Stable tag: 0.3
8
 
9
+ This plugin ensures that <em>all</em> elements on a page are accessed through HTTPS if the page is being accessed via HTTPS.
10
 
11
  == Description ==
12
 
13
+ This plugin ensures that <em>all</em> elements on a page are accessed through HTTPS if the page is being accessed via HTTPS.
14
 
15
+ Some, but not all, plugins check for HTTPS when adding the extra scripts and stylesheets to your pages. The ones that do not will cause the page to be loaded insecurely. This is due to the way in which the plugin developer adds the elements to your pages.
16
 
17
+ Adding JavaScript files to the header and footer of your site by manually adding them to your template files with static URL's, or loading external scripts over HTTP such as JavaScript libraries from the <a href="http://code.google.com/apis/libraries/">Google Libraries API</a> will also cause this issue.
18
 
19
  == Installation ==
20
 
23
 
24
  == Frequently Asked Questions ==
25
 
26
+ = What does this plugin do? =
27
 
28
  Sometimes when a page is loaded via HTTPS, the elements on that page (images, scripts, and stylesheets) may not also be loaded via HTTPS. This plugin ensures that that happens.
29
 
30
+ = Why does that happen? =
31
 
32
  Some, but not all, plugins check for HTTPS when adding the extra scripts and stylesheets to your pages. The ones that do not will cause the page to be loaded insecurely. This is due to the way in which the plugin developer adds the elements to your pages.
33
 
34
+ Adding JavaScript files to the header and footer of your site by manually adding them to your template files with static URL's, or loading external scripts over HTTP such as JavaScript libraries from the <a href="http://code.google.com/apis/libraries/">Google Libraries API</a> will also cause this issue.
 
 
 
 
35
 
36
+ = How do you fix it? =
37
 
38
+ My plugin simply replaces HTTP with HTTPS in the source code where it needs to be changed. If my plugin does not fix your website not loading 100% over HTTPS, <a href="http://wordpress.org/tags/wordpress-https#postform">drop me a line</a> and I'll take a look at it.
39
 
40
  == Changelog ==
41
 
43
  * Initial Release.
44
  = 0.2 =
45
  * Changed the way in which HTTPS was detected to be more reliable.
46
+ = 0.3 =
47
+ * Added the option to change external elements to HTTPS if the external server allows the elements to be accessed via HTTPS.
48
 
49
  == Upgrade Notice ==
50
 
51
  = 0.2 =
52
+ Version 0.1 did not correctly detect HTTPS on IIS and possibly other servers. Please update to version 0.2 to fix this issue.
53
+ = 0.3 =
54
+ Version 0.3 gives you the option to change external elements to HTTPS if the external server allows the elements to be accessed via HTTPS.
wordpress-https.php CHANGED
@@ -2,53 +2,102 @@
2
  /*
3
  Plugin Name: WordPress HTTPS
4
  Plugin URI: http://mvied.com/projects/wordpress-https/
5
- Description: This plugin ensures that all elements on a page are accessed through HTTPS if the page is being accessed via HTTPS. Inspired by <a href="http://wordpress.org/extend/plugins/https-for-wordpress/">HTTPS for Wordpress</a>.
6
  Author: Mike Ems
7
- Version: 0.2
8
  Author URI: http://mvied.com/
9
  */
10
 
11
- /* Copyright 2010 Mike Ems (email : mike@mvied.com)
12
 
13
- This program is free software; you can redistribute it and/or modify
14
- it under the terms of the GNU General Public License as published by
15
- the Free Software Foundation; either version 2 of the License, or
16
- (at your option) any later version.
17
 
18
- This program is distributed in the hope that it will be useful,
19
- but WITHOUT ANY WARRANTY; without even the implied warranty of
20
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21
- GNU General Public License for more details.
22
 
23
- You should have received a copy of the GNU General Public License
24
- along with this program; if not, write to the Free Software
25
- Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
26
- */
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
27
 
28
- function wphttps_process($buffer) {
29
- // Only rewrite URLs if the page is currently HTTPS.
30
- if(!empty($_SERVER['HTTPS']) || $_SERVER['SERVER_PORT'] == 443) {
31
- // If HTTPS is active on a page, siteurl will return a https URL.
32
- // We need the url without https so that we can find it and replace
33
- // it within the source of the page.
34
- $httpsUrl = get_bloginfo('siteurl');
35
- $httpUrl = str_replace('https://','http://',get_bloginfo('siteurl'));
36
-
37
- // Match all script, link, and img tags that need to be set to https
38
- preg_match_all('/\<(script|link|img)+(.*)http:\/\/[-\w\.]+[^\"\']*\b/im',$buffer,$matches);
39
- foreach ($matches[0] as $match) {
40
- if (strpos($match,$httpUrl) > -1 && ((strpos($match,'link') > -1 && strpos($match,'stylesheet') > -1) || strpos($match,'script') > -1 || strpos($match,'img') > -1) ) {
41
- $buffer = str_replace($match,str_replace('http','https',$match),$buffer);
42
  }
43
  }
44
  }
45
- return $buffer;
46
  }
 
 
47
 
48
- function wphttps_buffer_start() { ob_start("wphttps_process"); }
49
- function wphttps_buffer_end() { ob_end_flush(); }
50
-
51
- add_action('send_headers', 'wphttps_buffer_start');
52
- add_action('wp_footer', 'wphttps_buffer_end');
53
 
 
 
 
54
  ?>
2
  /*
3
  Plugin Name: WordPress HTTPS
4
  Plugin URI: http://mvied.com/projects/wordpress-https/
5
+ Description: This plugin ensures that <em>all</em> elements on a page are accessed through HTTPS if the page is being accessed via HTTPS.
6
  Author: Mike Ems
7
+ Version: 0.3
8
  Author URI: http://mvied.com/
9
  */
10
 
11
+ add_action('admin_menu', 'wordpress_https_menu');
12
 
13
+ function wordpress_https_menu() {
14
+ add_options_page('WordPress HTTPS Settings', 'WordPress HTTPS', 'manage_options', 'wordpress-https', 'wordpress_https_settings');
15
+ }
 
16
 
17
+ function wordpress_https_settings() {
18
+ if (!current_user_can('manage_options')) {
19
+ wp_die( __('You do not have sufficient permissions to access this page.') );
20
+ }
21
 
22
+ if ( $_SERVER['REQUEST_METHOD'] === 'POST' ) {
23
+ $errors = array();
24
+ if ( $_POST['wordpress-https_externalurls'] == '1' ) {
25
+ if ( file_get_contents('http://www.google.com') == false ) {
26
+ $errors[] = 'Your current server configuration does not support the \'External HTTPS Elements\' option. This functionality relies on the <a href="http://php.net/file_get_contents" target="_blank">file_get_contents</a> function in PHP and has failed a test call to \'http://www.google.com/\'.';
27
+ update_option('wordpress-https_externalurls', 0);
28
+ } else {
29
+ update_option('wordpress-https_externalurls', 1);
30
+ }
31
+ } else {
32
+ update_option('wordpress-https_externalurls', 0);
33
+ }
34
+ }
35
+ ?>
36
+ <div class="wrap">
37
+ <div id="icon-options-general" class="icon32"><br /></div>
38
+ <h2>WordPress HTTPS Settings</h2>
39
+ <?php
40
+ if ( $_SERVER['REQUEST_METHOD'] === 'POST' ) {
41
+ if ( sizeof( $errors ) > 0 ) {
42
+ echo " <ul class=\"errors\">\n";
43
+ foreach ( $errors as $error ) {
44
+ echo " <li class=\"error\"><p>".$error."</p></li>\n";
45
+ }
46
+ echo " </ul>\n";
47
+ } else {
48
+ echo " <div class=\"updated fade\" id=\"message\"><p><strong>Settings saved.</strong></p></div>\n";
49
+ }
50
+ }
51
+ ?>
52
+
53
+ <form name="form" action="options-general.php?page=wordpress-https" method="post">
54
+ <?php settings_fields('wordpress-https'); ?>
55
+ <table class="form-table">
56
+ <tr valign="top">
57
+ <th scope="row">External HTTPS Elements</th>
58
+ <td>
59
+ <fieldset>
60
+ <legend class="screen-reader-text"><span>Attempt to automatically convert external elements to HTTPS.</span></legend>
61
+ <label for="wordpress-https_externalurls"><input name="wordpress-https_externalurls" type="checkbox" id="wordpress-https_externalurls" value="1"<?php echo ((get_option('wordpress-https_externalurls')) ? ' checked="checked"' : ''); ?> /> Attempt to automatically convert external elements to HTTPS.<br /><em>Warning: Depending on the amount of external elements, this could affect the load times of your pages.</em></label>
62
+ </fieldset>
63
+ </td>
64
+ </tr>
65
+ </table>
66
+ <p class="submit"><input type="submit" name="Submit" value="Save Changes" class="button-primary" /></p>
67
+ <p>If you found my plugin useful, please <a href="https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=6ZL95VTJ388HG" target="_blank">donate</a>. If you need technical assistance, want to provide feedback, or just want to say thanks, <a href="http://wordpress.org/tags/wordpress-https#postform" target="_blank">drop me a line</a>.</p>
68
+ </form>
69
+ </div>
70
+ <?php
71
+ }
72
+
73
+ function wordpress_https_process($buffer) {
74
+ if ( !empty($_SERVER['HTTPS']) || $_SERVER['SERVER_PORT'] == 443 ) {
75
+ $httpsUrl = str_replace('http://', 'https://', get_bloginfo('siteurl'));
76
+ $httpUrl = str_replace('https://', 'http://', get_bloginfo('siteurl'));
77
 
78
+ preg_match_all('/\<(script|link|img)(.*)http:\/\/[-\w\.]+[^\"\']*/im',$buffer,$matches);
79
+ foreach ($matches[0] as $match) {
80
+ if ( ( strpos($match, 'link') !== false && strpos($match, 'stylesheet') !== false ) || strpos($match, 'script') !== false || strpos($match, 'img') !== false ) {
81
+ if ( strpos($match,$httpUrl) !== false ) {
82
+ $buffer = str_replace($match, str_replace('http', 'https', $match), $buffer);
83
+ } elseif ( get_option('wordpress-https_externalurls') == '1' ) {
84
+ preg_match_all('/http:\/\/[-\w\.]+[^\"\']*/im', $match, $urlMatches);
85
+ foreach ( $urlMatches[0] as $urlMatch ) {
86
+ if (@file_get_contents(str_replace('http', 'https', $urlMatch))) {
87
+ $buffer = str_replace($urlMatch, str_replace('http', 'https', $urlMatch), $buffer);
88
+ }
89
+ }
 
 
90
  }
91
  }
92
  }
 
93
  }
94
+ return $buffer;
95
+ }
96
 
97
+ function wordpress_https_buffer_start() { ob_start('wordpress_https_process'); }
98
+ function wordpress_https_buffer_end() { ob_end_flush(); }
 
 
 
99
 
100
+ add_action('admin_init', 'wordpress_https_buffer_start');
101
+ add_action('send_headers', 'wordpress_https_buffer_start');
102
+ add_action('wp_footer', 'wordpress_https_buffer_end');
103
  ?>