Version Description
- Added support for Shared SSL.
Download this release
Release Info
| Developer | Mvied |
| Plugin |  WordPress HTTPS (SSL) |
| Version | 1.6.5 |
| Comparing to | |
| See all releases | |
Code changes from version 1.6.3 to 1.6.5
- css/admin.css +4 -0
- readme.txt +5 -2
- wordpress-https.php +70 -23
css/admin.css
CHANGED
|
@@ -68,4 +68,8 @@ p.description {
|
|
| 68 |
color: #666;
|
| 69 |
font-size: 12px;
|
| 70 |
font-style: italic;
|
|
|
|
|
|
|
|
|
|
|
|
|
| 71 |
}
|
| 68 |
color: #666;
|
| 69 |
font-size: 12px;
|
| 70 |
font-style: italic;
|
| 71 |
+
}
|
| 72 |
+
|
| 73 |
+
input#wordpress-https_sharedssl_host {
|
| 74 |
+
width: 350px;
|
| 75 |
}
|
readme.txt
CHANGED
|
@@ -4,16 +4,17 @@ Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_i
|
|
| 4 |
Tags: encrypted, ssl, http, https
|
| 5 |
Requires at least: 2.7.0
|
| 6 |
Tested up to: 3.0.1
|
| 7 |
-
Stable tag: 1.6.
|
| 8 |
|
| 9 |
Features: Force HTTPS on only certain pages. Fix partially encrypted errors. Disable WordPress from changing links to HTTPS. And more!
|
| 10 |
|
| 11 |
== Description ==
|
| 12 |
|
| 13 |
-
|
| 14 |
|
| 15 |
<ul>
|
| 16 |
<li>Change all internal scripts, stylesheets and images to HTTPS if the page is being viewed via HTTPS to prevent partially encrypted errors.</li>
|
|
|
|
| 17 |
<li>Force HTTPS on only the pages you need to be HTTPS.</li>
|
| 18 |
<li>Force pages to HTTP that have not been forced to HTTPS.</li>
|
| 19 |
<li>Change external elements to HTTPS. The plugin will check for the existence of external elements over HTTPS and, if available, will change them to HTTPS.</li>
|
|
@@ -64,6 +65,8 @@ In most cases, yes. There are limitations to what this plugin can fix. Here are
|
|
| 64 |
|
| 65 |
== Changelog ==
|
| 66 |
|
|
|
|
|
|
|
| 67 |
= 1.6.3 =
|
| 68 |
* Changed the redirection check to use `template_redirect` hook rather than `get_header`.
|
| 69 |
= 1.6.2 =
|
| 4 |
Tags: encrypted, ssl, http, https
|
| 5 |
Requires at least: 2.7.0
|
| 6 |
Tested up to: 3.0.1
|
| 7 |
+
Stable tag: 1.6.5
|
| 8 |
|
| 9 |
Features: Force HTTPS on only certain pages. Fix partially encrypted errors. Disable WordPress from changing links to HTTPS. And more!
|
| 10 |
|
| 11 |
== Description ==
|
| 12 |
|
| 13 |
+
WordPress HTTPS is a WordPress plugin that is intended to be an all-in-one solution to using SSL on WordPress sites. Here are the currently available features:
|
| 14 |
|
| 15 |
<ul>
|
| 16 |
<li>Change all internal scripts, stylesheets and images to HTTPS if the page is being viewed via HTTPS to prevent partially encrypted errors.</li>
|
| 17 |
+
<li>Supports Shared and Private SSL.</li>
|
| 18 |
<li>Force HTTPS on only the pages you need to be HTTPS.</li>
|
| 19 |
<li>Force pages to HTTP that have not been forced to HTTPS.</li>
|
| 20 |
<li>Change external elements to HTTPS. The plugin will check for the existence of external elements over HTTPS and, if available, will change them to HTTPS.</li>
|
| 65 |
|
| 66 |
== Changelog ==
|
| 67 |
|
| 68 |
+
= 1.6.5 =
|
| 69 |
+
* Added support for Shared SSL.
|
| 70 |
= 1.6.3 =
|
| 71 |
* Changed the redirection check to use `template_redirect` hook rather than `get_header`.
|
| 72 |
= 1.6.2 =
|
wordpress-https.php
CHANGED
|
@@ -4,7 +4,7 @@ Plugin Name: WordPress HTTPS
|
|
| 4 |
Plugin URI: http://mvied.com/projects/wordpress-https/
|
| 5 |
Description: Force HTTPS on only certain pages. Fix partially encrypted errors. Disable WordPress from changing links to HTTPS. And more!
|
| 6 |
Author: Mike Ems
|
| 7 |
-
Version: 1.6.
|
| 8 |
Author URI: http://mvied.com/
|
| 9 |
*/
|
| 10 |
|
|
@@ -24,7 +24,7 @@ if ( !class_exists('WordPressHTTPS') ) {
|
|
| 24 |
*
|
| 25 |
* @var int
|
| 26 |
*/
|
| 27 |
-
var $plugin_version = '1.6.
|
| 28 |
|
| 29 |
/**
|
| 30 |
* Plugin URL
|
|
@@ -33,6 +33,20 @@ if ( !class_exists('WordPressHTTPS') ) {
|
|
| 33 |
*/
|
| 34 |
var $plugin_url;
|
| 35 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 36 |
/**
|
| 37 |
* Default options
|
| 38 |
*
|
|
@@ -54,6 +68,19 @@ if ( !class_exists('WordPressHTTPS') ) {
|
|
| 54 |
$this->plugin_url = WP_PLUGIN_URL . '/' . plugin_basename(dirname(__FILE__));
|
| 55 |
}
|
| 56 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 57 |
// Define default options
|
| 58 |
$this->options_default = array(
|
| 59 |
'wordpress-https_internalurls' => 1, // Force internal URL's to HTTPS
|
|
@@ -61,7 +88,9 @@ if ( !class_exists('WordPressHTTPS') ) {
|
|
| 61 |
'wordpress-https_bypass' => 0, // Bypass option to check if external elements can be loaded via HTTPS
|
| 62 |
'wordpress-https_disable_autohttps' => 0, // Disable the feature in WordPress 3.0+ that makes all links HTTPS if the page is being viewed via HTTPS.
|
| 63 |
'wordpress-https_exclusive_https' => 0, // Exclusively force SSL on posts and pages with the `Force SSL` option checked.
|
| 64 |
-
'wordpress-https_frontpage' => 0
|
|
|
|
|
|
|
| 65 |
);
|
| 66 |
|
| 67 |
if ( is_admin() ) {
|
|
@@ -110,7 +139,7 @@ if ( !class_exists('WordPressHTTPS') ) {
|
|
| 110 |
|
| 111 |
// Start output buffering
|
| 112 |
add_action('plugins_loaded', array(&$this, 'buffer_start'));
|
| 113 |
-
|
| 114 |
// End output buffering
|
| 115 |
//add_action('shutdown', array(&$this, 'buffer_end'));
|
| 116 |
}
|
|
@@ -122,23 +151,23 @@ if ( !class_exists('WordPressHTTPS') ) {
|
|
| 122 |
* @return string
|
| 123 |
*/
|
| 124 |
function process($buffer) {
|
| 125 |
-
if ( is_ssl() ) {
|
| 126 |
-
|
| 127 |
-
$httpUrl = $this->replace_https($httpsUrl);
|
| 128 |
|
| 129 |
-
preg_match_all('/\<(script|link|img|input)[^>]+(http:\/\/[\/-\w\.]+)[^>]+>/im',$buffer,$matches);
|
| 130 |
for ($i = 0; $i<=sizeof($matches[0]); $i++) {
|
| 131 |
-
$html
|
| 132 |
-
$type
|
| 133 |
-
$url
|
|
|
|
|
|
|
| 134 |
if ( ( $type == 'link' && strpos($html, 'stylesheet') !== false ) || ( $type == 'input' && strpos($html, 'image') !== false ) || $type == 'script' || $type == 'img' ) {
|
| 135 |
-
if ( strpos($html,$
|
| 136 |
-
$buffer = str_replace($html, $this->
|
| 137 |
} else if ( get_option('wordpress-https_externalurls') == 1 ) {
|
| 138 |
if ( get_option('wordpress-https_bypass') == 1 ) {
|
| 139 |
-
$buffer = str_replace($html, $this->
|
| 140 |
} else if (@file_get_contents($this->replace_http($url))) {
|
| 141 |
-
$buffer = str_replace($html, $this->
|
| 142 |
}
|
| 143 |
}
|
| 144 |
}
|
|
@@ -147,6 +176,18 @@ if ( !class_exists('WordPressHTTPS') ) {
|
|
| 147 |
return $buffer;
|
| 148 |
}
|
| 149 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 150 |
/**
|
| 151 |
* Checks to see if the current page needs to be redirected
|
| 152 |
*
|
|
@@ -156,13 +197,13 @@ if ( !class_exists('WordPressHTTPS') ) {
|
|
| 156 |
function check_https() {
|
| 157 |
global $post;
|
| 158 |
if (is_front_page() && get_option('show_on_front') == 'posts') {
|
| 159 |
-
if (get_option('wordpress-https_frontpage') == 1 &&
|
| 160 |
$this->redirect(true);
|
| 161 |
-
} else if (get_option('wordpress-https_frontpage') != 1 && is_ssl()) {
|
| 162 |
$this->redirect(false);
|
| 163 |
}
|
| 164 |
} else if ( is_single() || is_page() || is_front_page() || is_home() ) {
|
| 165 |
-
if (
|
| 166 |
$forceSSL = get_post_meta($post->ID, 'force_ssl');
|
| 167 |
if ($forceSSL) {
|
| 168 |
$this->redirect(true);
|
|
@@ -183,11 +224,11 @@ if ( !class_exists('WordPressHTTPS') ) {
|
|
| 183 |
* @return void
|
| 184 |
*/
|
| 185 |
function redirect($ssl = true) {
|
| 186 |
-
if (
|
| 187 |
-
wp_redirect(
|
| 188 |
exit();
|
| 189 |
-
} else if (is_ssl() && $ssl == false) {
|
| 190 |
-
wp_redirect(
|
| 191 |
exit();
|
| 192 |
}
|
| 193 |
}
|
|
@@ -287,7 +328,7 @@ if ( !class_exists('WordPressHTTPS') ) {
|
|
| 287 |
$errors = array();
|
| 288 |
|
| 289 |
foreach ($this->options_default as $key => $default) {
|
| 290 |
-
if (!array_key_exists($key, $_POST)) {
|
| 291 |
$_POST[$key] = 0;
|
| 292 |
} else {
|
| 293 |
if ( $key == 'wordpress-https_bypass' && @ini_get('allow_url_fopen') != 1 ) {
|
|
@@ -392,6 +433,12 @@ if ( !class_exists('WordPressHTTPS') ) {
|
|
| 392 |
<p class="description">WordPress HTTPS adds a 'Force SSL' checkbox to each post and page right above the publish button (<a href="<?php echo $this->plugin_url; ?>screenshot-2.png" target="_blank">screenshot</a>). When selected, the post or page will be forced to HTTPS. With this option enabled, all posts and pages without 'Force SSL' checked will be redirected to HTTP.</p>
|
| 393 |
</fieldset>
|
| 394 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 395 |
<?php if (get_option('show_on_front') == 'posts') { ?>
|
| 396 |
<fieldset>
|
| 397 |
<label for="wordpress-https_frontpage"><input name="wordpress-https_frontpage" type="checkbox" id="wordpress-https_frontpage" value="1"<?php echo ((get_option('wordpress-https_frontpage')) ? ' checked="checked"' : ''); ?> /> <strong>HTTPS Front Page</strong></label>
|
| 4 |
Plugin URI: http://mvied.com/projects/wordpress-https/
|
| 5 |
Description: Force HTTPS on only certain pages. Fix partially encrypted errors. Disable WordPress from changing links to HTTPS. And more!
|
| 6 |
Author: Mike Ems
|
| 7 |
+
Version: 1.6.5
|
| 8 |
Author URI: http://mvied.com/
|
| 9 |
*/
|
| 10 |
|
| 24 |
*
|
| 25 |
* @var int
|
| 26 |
*/
|
| 27 |
+
var $plugin_version = '1.6.5';
|
| 28 |
|
| 29 |
/**
|
| 30 |
* Plugin URL
|
| 33 |
*/
|
| 34 |
var $plugin_url;
|
| 35 |
|
| 36 |
+
/**
|
| 37 |
+
* HTTP URL
|
| 38 |
+
*
|
| 39 |
+
* @var string
|
| 40 |
+
*/
|
| 41 |
+
var $http_url;
|
| 42 |
+
|
| 43 |
+
/**
|
| 44 |
+
* HTTPS URL
|
| 45 |
+
*
|
| 46 |
+
* @var string
|
| 47 |
+
*/
|
| 48 |
+
var $https_url;
|
| 49 |
+
|
| 50 |
/**
|
| 51 |
* Default options
|
| 52 |
*
|
| 68 |
$this->plugin_url = WP_PLUGIN_URL . '/' . plugin_basename(dirname(__FILE__));
|
| 69 |
}
|
| 70 |
|
| 71 |
+
// Assign HTTP URL
|
| 72 |
+
$this->http_url = get_option('home');
|
| 73 |
+
|
| 74 |
+
// Assign HTTPS URL and prevent WordPress from causing a redirect loop if using Shared SSL
|
| 75 |
+
if (get_option('wordpress-https_sharedssl') == 1 && get_option('wordpress-https_sharedssl_host') != '') {
|
| 76 |
+
$this->https_url = get_option('wordpress-https_sharedssl_host');
|
| 77 |
+
|
| 78 |
+
// Prevent WordPress from causing a redirect loop if using Shared SSL
|
| 79 |
+
remove_filter('template_redirect', 'redirect_canonical');
|
| 80 |
+
} else {
|
| 81 |
+
$this->https_url = $this->replace_http($this->http_url);
|
| 82 |
+
}
|
| 83 |
+
|
| 84 |
// Define default options
|
| 85 |
$this->options_default = array(
|
| 86 |
'wordpress-https_internalurls' => 1, // Force internal URL's to HTTPS
|
| 88 |
'wordpress-https_bypass' => 0, // Bypass option to check if external elements can be loaded via HTTPS
|
| 89 |
'wordpress-https_disable_autohttps' => 0, // Disable the feature in WordPress 3.0+ that makes all links HTTPS if the page is being viewed via HTTPS.
|
| 90 |
'wordpress-https_exclusive_https' => 0, // Exclusively force SSL on posts and pages with the `Force SSL` option checked.
|
| 91 |
+
'wordpress-https_frontpage' => 0, // Force SSL on front page
|
| 92 |
+
'wordpress-https_sharedssl' => 0, // Enable Shared SSL
|
| 93 |
+
'wordpress-https_sharedssl_host' => '' // Hostname for Shared SSL
|
| 94 |
);
|
| 95 |
|
| 96 |
if ( is_admin() ) {
|
| 139 |
|
| 140 |
// Start output buffering
|
| 141 |
add_action('plugins_loaded', array(&$this, 'buffer_start'));
|
| 142 |
+
|
| 143 |
// End output buffering
|
| 144 |
//add_action('shutdown', array(&$this, 'buffer_end'));
|
| 145 |
}
|
| 151 |
* @return string
|
| 152 |
*/
|
| 153 |
function process($buffer) {
|
| 154 |
+
if ( $this->is_ssl() ) {
|
| 155 |
+
preg_match_all('/\<(script|link|img|input)[^>]+((http|https):\/\/[\/-\w\.]+)[^>]+>/im',$buffer,$matches);
|
|
|
|
| 156 |
|
|
|
|
| 157 |
for ($i = 0; $i<=sizeof($matches[0]); $i++) {
|
| 158 |
+
$html = $matches[0][$i];
|
| 159 |
+
$type = $matches[1][$i];
|
| 160 |
+
$url = $matches[2][$i];
|
| 161 |
+
$scheme = $matches[3][$i];
|
| 162 |
+
|
| 163 |
if ( ( $type == 'link' && strpos($html, 'stylesheet') !== false ) || ( $type == 'input' && strpos($html, 'image') !== false ) || $type == 'script' || $type == 'img' ) {
|
| 164 |
+
if ( strpos($html,$this->http_url) !== false && get_option('wordpress-https_internalurls') == 1 ) {
|
| 165 |
+
$buffer = str_replace($html, str_replace($this->http_url, $this->https_url, $html), $buffer);
|
| 166 |
} else if ( get_option('wordpress-https_externalurls') == 1 ) {
|
| 167 |
if ( get_option('wordpress-https_bypass') == 1 ) {
|
| 168 |
+
$buffer = str_replace($html, str_replace($this->http_url, $this->https_url, $html), $buffer);
|
| 169 |
} else if (@file_get_contents($this->replace_http($url))) {
|
| 170 |
+
$buffer = str_replace($html, str_replace($this->http_url, $this->https_url, $html), $buffer);
|
| 171 |
}
|
| 172 |
}
|
| 173 |
}
|
| 176 |
return $buffer;
|
| 177 |
}
|
| 178 |
|
| 179 |
+
function is_ssl() {
|
| 180 |
+
if ( get_option('wordpress-https_sharedssl') == 1 ) {
|
| 181 |
+
if ( strpos($this->https_url, $_SERVER['HTTP_X_FORWARDED_SERVER']) !== false ) {
|
| 182 |
+
return true;
|
| 183 |
+
} else {
|
| 184 |
+
return false;
|
| 185 |
+
}
|
| 186 |
+
} else {
|
| 187 |
+
return is_ssl();
|
| 188 |
+
}
|
| 189 |
+
}
|
| 190 |
+
|
| 191 |
/**
|
| 192 |
* Checks to see if the current page needs to be redirected
|
| 193 |
*
|
| 197 |
function check_https() {
|
| 198 |
global $post;
|
| 199 |
if (is_front_page() && get_option('show_on_front') == 'posts') {
|
| 200 |
+
if (get_option('wordpress-https_frontpage') == 1 && !$this->is_ssl() ) {
|
| 201 |
$this->redirect(true);
|
| 202 |
+
} else if (get_option('wordpress-https_frontpage') != 1 && $this->is_ssl()) {
|
| 203 |
$this->redirect(false);
|
| 204 |
}
|
| 205 |
} else if ( is_single() || is_page() || is_front_page() || is_home() ) {
|
| 206 |
+
if ( !$this->is_ssl() ) {
|
| 207 |
$forceSSL = get_post_meta($post->ID, 'force_ssl');
|
| 208 |
if ($forceSSL) {
|
| 209 |
$this->redirect(true);
|
| 224 |
* @return void
|
| 225 |
*/
|
| 226 |
function redirect($ssl = true) {
|
| 227 |
+
if ( !$this->is_ssl() && $ssl == true ) {
|
| 228 |
+
wp_redirect($this->https_url . $_SERVER['REQUEST_URI']);
|
| 229 |
exit();
|
| 230 |
+
} else if ($this->is_ssl() && $ssl == false) {
|
| 231 |
+
wp_redirect($this->http_url . $_SERVER['REQUEST_URI']);
|
| 232 |
exit();
|
| 233 |
}
|
| 234 |
}
|
| 328 |
$errors = array();
|
| 329 |
|
| 330 |
foreach ($this->options_default as $key => $default) {
|
| 331 |
+
if (!array_key_exists($key, $_POST) && $default == 0) {
|
| 332 |
$_POST[$key] = 0;
|
| 333 |
} else {
|
| 334 |
if ( $key == 'wordpress-https_bypass' && @ini_get('allow_url_fopen') != 1 ) {
|
| 433 |
<p class="description">WordPress HTTPS adds a 'Force SSL' checkbox to each post and page right above the publish button (<a href="<?php echo $this->plugin_url; ?>screenshot-2.png" target="_blank">screenshot</a>). When selected, the post or page will be forced to HTTPS. With this option enabled, all posts and pages without 'Force SSL' checked will be redirected to HTTP.</p>
|
| 434 |
</fieldset>
|
| 435 |
|
| 436 |
+
<fieldset>
|
| 437 |
+
<label for="wordpress-https_sharedssl"><input name="wordpress-https_sharedssl" type="checkbox" id="wordpress-https_sharedssl" value="1"<?php echo ((get_option('wordpress-https_sharedssl')) ? ' checked="checked"' : ''); ?> /> <strong>Shared SSL</strong></label>
|
| 438 |
+
<p>Enable this option if you are using a shared SSL certificate. Be sure to type your Shared SSL Host below.</p>
|
| 439 |
+
<label><strong>Shared SSL Host</strong> <input name="wordpress-https_sharedssl_host" type="text" id="wordpress-https_sharedssl_host" value="<?php echo get_option('wordpress-https_sharedssl_host'); ?>" /></label>
|
| 440 |
+
</fieldset>
|
| 441 |
+
|
| 442 |
<?php if (get_option('show_on_front') == 'posts') { ?>
|
| 443 |
<fieldset>
|
| 444 |
<label for="wordpress-https_frontpage"><input name="wordpress-https_frontpage" type="checkbox" id="wordpress-https_frontpage" value="1"<?php echo ((get_option('wordpress-https_frontpage')) ? ' checked="checked"' : ''); ?> /> <strong>HTTPS Front Page</strong></label>
|
