WordPress HTTPS (SSL) - Version 1.7.5

Version Description

Bug fix - When using 'Latest Posts' as the front page, the front page would redirect to HTTP when viewed over HTTPS even if the 'Force SSL Exclusively' option was disabled.
Prevented the 'Disable Automatic HTTPS' option from parsing URL's in the admin panel.
Changed redirects to send a '301 Permanently Moved' header rather than a '302 Temporarily Moved' header.
General code cleanup and such.

Release Info

Developer	Mvied
Plugin	WordPress HTTPS (SSL)
Version	1.7.5
Comparing to
See all releases

Code changes from version 1.7 to 1.7.5

Files changed (3) hide show

css/admin.css +2 -2
readme.txt +14 -1
wordpress-https.php +122 -123

css/admin.css CHANGED Viewed

	@@ -52,8 +52,8 @@ div.wphttps-widget h3 {
52	text-shadow:0 -1px 0 #3F3F3F;
53	}
54
55	- div.wphttps-widget#wphttps-donate ~~input[type="text"]~~ {
56	- ~~width~~: ~~95px~~;
57	}
58
59	img.waiting {


52	text-shadow:0 -1px 0 #3F3F3F;
53	}
54
55	+ div.wphttps-widget#wphttps-donate form {
56	+ text-align: center;
57	}
58
59	img.waiting {

readme.txt CHANGED Viewed

	@@ -4,7 +4,7 @@ Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_i
4	Tags: encrypted, ssl, http, https
5	Requires at least: 2.7.0
6	Tested up to: 3.0.1
7	- Stable tag: 1.7
8
9	WordPress HTTPS is intended to be an all-in-one solution to using SSL on WordPress sites. Free support provided!
10
	@@ -59,12 +59,25 @@ In most cases, yes. There are limitations to what this plugin can fix. Here are
59	<li>External elements that can not be delivered over HTTPS - I would suggest removing these or hosting them on your own server.</li>
60	</ul>
61








62	== Screenshots ==
63	1. WordPress HTTPS Settings screen
64	2. Force SSL checkbox added to add/edit posts screen
65
66	== Changelog ==
67





68	= 1.7 =
69	* Bug fix - External URL's were not being forced to HTTPS after the last update.
70	* Added the functionality to correct relative URL's when using Shared SSL.


4	Tags: encrypted, ssl, http, https
5	Requires at least: 2.7.0
6	Tested up to: 3.0.1
7	+ Stable tag: 1.7.5
8
9	WordPress HTTPS is intended to be an all-in-one solution to using SSL on WordPress sites. Free support provided!
10

59	<li>External elements that can not be delivered over HTTPS - I would suggest removing these or hosting them on your own server.</li>
60	</ul>
61
62	+ = What is an element? =
63	+
64	+ Elements are any files (JavaScript, stylesheet, images, etc.) that are loaded on your WordPress pages.
65	+
66	+ = What is the difference between 'internal' and 'external' elements? =
67	+
68	+ Internal elements are files hosted on your domain. External elements are files that are <em>not</em> hosted on your domain.
69	+
70	== Screenshots ==
71	1. WordPress HTTPS Settings screen
72	2. Force SSL checkbox added to add/edit posts screen
73
74	== Changelog ==
75
76	+ = 1.7.5 =
77	+ * Bug fix - When using 'Latest Posts' as the front page, the front page would redirect to HTTP when viewed over HTTPS even if the 'Force SSL Exclusively' option was disabled.
78	+ * Prevented the 'Disable Automatic HTTPS' option from parsing URL's in the admin panel.
79	+ * Changed redirects to send a '301 Permanently Moved' header rather than a '302 Temporarily Moved' header.
80	+ * General code cleanup and such.
81	= 1.7 =
82	* Bug fix - External URL's were not being forced to HTTPS after the last update.
83	* Added the functionality to correct relative URL's when using Shared SSL.

wordpress-https.php CHANGED Viewed

	@@ -4,7 +4,7 @@ Plugin Name: WordPress HTTPS
4	Plugin URI: http://mvied.com/projects/wordpress-https/
5	Description: WordPress HTTPS is intended to be an all-in-one solution to using SSL on WordPress sites. Free support provided!
6	Author: Mike Ems
7	- Version: 1.7
8	Author URI: http://mvied.com/
9	*/
10
	@@ -24,7 +24,7 @@ if ( !class_exists('WordPressHTTPS') ) {
24	*
25	* @var int
26	*/
27	- var $plugin_version = '1.7';
28
29	/**
30	* Plugin URL
	@@ -57,9 +57,9 @@ if ( !class_exists('WordPressHTTPS') ) {
57	/**
58	* Default options
59	*
60	- * @~~private~~ array
61	*/
62	- ~~private~~ $options_default;
63
64	/**
65	* Initialize plugin
	@@ -76,7 +76,7 @@ if ( !class_exists('WordPressHTTPS') ) {
76	}
77
78	// Assign HTTP URL
79	- $this->http_url = get_option('home');
80	// Assign HTTPS URL
81	$this->https_url = $this->replace_http($this->http_url);
82
	@@ -86,8 +86,6 @@ if ( !class_exists('WordPressHTTPS') ) {
86	$this->shared_ssl = 1;
87	// Assign HTTPS URL to Shared SSL Host
88	$this->https_url = get_option('wordpress-https_sharedssl_host');
89	- // Prevent WordPress from causing a redirect loop if using Shared SSL
90	- remove_filter('template_redirect', 'redirect_canonical');
91	}
92
93	// Define default options
	@@ -95,24 +93,27 @@ if ( !class_exists('WordPressHTTPS') ) {
95	'wordpress-https_internalurls' => 1, // Force internal URL's to HTTPS
96	'wordpress-https_externalurls' => 0, // Force external URL's to HTTPS
97	'wordpress-https_bypass' => 0, // Bypass option to check if external elements can be loaded via HTTPS
98	- 'wordpress-https_disable_autohttps' => 0, // ~~Disable~~ ~~the feature in~~ WordPress 3.0+ ~~that~~ ~~makes~~ all links HTTPS if ~~the~~ ~~page~~ is ~~being viewed via HTTPS~~.
99	'wordpress-https_exclusive_https' => 0, // Exclusively force SSL on posts and pages with the `Force SSL` option checked.
100	'wordpress-https_frontpage' => 0, // Force SSL on front page
101	'wordpress-https_sharedssl' => 0, // Enable Shared SSL
102	'wordpress-https_sharedssl_host' => '' // Hostname for Shared SSL
103	);
104



105	if ( is_admin() ) {
106	// Add admin menus
107	add_action('admin_menu', array(&$this, 'menu'));
108
109	// Load on plugins page
110	- if ( ~~'plugins.php' ==~~ $GLOBALS['pagenow'] ) {
111	add_filter( 'plugin_row_meta', array( &$this, 'plugin_links' ), 10, 2);
112	}
113
114	// Load on Settings page
115	- if (@$_GET['page'] == 'wordpress-https') {
116	wp_enqueue_script('jquery-form', $this->plugin_url . '/js/jquery.form.js', array('jquery'), '2.47', true);
117	wp_enqueue_script('wordpress-https', $this->plugin_url . '/js/admin.js', array('jquery'), $this->plugin_version, true);
118	wp_enqueue_style('wordpress-https', $this->plugin_url . '/css/admin.css', $this->plugin_version, true);
	@@ -128,22 +129,24 @@ if ( !class_exists('WordPressHTTPS') ) {
128	// Add 'Force SSL' checkbox to add/edit post pages
129	add_action('post_submitbox_misc_actions', array(&$this, 'post_checkbox'));
130	add_action('save_post', array(&$this, 'post_save'));


131	} else {
132	- // If ~~not admin page, check~~ if the page needs to be redirected
133	add_action('template_redirect', array(&$this, 'check_https'));
134	- }
135
136	- // Filter HTTPS from links in WP 3.0+
137	- if ( get_option('wordpress-https_disable_autohttps') == 1 ) {
138	- add_filter('page_link', array(&$this, 'replace_https'));
139	- add_filter('post_link', array(&$this, 'replace_https'));
140	- add_filter('category_link', array(&$this, 'replace_https'));
141	- add_filter('get_archives_link', array(&$this, 'replace_https'));
142	- add_filter('tag_link', array(&$this, 'replace_https'));
143	- add_filter('search_link', array(&$this, 'replace_https'));
144	- add_filter('home_url', array(&$this, 'replace_https'));
145	- add_filter('bloginfo', array(&$this, 'bloginfo'), 10, 2);
146	- add_filter('bloginfo_url', array(&$this, 'bloginfo'), 10, 2);

147	}
148
149	// Start output buffering
	@@ -169,7 +172,7 @@ if ( !class_exists('WordPressHTTPS') ) {
169	$url = $matches[2][$i];
170	$scheme = $matches[3][$i];
171
172	- if ( ( $type == 'link' && strpos($html, 'stylesheet') !== false ) \|\| ( $type == 'input' && strpos($html, 'image') !== false ) \|\| $type == 'img' \|\| $type == 'script' ) {
173	if ( strpos($html,$this->http_url) !== false && get_option('wordpress-https_internalurls') == 1 ) {
174	$buffer = str_replace($html, str_replace($this->http_url, $this->https_url, $html), $buffer);
175	} else if ( get_option('wordpress-https_externalurls') == 1 ) {
	@@ -205,15 +208,10 @@ if ( !class_exists('WordPressHTTPS') ) {
205	* @return void
206	*/
207	function is_ssl() {
208	- if ( $this->shared_ssl == 1 ) {
209	- if ~~( strpos($this->https_url, $_SERVER['HTTP_X_FORWARDED_SERVER']) !== false ) {~~
210	- return true;
211	- } else {
212	- return false;
213	- }
214	- } else {
215	- return is_ssl();
216	}

217	}
218
219	/**
	@@ -224,23 +222,18 @@ if ( !class_exists('WordPressHTTPS') ) {
224	*/
225	function check_https() {
226	global $post;
227	- if (is_front_page() && get_option('show_on_front') == 'posts') {
228	- if (get_option('wordpress-https_frontpage') == 1 && !$this->is_ssl() ) {
229	$this->redirect(true);
230	- } else if (get_option('wordpress-https_frontpage') != 1 && $this->is_ssl()) {
231	$this->redirect(false);
232	}
233	- } else if ( is_single() \|\| is_page() \|\| is_front_page() \|\| is_home() ) {
234	- if ( ~~!$this~~->~~is_ssl()~~ ) {
235	- ~~$forceSSL~~ = ~~get_post_meta~~($~~post->ID,~~ ~~'force_ssl'~~);
236	- if (~~$forceSSL~~) {
237	- ~~$this->redirect~~(~~true~~);
238	- }
239	- } else if ( get_option('wordpress-https_exclusive_https') == 1 ) {
240	- $forceSSL = get_post_meta($post->ID, 'force_ssl');
241	- if (!$forceSSL) {
242	- $this->redirect(false);
243	- }
244	}
245	}
246	}
	@@ -254,13 +247,16 @@ if ( !class_exists('WordPressHTTPS') ) {
254	function redirect($ssl = true) {
255	if ( !$this->is_ssl() && $ssl == true ) {
256	$url = parse_url($this->https_url);
257	- ~~} else if (~~$~~this->is_ssl()~~ && ~~$ssl == false) {~~

258	$url = parse_url($this->http_url);

259	} else {
260	$url = false;
261	}
262	if ($url) {
263	- ~~wp_redirect(~~$url['scheme'] . '://' . $url['host'] . (($this->shared_ssl) ? $url['path'] : '') . $_SERVER['REQUEST_URI']);

264	exit();
265	}
266	}
	@@ -274,7 +270,7 @@ if ( !class_exists('WordPressHTTPS') ) {
274	function post_checkbox() {
275	global $post;
276
277	- wp_nonce_field( plugin_basename(__FILE__), 'wordpress-https' );
278
279	$checked = false;
280	if ($post->ID) {
	@@ -290,8 +286,8 @@ if ( !class_exists('WordPressHTTPS') ) {
290	* @return int $post_id
291	*/
292	function post_save( $post_id ) {
293	- if (array_key_exists('wordpress-https',$_POST)) {
294	- if ( !wp_verify_nonce( $_POST['wordpress-https'], plugin_basename(__FILE__) )) {
295	return $post_id;
296	}
297
	@@ -299,7 +295,7 @@ if ( !class_exists('WordPressHTTPS') ) {
299	return $post_id;
300	}
301
302	- if ( ~~'page' ==~~ $_POST['post_type'] ) {
303	if ( !current_user_can( 'edit_page', $post_id ) ) {
304	return $post_id;
305	}
	@@ -345,6 +341,68 @@ if ( !class_exists('WordPressHTTPS') ) {
345	add_options_page('WordPress HTTPS Settings', 'WordPress HTTPS', 'manage_options', 'wordpress-https', array(&$this, 'settings'));
346	}
347






























































348	/**
349	* Settings page in admin panel
350	*
	@@ -416,14 +474,13 @@ if ( !class_exists('WordPressHTTPS') ) {
416	<p>If you found this plugin useful, or I've already helped you with your website, please considering buying me a <a href="http://en.wikipedia.org/wiki/Newcastle_Brown_Ale" target="_blank">beer</a> or two.</p>
417	<p>Donations help alleviate the time spent developing and supporting this plugin and are greatly appreciated.</p>
418
419	- <form ~~name="_xclick"~~ action="https://www.paypal.com/cgi-bin/webscr" method="post">
420	- <input type="hidden" name="cmd" value="~~_xclick~~">
421	- <input type="hidden" name="~~business~~" value="~~mike@mvied.com~~">
422	- <input type="~~hidden~~" name="~~item_name~~" ~~value~~="~~WordPress~~ ~~HTTPS~~ ~~Donation~~">
423	- <~~input~~ ~~type~~="~~hidden~~" ~~name~~="~~currency_code~~" ~~value~~="~~USD~~">
424	- <label for="amount">Amount: $ <input type="text" name="amount" value="0.00" /></label>
425	- <input type="submit" class="button-secondary" value="Donate" />
426	</form>

427	</div>
428	</div>
429
	@@ -434,13 +491,13 @@ if ( !class_exists('WordPressHTTPS') ) {
434
435	<fieldset>
436	<label for="wordpress-https_internalurls"><input name="wordpress-https_internalurls" type="checkbox" id="wordpress-https_internalurls" value="1"<?php echo ((get_option('wordpress-https_internalurls')) ? ' checked="checked"' : ''); ?> /> <strong>Internal HTTPS Elements</strong></label>
437	- <p>Force internal elements to HTTPS.</p>
438	- <p class="description">~~Disabling~~ ~~this~~ ~~will~~ ~~basically~~ ~~disable the plugin~~.</p>
439	</fieldset>
440
441	<fieldset>
442	<label for="wordpress-https_externalurls"><input name="wordpress-https_externalurls" type="checkbox" id="wordpress-https_externalurls" value="1"<?php echo ((get_option('wordpress-https_externalurls')) ? ' checked="checked"' : ''); ?> /> <strong>External HTTPS Elements</strong></label>
443	- <p>Attempt to automatically force external elements to HTTPS.</p>
444	<p class="description">Warning: This option checks that the external element can be loaded via HTTPS while the page is loading. Depending on the amount of external elements, this could affect the load times of your pages.</p>
445	</fieldset>
446
	@@ -453,21 +510,20 @@ if ( !class_exists('WordPressHTTPS') ) {
453	<?php if (version_compare(get_bloginfo('version'),'3.0','>=')) { ?>
454	<fieldset>
455	<label for="wordpress-https_disable_autohttps"><input name="wordpress-https_disable_autohttps" type="checkbox" id="wordpress-https_disable_autohttps" value="1"<?php echo ((get_option('wordpress-https_disable_autohttps')) ? ' checked="checked"' : ''); ?> /> <strong>Disable Automatic HTTPS</strong></label>
456	- <p>~~Disable~~ ~~the feature in~~ WordPress 3.0+ ~~that~~ ~~makes~~ all links HTTPS if ~~the~~ ~~page~~ is ~~being viewed via HTTPS~~.</p>
457	<p class="description">When a page is viewed via HTTPS in WordPress 3.0+, all internal page, category and post links are forced to HTTPS. This option will disable that.</p>
458	</fieldset>
459
460	<?php } ?>
461	-
462	<fieldset>
463	<label for="wordpress-https_exclusive_https"><input name="wordpress-https_exclusive_https" type="checkbox" id="wordpress-https_exclusive_https" value="1"<?php echo ((get_option('wordpress-https_exclusive_https')) ? ' checked="checked"' : ''); ?> /> <strong>Force SSL Exclusively</strong></label>
464	<p>Exclusively force SSL on posts and pages with the `Force SSL` option checked. All others are redirected to HTTP.</p>
465	- <p class="description">WordPress HTTPS adds a 'Force SSL' checkbox to each post and page right above the publish button (<a href="<?php echo $this->plugin_url; ?>screenshot-2.png" target="_blank">screenshot</a>). When selected, the post or page will be forced to HTTPS. With this option enabled, all posts and pages without 'Force SSL' checked will be redirected to HTTP.</p>
466	</fieldset>
467
468	<fieldset>
469	<label for="wordpress-https_sharedssl"><input name="wordpress-https_sharedssl" type="checkbox" id="wordpress-https_sharedssl" value="1"<?php echo ((get_option('wordpress-https_sharedssl')) ? ' checked="checked"' : ''); ?> /> <strong>Shared SSL</strong></label>
470	- <p>Enable this option if you are using a ~~shared~~ SSL certificate. Be ~~sure to type~~ your Shared SSL Host ~~below~~.</p>
471	<label><strong>Shared SSL Host</strong> <input name="wordpress-https_sharedssl_host" type="text" id="wordpress-https_sharedssl_host" value="<?php echo get_option('wordpress-https_sharedssl_host'); ?>" /></label>
472	</fieldset>
473
	@@ -478,7 +534,6 @@ if ( !class_exists('WordPressHTTPS') ) {
478	</fieldset>
479
480	<?php } ?>
481	-
482	<p class="button-controls">
483	<input type="submit" name="Submit" value="Save Changes" class="button-primary" />
484	<img alt="Waiting..." src="<?php echo $this->plugin_url; ?>/css/images/wpspin_light.gif" class="waiting" id="submit-waiting" />
	@@ -490,62 +545,6 @@ if ( !class_exists('WordPressHTTPS') ) {
490	</div>
491	<?php
492	}
493	-
494	- function plugin_links($links,$file) {
495	- if ( strpos($file,basename( __FILE__)) === false ) {
496	- return $links;
497	- }
498	-
499	- $links[] = '<a href="'.site_url().'/wp-admin/options-general.php?page=wordpress-https" title="WordPress HTTPS Settings">Settings</a>';
500	- $links[] = '<a href="http://wordpress.org/extend/plugins/wordpress-https/faq/" title="Frequently Asked Questions">FAQ</a>';
501	- $links[] = '<a href="http://wordpress.org/tags/wordpress-https#postform" title="Support">Support</a>';
502	- $links[] = '<a href="https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=6ZL95VTJ388HG" title="Support WordPress HTTPS development with a donation!">Donate</a>';
503	- return $links;
504	- }
505	-
506	- /**
507	- * Start output buffering
508	- *
509	- * @param none
510	- * @return void
511	- */
512	- function buffer_start() {
513	- if ( get_option('wordpress-https_externalurls') == 1 && get_option('wordpress-https_bypass') != 1 ) {
514	- @ini_set('allow_url_fopen', 1);
515	- }
516	- ob_start(array(&$this, 'process'));
517	- }
518	-
519	- /**
520	- * End output buffering
521	- *
522	- * @param none
523	- * @return void
524	- */
525	- function buffer_end() {
526	- ob_end_flush();
527	- }
528	-
529	- /**
530	- * Replace HTTPS with HTTP
531	- *
532	- * @param string
533	- * @return string
534	- */
535	- function replace_https($string) {
536	- return str_replace('https://', 'http://', $string);
537	- }
538	-
539	- /**
540	- * Replace HTTP with HTTPS
541	- *
542	- * @param string
543	- * @return string
544	- */
545	- function replace_http($string) {
546	- return str_replace('http://', 'https://', $string);
547	- }
548	-
549	} // End WordPressHTTPS Class
550	}
551


4	Plugin URI: http://mvied.com/projects/wordpress-https/
5	Description: WordPress HTTPS is intended to be an all-in-one solution to using SSL on WordPress sites. Free support provided!
6	Author: Mike Ems
7	+ Version: 1.7.5
8	Author URI: http://mvied.com/
9	*/
10

24	*
25	* @var int
26	*/
27	+ var $plugin_version = '1.7.5';
28
29	/**
30	* Plugin URL

57	/**
58	* Default options
59	*
60	+ * @var array
61	*/
62	+ var $options_default;
63
64	/**
65	* Initialize plugin

76	}
77
78	// Assign HTTP URL
79	+ $this->http_url = 'http://' . parse_url(get_option('home'), PHP_URL_HOST);
80	// Assign HTTPS URL
81	$this->https_url = $this->replace_http($this->http_url);
82

86	$this->shared_ssl = 1;
87	// Assign HTTPS URL to Shared SSL Host
88	$this->https_url = get_option('wordpress-https_sharedssl_host');


89	}
90
91	// Define default options

93	'wordpress-https_internalurls' => 1, // Force internal URL's to HTTPS
94	'wordpress-https_externalurls' => 0, // Force external URL's to HTTPS
95	'wordpress-https_bypass' => 0, // Bypass option to check if external elements can be loaded via HTTPS
96	+ 'wordpress-https_disable_autohttps' => 0, // Prevents WordPress 3.0+ from making all links HTTPS when viewing a secure page.
97	'wordpress-https_exclusive_https' => 0, // Exclusively force SSL on posts and pages with the `Force SSL` option checked.
98	'wordpress-https_frontpage' => 0, // Force SSL on front page
99	'wordpress-https_sharedssl' => 0, // Enable Shared SSL
100	'wordpress-https_sharedssl_host' => '' // Hostname for Shared SSL
101	);
102
103	+ // Prevent WordPress from causing a redirect loop
104	+ remove_filter('template_redirect', 'redirect_canonical');
105	+
106	if ( is_admin() ) {
107	// Add admin menus
108	add_action('admin_menu', array(&$this, 'menu'));
109
110	// Load on plugins page
111	+ if ( $GLOBALS['pagenow'] == 'plugins.php' ) {
112	add_filter( 'plugin_row_meta', array( &$this, 'plugin_links' ), 10, 2);
113	}
114
115	// Load on Settings page
116	+ if ( @$_GET['page'] == 'wordpress-https' ) {
117	wp_enqueue_script('jquery-form', $this->plugin_url . '/js/jquery.form.js', array('jquery'), '2.47', true);
118	wp_enqueue_script('wordpress-https', $this->plugin_url . '/js/admin.js', array('jquery'), $this->plugin_version, true);
119	wp_enqueue_style('wordpress-https', $this->plugin_url . '/css/admin.css', $this->plugin_version, true);

129	// Add 'Force SSL' checkbox to add/edit post pages
130	add_action('post_submitbox_misc_actions', array(&$this, 'post_checkbox'));
131	add_action('save_post', array(&$this, 'post_save'));
132	+
133	+ // If not admin panel
134	} else {
135	+ // Check if the page needs to be redirected
136	add_action('template_redirect', array(&$this, 'check_https'));

137
138	+ // Filter HTTPS from links in WP 3.0+
139	+ if ( get_option('wordpress-https_disable_autohttps') == 1 ) {
140	+ add_filter('page_link', array(&$this, 'replace_https'));
141	+ add_filter('post_link', array(&$this, 'replace_https'));
142	+ add_filter('category_link', array(&$this, 'replace_https'));
143	+ add_filter('get_archives_link', array(&$this, 'replace_https'));
144	+ add_filter('tag_link', array(&$this, 'replace_https'));
145	+ add_filter('search_link', array(&$this, 'replace_https'));
146	+ add_filter('home_url', array(&$this, 'replace_https'));
147	+ add_filter('bloginfo', array(&$this, 'bloginfo'), 10, 2);
148	+ add_filter('bloginfo_url', array(&$this, 'bloginfo'), 10, 2);
149	+ }
150	}
151
152	// Start output buffering

172	$url = $matches[2][$i];
173	$scheme = $matches[3][$i];
174
175	+ if ( ( $type == 'link' && ( strpos($html, 'stylesheet') !== false \|\| strpos($html, 'pingback') !== false ) ) \|\| ( $type == 'input' && strpos($html, 'image') !== false ) \|\| $type == 'img' \|\| $type == 'script' ) {
176	if ( strpos($html,$this->http_url) !== false && get_option('wordpress-https_internalurls') == 1 ) {
177	$buffer = str_replace($html, str_replace($this->http_url, $this->https_url, $html), $buffer);
178	} else if ( get_option('wordpress-https_externalurls') == 1 ) {

208	* @return void
209	*/
210	function is_ssl() {
211	+ if ( $this->shared_ssl == 1 && strpos($this->https_url, $_SERVER['HTTP_X_FORWARDED_SERVER']) !== false ) {
212	+ return true;






213	}
214	+ return is_ssl();
215	}
216
217	/**

222	*/
223	function check_https() {
224	global $post;
225	+ if ( is_front_page() && get_option('show_on_front') == 'posts' ) {
226	+ if ( get_option('wordpress-https_frontpage') == 1 && !$this->is_ssl() ) {
227	$this->redirect(true);
228	+ } else if ( get_option('wordpress-https_frontpage') != 1 && get_option('wordpress-https_exclusive_https') == 1 && $this->is_ssl() ) {
229	$this->redirect(false);
230	}
231	+ } else if ( ( is_single() \|\| is_page() \|\| is_front_page() \|\| is_home() ) && $post->ID > 0 ) {
232	+ $forceSSL = get_post_meta($post->ID, 'force_ssl');
233	+ if ( !$this->is_ssl() && $forceSSL ) {
234	+ $this->redirect(true);
235	+ } else if ( get_option('wordpress-https_exclusive_https') == 1 && !$forceSSL ) {
236	+ $this->redirect(false);





237	}
238	}
239	}

247	function redirect($ssl = true) {
248	if ( !$this->is_ssl() && $ssl == true ) {
249	$url = parse_url($this->https_url);
250	+ $url['scheme'] = 'https';
251	+ } else if ( $this->is_ssl() && $ssl == false ) {
252	$url = parse_url($this->http_url);
253	+ $url['scheme'] = 'http';
254	} else {
255	$url = false;
256	}
257	if ($url) {
258	+ $destination = $url['scheme'] . '://' . $url['host'] . (($this->shared_ssl) ? $url['path'] : '') . $_SERVER['REQUEST_URI'];
259	+ wp_redirect($destination, 301);
260	exit();
261	}
262	}

270	function post_checkbox() {
271	global $post;
272
273	+ wp_nonce_field(plugin_basename(__FILE__), 'wordpress-https');
274
275	$checked = false;
276	if ($post->ID) {

286	* @return int $post_id
287	*/
288	function post_save( $post_id ) {
289	+ if ( array_key_exists('wordpress-https', $_POST) ) {
290	+ if ( !wp_verify_nonce($_POST['wordpress-https'], plugin_basename(__FILE__))) {
291	return $post_id;
292	}
293

295	return $post_id;
296	}
297
298	+ if ( $_POST['post_type'] == 'page' ) {
299	if ( !current_user_can( 'edit_page', $post_id ) ) {
300	return $post_id;
301	}

341	add_options_page('WordPress HTTPS Settings', 'WordPress HTTPS', 'manage_options', 'wordpress-https', array(&$this, 'settings'));
342	}
343
344	+ /**
345	+ * Add plugin links to Manage Plugins page in admin panel
346	+ *
347	+ * @param array $links
348	+ * @param string $file
349	+ * @return array
350	+ */
351	+ function plugin_links($links, $file) {
352	+ if ( strpos($file, basename( __FILE__)) === false ) {
353	+ return $links;
354	+ }
355	+
356	+ $links[] = '<a href="'.site_url().'/wp-admin/options-general.php?page=wordpress-https" title="WordPress HTTPS Settings">Settings</a>';
357	+ $links[] = '<a href="http://wordpress.org/extend/plugins/wordpress-https/faq/" title="Frequently Asked Questions">FAQ</a>';
358	+ $links[] = '<a href="http://wordpress.org/tags/wordpress-https#postform" title="Support">Support</a>';
359	+ $links[] = '<a href="https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=6ZL95VTJ388HG" title="Support WordPress HTTPS development with a donation!">Donate</a>';
360	+ return $links;
361	+ }
362	+
363	+ /**
364	+ * Start output buffering
365	+ *
366	+ * @param none
367	+ * @return void
368	+ */
369	+ function buffer_start() {
370	+ if ( get_option('wordpress-https_externalurls') == 1 && get_option('wordpress-https_bypass') != 1 ) {
371	+ @ini_set('allow_url_fopen', 1);
372	+ }
373	+ ob_start(array(&$this, 'process'));
374	+ }
375	+
376	+ /**
377	+ * End output buffering
378	+ *
379	+ * @param none
380	+ * @return void
381	+ */
382	+ function buffer_end() {
383	+ ob_end_flush();
384	+ }
385	+
386	+ /**
387	+ * Replace HTTPS with HTTP
388	+ *
389	+ * @param string
390	+ * @return string
391	+ */
392	+ function replace_https($string) {
393	+ return str_replace('https://', 'http://', $string);
394	+ }
395	+
396	+ /**
397	+ * Replace HTTP with HTTPS
398	+ *
399	+ * @param string
400	+ * @return string
401	+ */
402	+ function replace_http($string) {
403	+ return str_replace('http://', 'https://', $string);
404	+ }
405	+
406	/**
407	* Settings page in admin panel
408	*

474	<p>If you found this plugin useful, or I've already helped you with your website, please considering buying me a <a href="http://en.wikipedia.org/wiki/Newcastle_Brown_Ale" target="_blank">beer</a> or two.</p>
475	<p>Donations help alleviate the time spent developing and supporting this plugin and are greatly appreciated.</p>
476
477	+ <form action="https://www.paypal.com/cgi-bin/webscr" method="post">
478	+ <input type="hidden" name="cmd" value="_s-xclick">
479	+ <input type="hidden" name="hosted_button_id" value="N9NFVADLVUR7A">
480	+ <input type="image" src="https://www.paypal.com/en_US/i/btn/btn_donate_SM.gif" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!">
481	+ <img alt="" border="0" src="https://www.paypal.com/en_US/i/scr/pixel.gif" width="1" height="1">


482	</form>
483	+
484	</div>
485	</div>
486

491
492	<fieldset>
493	<label for="wordpress-https_internalurls"><input name="wordpress-https_internalurls" type="checkbox" id="wordpress-https_internalurls" value="1"<?php echo ((get_option('wordpress-https_internalurls')) ? ' checked="checked"' : ''); ?> /> <strong>Internal HTTPS Elements</strong></label>
494	+ <p>Force internal elements to HTTPS when viewing a secure page.</p>
495	+ <p class="description">Fixes most partially encrypted errors.</p>
496	</fieldset>
497
498	<fieldset>
499	<label for="wordpress-https_externalurls"><input name="wordpress-https_externalurls" type="checkbox" id="wordpress-https_externalurls" value="1"<?php echo ((get_option('wordpress-https_externalurls')) ? ' checked="checked"' : ''); ?> /> <strong>External HTTPS Elements</strong></label>
500	+ <p>Attempt to automatically force external elements to HTTPS when viewing a secure page. External elements are any element not hosted on your domain.</p>
501	<p class="description">Warning: This option checks that the external element can be loaded via HTTPS while the page is loading. Depending on the amount of external elements, this could affect the load times of your pages.</p>
502	</fieldset>
503

510	<?php if (version_compare(get_bloginfo('version'),'3.0','>=')) { ?>
511	<fieldset>
512	<label for="wordpress-https_disable_autohttps"><input name="wordpress-https_disable_autohttps" type="checkbox" id="wordpress-https_disable_autohttps" value="1"<?php echo ((get_option('wordpress-https_disable_autohttps')) ? ' checked="checked"' : ''); ?> /> <strong>Disable Automatic HTTPS</strong></label>
513	+ <p>Prevents WordPress 3.0+ from making all links HTTPS when viewing a secure page.</p>
514	<p class="description">When a page is viewed via HTTPS in WordPress 3.0+, all internal page, category and post links are forced to HTTPS. This option will disable that.</p>
515	</fieldset>
516
517	<?php } ?>

518	<fieldset>
519	<label for="wordpress-https_exclusive_https"><input name="wordpress-https_exclusive_https" type="checkbox" id="wordpress-https_exclusive_https" value="1"<?php echo ((get_option('wordpress-https_exclusive_https')) ? ' checked="checked"' : ''); ?> /> <strong>Force SSL Exclusively</strong></label>
520	<p>Exclusively force SSL on posts and pages with the `Force SSL` option checked. All others are redirected to HTTP.</p>
521	+ <p class="description">WordPress HTTPS adds a 'Force SSL' checkbox to each post and page right above the publish button (<a href="<?php echo $this->plugin_url; ?>/screenshot-2.png" target="_blank">screenshot</a>). When selected, the post or page will be forced to HTTPS. With this option enabled, all posts and pages without 'Force SSL' checked will be redirected to HTTP.</p>
522	</fieldset>
523
524	<fieldset>
525	<label for="wordpress-https_sharedssl"><input name="wordpress-https_sharedssl" type="checkbox" id="wordpress-https_sharedssl" value="1"<?php echo ((get_option('wordpress-https_sharedssl')) ? ' checked="checked"' : ''); ?> /> <strong>Shared SSL</strong></label>
526	+ <p>Enable this option if you are using a Shared SSL certificate and your Shared SSL Host is something other than '<?php echo $this->replace_http($this->http_url); ?>/'.</p>
527	<label><strong>Shared SSL Host</strong> <input name="wordpress-https_sharedssl_host" type="text" id="wordpress-https_sharedssl_host" value="<?php echo get_option('wordpress-https_sharedssl_host'); ?>" /></label>
528	</fieldset>
529

534	</fieldset>
535
536	<?php } ?>

537	<p class="button-controls">
538	<input type="submit" name="Submit" value="Save Changes" class="button-primary" />
539	<img alt="Waiting..." src="<?php echo $this->plugin_url; ?>/css/images/wpspin_light.gif" class="waiting" id="submit-waiting" />

545	</div>
546	<?php
547	}
























































548	} // End WordPressHTTPS Class
549	}
550