WordPress HTTPS (SSL) - Version 1.8

Version Description

  • Fixed cross-browser CSS issue on plugin settings page.
  • Corrected and updated plugin settings validation.
  • Lengthened the fade out timer on messages from the plugin settings page from 2 to 5 seconds so that the more lengthy error messages could be read before the message faded.
  • If viewing an admin page via SSL, and your Home URL is not set to HTTPS, links to the front-end of the website will be forced to HTTP. By default, WordPress changes these links to HTTPS.
  • When using Shared SSL, any anchor that links to the regular HTTPS version of the domain will be changed to use the Shared SSL Host.
  • Added embed and param tags to the list of tags that are fixed by WordPress HTTPS. This is to fix flash movies.
Download this release

Release Info

Developer Mvied
Plugin Icon wp plugin WordPress HTTPS (SSL)
Version 1.8
Comparing to
See all releases

Code changes from version 1.7.5 to 1.8

Files changed (6) hide show
  1. css/admin.css +6 -2
  2. js/admin.js +4 -4
  3. readme.txt +8 -10
  4. screenshot-1.png +0 -0
  5. screenshot-2.png +0 -0
  6. wordpress-https.php +72 -25
css/admin.css CHANGED
@@ -31,8 +31,10 @@ div#wphttps-sidebar div.wphttps-widget {
31
  div.wphttps-widget-content {
32
  background: #F1F1F1;
33
  padding: 5px 20px;
34
- -moz-border-radius-bottomleft:8px;
35
- -moz-border-radius-bottomright:8px;
 
 
36
  border: 1px solid #DDD;
37
  border-top: 0;
38
  }
@@ -46,6 +48,8 @@ div.wphttps-widget h3 {
46
  background: url(images/widget-title.png) repeat-x;
47
  border: 1px solid #636363;
48
  border-bottom: 0;
 
 
49
  -moz-border-radius-topleft:8px;
50
  -moz-border-radius-topright:8px;
51
  color: #FFF;
31
  div.wphttps-widget-content {
32
  background: #F1F1F1;
33
  padding: 5px 20px;
34
+ border-bottom-left-radius: 8px;
35
+ border-bottom-right-radius: 8px;
36
+ -moz-border-radius-bottomleft: 8px;
37
+ -moz-border-radius-bottomright: 8px;
38
  border: 1px solid #DDD;
39
  border-top: 0;
40
  }
48
  background: url(images/widget-title.png) repeat-x;
49
  border: 1px solid #636363;
50
  border-bottom: 0;
51
+ border-top-left-radius: 8px;
52
+ border-top-right-radius: 8px;
53
  -moz-border-radius-topleft:8px;
54
  -moz-border-radius-topright:8px;
55
  color: #FFF;
js/admin.js CHANGED
@@ -7,10 +7,10 @@ jQuery(document).ready(function() {
7
  //
8
  var options = {
9
  data: { ajax: '1'},
10
- success: function() {
11
- jQuery('#message-body').html('<div class=\"updated below-h2 fade\" id=\"message\"><p>Settings saved.</p></div>');
12
- // .animate is used to delay the fadeOut by 2 seconds
13
- jQuery('#message-body').fadeIn().animate({opacity: 1.0}, 2000).fadeOut();
14
  jQuery('#submit-waiting').hide();
15
  }
16
  };
7
  //
8
  var options = {
9
  data: { ajax: '1'},
10
+ success: function(responseText, textStatus, XMLHttpRequest) {
11
+ jQuery('#message-body').html(responseText);
12
+ // .animate is used to delay the fadeOut by 5 seconds
13
+ jQuery('#message-body').fadeIn().animate({opacity: 1.0}, 5000).fadeOut();
14
  jQuery('#submit-waiting').hide();
15
  }
16
  };
readme.txt CHANGED
@@ -4,7 +4,7 @@ Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_i
4
  Tags: encrypted, ssl, http, https
5
  Requires at least: 2.7.0
6
  Tested up to: 3.0.1
7
- Stable tag: 1.7.5
8
 
9
  WordPress HTTPS is intended to be an all-in-one solution to using SSL on WordPress sites. Free support provided!
10
 
@@ -59,24 +59,22 @@ In most cases, yes. There are limitations to what this plugin can fix. Here are
59
  <li>External elements that can not be delivered over HTTPS - I would suggest removing these or hosting them on your own server.</li>
60
  </ul>
61
 
62
- = What is an element? =
63
-
64
- Elements are any files (JavaScript, stylesheet, images, etc.) that are loaded on your WordPress pages.
65
-
66
- = What is the difference between 'internal' and 'external' elements? =
67
-
68
- Internal elements are files hosted on your domain. External elements are files that are <em>not</em> hosted on your domain.
69
-
70
  == Screenshots ==
71
  1. WordPress HTTPS Settings screen
72
  2. Force SSL checkbox added to add/edit posts screen
73
 
74
  == Changelog ==
75
 
 
 
 
 
 
 
 
76
  = 1.7.5 =
77
  * Bug fix - When using 'Latest Posts' as the front page, the front page would redirect to HTTP when viewed over HTTPS even if the 'Force SSL Exclusively' option was disabled.
78
  * Prevented the 'Disable Automatic HTTPS' option from parsing URL's in the admin panel.
79
- * Changed redirects to send a '301 Permanently Moved' header rather than a '302 Temporarily Moved' header.
80
  * General code cleanup and such.
81
  = 1.7 =
82
  * Bug fix - External URL's were not being forced to HTTPS after the last update.
4
  Tags: encrypted, ssl, http, https
5
  Requires at least: 2.7.0
6
  Tested up to: 3.0.1
7
+ Stable tag: 1.8
8
 
9
  WordPress HTTPS is intended to be an all-in-one solution to using SSL on WordPress sites. Free support provided!
10
 
59
  <li>External elements that can not be delivered over HTTPS - I would suggest removing these or hosting them on your own server.</li>
60
  </ul>
61
 
 
 
 
 
 
 
 
 
62
  == Screenshots ==
63
  1. WordPress HTTPS Settings screen
64
  2. Force SSL checkbox added to add/edit posts screen
65
 
66
  == Changelog ==
67
 
68
+ = 1.8 =
69
+ * Fixed cross-browser CSS issue on plugin settings page.
70
+ * Corrected and updated plugin settings validation.
71
+ * Lengthened the fade out timer on messages from the plugin settings page from 2 to 5 seconds so that the more lengthy error messages could be read before the message faded.
72
+ * If viewing an admin page via SSL, and your Home URL is not set to HTTPS, links to the front-end of the website will be forced to HTTP. By default, WordPress changes these links to HTTPS.
73
+ * When using Shared SSL, any anchor that links to the regular HTTPS version of the domain will be changed to use the Shared SSL Host.
74
+ * Added embed and param tags to the list of tags that are fixed by WordPress HTTPS. This is to fix flash movies.
75
  = 1.7.5 =
76
  * Bug fix - When using 'Latest Posts' as the front page, the front page would redirect to HTTP when viewed over HTTPS even if the 'Force SSL Exclusively' option was disabled.
77
  * Prevented the 'Disable Automatic HTTPS' option from parsing URL's in the admin panel.
 
78
  * General code cleanup and such.
79
  = 1.7 =
80
  * Bug fix - External URL's were not being forced to HTTPS after the last update.
screenshot-1.png CHANGED
Binary file
screenshot-2.png CHANGED
Binary file
wordpress-https.php CHANGED
@@ -4,7 +4,7 @@ Plugin Name: WordPress HTTPS
4
  Plugin URI: http://mvied.com/projects/wordpress-https/
5
  Description: WordPress HTTPS is intended to be an all-in-one solution to using SSL on WordPress sites. Free support provided!
6
  Author: Mike Ems
7
- Version: 1.7.5
8
  Author URI: http://mvied.com/
9
  */
10
 
@@ -14,6 +14,7 @@ Author URI: http://mvied.com/
14
  * @author Mike Ems
15
  * @package WordPressHTTPS
16
  * @copyright Copyright 2010
 
17
  */
18
 
19
  if ( !class_exists('WordPressHTTPS') ) {
@@ -24,7 +25,7 @@ if ( !class_exists('WordPressHTTPS') ) {
24
  *
25
  * @var int
26
  */
27
- var $plugin_version = '1.7.5';
28
 
29
  /**
30
  * Plugin URL
@@ -134,19 +135,19 @@ if ( !class_exists('WordPressHTTPS') ) {
134
  } else {
135
  // Check if the page needs to be redirected
136
  add_action('template_redirect', array(&$this, 'check_https'));
 
137
 
138
- // Filter HTTPS from links in WP 3.0+
139
- if ( get_option('wordpress-https_disable_autohttps') == 1 ) {
140
- add_filter('page_link', array(&$this, 'replace_https'));
141
- add_filter('post_link', array(&$this, 'replace_https'));
142
- add_filter('category_link', array(&$this, 'replace_https'));
143
- add_filter('get_archives_link', array(&$this, 'replace_https'));
144
- add_filter('tag_link', array(&$this, 'replace_https'));
145
- add_filter('search_link', array(&$this, 'replace_https'));
146
- add_filter('home_url', array(&$this, 'replace_https'));
147
- add_filter('bloginfo', array(&$this, 'bloginfo'), 10, 2);
148
- add_filter('bloginfo_url', array(&$this, 'bloginfo'), 10, 2);
149
- }
150
  }
151
 
152
  // Start output buffering
@@ -164,7 +165,7 @@ if ( !class_exists('WordPressHTTPS') ) {
164
  */
165
  function process($buffer) {
166
  if ( $this->is_ssl() ) {
167
- preg_match_all('/\<(script|link|img|input|form)[^>]+((http|https):\/\/[\/-\w\.#]+)[^>]+>/im',$buffer,$matches);
168
 
169
  for ($i = 0; $i<=sizeof($matches[0]); $i++) {
170
  $html = $matches[0][$i];
@@ -172,9 +173,11 @@ if ( !class_exists('WordPressHTTPS') ) {
172
  $url = $matches[2][$i];
173
  $scheme = $matches[3][$i];
174
 
175
- if ( ( $type == 'link' && ( strpos($html, 'stylesheet') !== false || strpos($html, 'pingback') !== false ) ) || ( $type == 'input' && strpos($html, 'image') !== false ) || $type == 'img' || $type == 'script' ) {
176
- if ( strpos($html,$this->http_url) !== false && get_option('wordpress-https_internalurls') == 1 ) {
177
  $buffer = str_replace($html, str_replace($this->http_url, $this->https_url, $html), $buffer);
 
 
178
  } else if ( get_option('wordpress-https_externalurls') == 1 ) {
179
  if ( get_option('wordpress-https_bypass') == 1 ) {
180
  $buffer = str_replace($html, $this->replace_http($html), $buffer);
@@ -187,7 +190,7 @@ if ( !class_exists('WordPressHTTPS') ) {
187
 
188
  // Look for any relative paths that should be udpated to the Shared SSL path
189
  if ( $this->shared_ssl == 1 ) {
190
- preg_match_all('/\<(script|link|img|input|form|a)[^>]+[\'"](\/[\/-\w\.#]*)[^>]+>/im',$buffer,$matches);
191
 
192
  for ($i = 0; $i<=sizeof($matches[0]); $i++) {
193
  $html = $matches[0][$i];
@@ -198,6 +201,21 @@ if ( !class_exists('WordPressHTTPS') ) {
198
  }
199
  }
200
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
201
  return $buffer;
202
  }
203
 
@@ -296,11 +314,11 @@ if ( !class_exists('WordPressHTTPS') ) {
296
  }
297
 
298
  if ( $_POST['post_type'] == 'page' ) {
299
- if ( !current_user_can( 'edit_page', $post_id ) ) {
300
  return $post_id;
301
  }
302
  } else {
303
- if ( !current_user_can( 'edit_post', $post_id ) ) {
304
  return $post_id;
305
  }
306
  }
@@ -353,7 +371,7 @@ if ( !class_exists('WordPressHTTPS') ) {
353
  return $links;
354
  }
355
 
356
- $links[] = '<a href="'.site_url().'/wp-admin/options-general.php?page=wordpress-https" title="WordPress HTTPS Settings">Settings</a>';
357
  $links[] = '<a href="http://wordpress.org/extend/plugins/wordpress-https/faq/" title="Frequently Asked Questions">FAQ</a>';
358
  $links[] = '<a href="http://wordpress.org/tags/wordpress-https#postform" title="Support">Support</a>';
359
  $links[] = '<a href="https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=6ZL95VTJ388HG" title="Support WordPress HTTPS development with a donation!">Donate</a>';
@@ -420,19 +438,48 @@ if ( !class_exists('WordPressHTTPS') ) {
420
  foreach ($this->options_default as $key => $default) {
421
  if (!array_key_exists($key, $_POST) && $default == 0) {
422
  $_POST[$key] = 0;
 
423
  } else {
424
- if ( $key == 'wordpress-https_bypass' && @ini_get('allow_url_fopen') != 1 ) {
425
- $errors[] = 'PHP configuration error: allow_url_fopen must be enabled to allow the conversion of external elements to HTTPS.';
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
426
  $_POST[$key] = 0;
 
427
  } else if ($key == 'wordpress-https_disable_autohttps' && version_compare(get_bloginfo('version'),'3.0','<')) {
428
  $_POST[$key] = 0;
 
 
 
429
  }
430
  }
431
- update_option($key, $_POST[$key]);
432
  }
 
433
  if ( @$_POST['ajax'] == 1 ) {
434
  ob_clean();
435
- echo "1";
 
 
 
 
 
 
 
 
436
  exit();
437
  }
438
  }
4
  Plugin URI: http://mvied.com/projects/wordpress-https/
5
  Description: WordPress HTTPS is intended to be an all-in-one solution to using SSL on WordPress sites. Free support provided!
6
  Author: Mike Ems
7
+ Version: 1.8
8
  Author URI: http://mvied.com/
9
  */
10
 
14
  * @author Mike Ems
15
  * @package WordPressHTTPS
16
  * @copyright Copyright 2010
17
+ *
18
  */
19
 
20
  if ( !class_exists('WordPressHTTPS') ) {
25
  *
26
  * @var int
27
  */
28
+ var $plugin_version = '1.8';
29
 
30
  /**
31
  * Plugin URL
135
  } else {
136
  // Check if the page needs to be redirected
137
  add_action('template_redirect', array(&$this, 'check_https'));
138
+ }
139
 
140
+ // Filter HTTPS from links in WP 3.0+
141
+ if ( ( get_option('wordpress-https_disable_autohttps') == 1 && !is_admin() && strpos('https://', get_option('home')) !== true ) || ( is_admin() && $this->is_ssl() && strpos('https://', get_option('home')) !== true ) ) {
142
+ add_filter('page_link', array(&$this, 'replace_https'));
143
+ add_filter('post_link', array(&$this, 'replace_https'));
144
+ add_filter('category_link', array(&$this, 'replace_https'));
145
+ add_filter('get_archives_link', array(&$this, 'replace_https'));
146
+ add_filter('tag_link', array(&$this, 'replace_https'));
147
+ add_filter('search_link', array(&$this, 'replace_https'));
148
+ add_filter('home_url', array(&$this, 'replace_https'));
149
+ add_filter('bloginfo', array(&$this, 'bloginfo'), 10, 2);
150
+ add_filter('bloginfo_url', array(&$this, 'bloginfo'), 10, 2);
 
151
  }
152
 
153
  // Start output buffering
165
  */
166
  function process($buffer) {
167
  if ( $this->is_ssl() ) {
168
+ preg_match_all('/\<(script|link|img|input|form|embed|param)[^>]+((http|https):\/\/[\/-\w\.#]+)[^>]+>/im',$buffer,$matches);
169
 
170
  for ($i = 0; $i<=sizeof($matches[0]); $i++) {
171
  $html = $matches[0][$i];
173
  $url = $matches[2][$i];
174
  $scheme = $matches[3][$i];
175
 
176
+ if ( ( $type == 'link' && ( strpos($html, 'stylesheet') !== false || strpos($html, 'pingback') !== false ) ) || ( $type == 'input' && strpos($html, 'image') !== false ) || ( $type == 'param' && strpos($html, 'movie') !== false ) || $type == 'img' || $type == 'script' || $type == 'embed' ) {
177
+ if ( strpos($url,$this->http_url) !== false && get_option('wordpress-https_internalurls') == 1 ) {
178
  $buffer = str_replace($html, str_replace($this->http_url, $this->https_url, $html), $buffer);
179
+ } else if ( $this->shared_ssl && get_option('wordpress-https_internalurls') == 1 && strpos($html,$this->replace_http($this->http_url)) !== false ) {
180
+ $buffer = str_replace($html, str_replace($this->replace_http($this->http_url), $this->https_url, $html), $buffer);
181
  } else if ( get_option('wordpress-https_externalurls') == 1 ) {
182
  if ( get_option('wordpress-https_bypass') == 1 ) {
183
  $buffer = str_replace($html, $this->replace_http($html), $buffer);
190
 
191
  // Look for any relative paths that should be udpated to the Shared SSL path
192
  if ( $this->shared_ssl == 1 ) {
193
+ preg_match_all('/\<(script|link|img|input|form|embed|param|a)[^>]+[\'"](\/[\/-\w\.#]*)[^>]+>/im',$buffer,$matches);
194
 
195
  for ($i = 0; $i<=sizeof($matches[0]); $i++) {
196
  $html = $matches[0][$i];
201
  }
202
  }
203
  }
204
+
205
+ // Fix any links that contain the HTTPS version of the regular domain when using Shared SSL
206
+ if ( $this->shared_ssl && get_option('wordpress-https_internalurls') == 1 ) {
207
+ $regex_url = str_replace('/', '\/', $this->http_url);
208
+ $regex_url = preg_quote($regex_url);
209
+ preg_match_all('/\<a[^>]+(' . $regex_url . ')[^>]+>/im',$buffer,$matches);
210
+
211
+ for ($i = 0; $i<=sizeof($matches[0]); $i++) {
212
+ $html = $matches[0][$i];
213
+ $url = $matches[1][$i];
214
+
215
+ $buffer = str_replace($html, str_replace($url, $this->https_url, $html), $buffer);
216
+ }
217
+ }
218
+
219
  return $buffer;
220
  }
221
 
314
  }
315
 
316
  if ( $_POST['post_type'] == 'page' ) {
317
+ if ( !current_user_can('edit_page', $post_id) ) {
318
  return $post_id;
319
  }
320
  } else {
321
+ if ( !current_user_can('edit_post', $post_id) ) {
322
  return $post_id;
323
  }
324
  }
371
  return $links;
372
  }
373
 
374
+ $links[] = '<a href="' . site_url() . '/wp-admin/options-general.php?page=wordpress-https" title="WordPress HTTPS Settings">Settings</a>';
375
  $links[] = '<a href="http://wordpress.org/extend/plugins/wordpress-https/faq/" title="Frequently Asked Questions">FAQ</a>';
376
  $links[] = '<a href="http://wordpress.org/tags/wordpress-https#postform" title="Support">Support</a>';
377
  $links[] = '<a href="https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=6ZL95VTJ388HG" title="Support WordPress HTTPS development with a donation!">Donate</a>';
438
  foreach ($this->options_default as $key => $default) {
439
  if (!array_key_exists($key, $_POST) && $default == 0) {
440
  $_POST[$key] = 0;
441
+ update_option($key, $_POST[$key]);
442
  } else {
443
+ if ( $key == 'wordpress-https_sharedssl' && $_POST['wordpress-https_sharedssl_host'] == '' ) {
444
+ $errors[] = '<strong>Shared SSL Host</strong> - Invalid host.';
445
+ $_POST[$key] = 0;
446
+ update_option($key, $_POST[$key]);
447
+ } else if ( $key == 'wordpress-https_sharedssl_host' && $_POST[$key] != '' ) {
448
+ $url = parse_url($_POST[$key]);
449
+ if ( sizeof($url) > 0 ) {
450
+ $_POST[$key] = 'https://' . $url['host'] . $url['path'];
451
+ if ( substr($_POST[$key], -1, 1) == '/' ) {
452
+ $_POST[$key] = substr($_POST[$key], 0, strlen($_POST[$key])-1);
453
+ }
454
+ update_option($key, $_POST[$key]);
455
+ } else {
456
+ $errors[] = '<strong>Shared SSL Host</strong> - Invalid host.';
457
+ update_option($key, '');
458
+ }
459
+ } else if ( $key == 'wordpress-https_externalurls' && @ini_get('allow_url_fopen') != 1 ) {
460
+ $errors[] = '<strong>External HTTPS Elements</strong> - PHP configuration error: allow_url_fopen must be enabled.';
461
  $_POST[$key] = 0;
462
+ update_option($key, $_POST[$key]);
463
  } else if ($key == 'wordpress-https_disable_autohttps' && version_compare(get_bloginfo('version'),'3.0','<')) {
464
  $_POST[$key] = 0;
465
+ update_option($key, $_POST[$key]);
466
+ } else {
467
+ update_option($key, $_POST[$key]);
468
  }
469
  }
 
470
  }
471
+
472
  if ( @$_POST['ajax'] == 1 ) {
473
  ob_clean();
474
+ if ( sizeof( $errors ) > 0 ) {
475
+ echo " <ul id=\"message\">\n";
476
+ foreach ( $errors as $error ) {
477
+ echo " <li class=\"error\"><p>".$error."</p></li>\n";
478
+ }
479
+ echo " </ul>\n";
480
+ } else {
481
+ echo " <div class=\"updated below-h2 fade\" id=\"message\"><p>Settings saved.</p></div>\n";
482
+ }
483
  exit();
484
  }
485
  }