WordPress HTTPS (SSL) - Version 1.8.5

Version Description

In version 1.8.5, when a page is forced to HTTPS, any links to that page will always be HTTPS, even when using the 'Disable Automatic HTTPS' option. Likewise, when the 'Force SSL Exclusively' option is enabled, all links to pages not forced to HTTPS will be changed to HTTP on HTTPS pages.
Updated RegEx's for more complicated URL's.
Bug fix - When in the admin panel, only link URL's are changed back to HTTP again.
Added support for using Shared SSL together with the FORCE_SSL_ADMIN and FORCE_SSL_LOGIN options.

Release Info

Developer	Mvied
Plugin	WordPress HTTPS (SSL)
Version	1.8.5
Comparing to
See all releases

Code changes from version 1.8.1 to 1.8.5

Files changed (2) hide show

readme.txt +10 -3
wordpress-https.php +76 -18

readme.txt CHANGED Viewed

	@@ -1,15 +1,17 @@
1	=== WordPress HTTPS ===
2	Contributors: Mvied
3	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=6ZL95VTJ388HG
4	- Tags: ~~encrypted~~, ssl, http, https
5	Requires at least: 2.7.0
6	- Tested up to: 3.0.1
7	- Stable tag: 1.8.1
8
9	WordPress HTTPS is intended to be an all-in-one solution to using SSL on WordPress sites. Free support provided!
10
11	== Description ==
12


13	Here are the currently available features:
14
15	<ul>
	@@ -65,6 +67,11 @@ In most cases, yes. There are limitations to what this plugin can fix. Here are
65
66	== Changelog ==
67





68	= 1.8.1 =
69	* Re-enabled the canonical redirect for WordPres sites not using Shared SSL.
70	= 1.8 =


1	=== WordPress HTTPS ===
2	Contributors: Mvied
3	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=6ZL95VTJ388HG
4	+ Tags: ssl, shared ssl, private ssl, http, https, admin, administration, secure admin, login, secure login, security, encryption, encrypted
5	Requires at least: 2.7.0
6	+ Tested up to: 3.0.3
7	+ Stable tag: 1.8.5
8
9	WordPress HTTPS is intended to be an all-in-one solution to using SSL on WordPress sites. Free support provided!
10
11	== Description ==
12
13	+ WordPress HTTPS is intended to be an all-in-one solution to using SSL on WordPress sites.
14	+
15	Here are the currently available features:
16
17	<ul>

67
68	== Changelog ==
69
70	+ = 1.8.5 =
71	+ * In version 1.8.5, when a page is forced to HTTPS, any links to that page will always be HTTPS, even when using the 'Disable Automatic HTTPS' option. Likewise, when the 'Force SSL Exclusively' option is enabled, all links to pages not forced to HTTPS will be changed to HTTP on HTTPS pages.
72	+ * Updated RegEx's for more complicated URL's.
73	+ * Bug fix - When in the admin panel, only link URL's are changed back to HTTP again.
74	+ * Added support for using Shared SSL together with the FORCE_SSL_ADMIN and FORCE_SSL_LOGIN options.
75	= 1.8.1 =
76	* Re-enabled the canonical redirect for WordPres sites not using Shared SSL.
77	= 1.8 =

wordpress-https.php CHANGED Viewed

	@@ -4,7 +4,7 @@ Plugin Name: WordPress HTTPS
4	Plugin URI: http://mvied.com/projects/wordpress-https/
5	Description: WordPress HTTPS is intended to be an all-in-one solution to using SSL on WordPress sites. Free support provided!
6	Author: Mike Ems
7	- Version: 1.8.1
8	Author URI: http://mvied.com/
9	*/
10
	@@ -25,7 +25,7 @@ if ( !class_exists('WordPressHTTPS') ) {
25	*
26	* @var int
27	*/
28	- var $plugin_version = '1.8.1';
29
30	/**
31	* Plugin URL
	@@ -103,6 +103,12 @@ if ( !class_exists('WordPressHTTPS') ) {
103	'wordpress-https_sharedssl_host' => '' // Hostname for Shared SSL
104	);
105






106	if ( is_admin() ) {
107	// Add admin menus
108	add_action('admin_menu', array(&$this, 'menu'));
	@@ -129,15 +135,13 @@ if ( !class_exists('WordPressHTTPS') ) {
129	// Add 'Force SSL' checkbox to add/edit post pages
130	add_action('post_submitbox_misc_actions', array(&$this, 'post_checkbox'));
131	add_action('save_post', array(&$this, 'post_save'));
132	-
133	- // If not admin panel
134	- } else {
135	- // Check if the page needs to be redirected
136	- add_action('template_redirect', array(&$this, 'check_https'));
137	}
138



139	// Filter HTTPS from links in WP 3.0+
140	- if ( ( get_option('wordpress-https_disable_autohttps') == 1 && !is_admin() && strpos('https://', get_option('home')) !== true ) ~~\|\| ( is_admin(~~) ~~&& $this->is_ssl() && strpos('https://', get_option('home')) !== true ) )~~ {
141	add_filter('page_link', array(&$this, 'replace_https'));
142	add_filter('post_link', array(&$this, 'replace_https'));
143	add_filter('category_link', array(&$this, 'replace_https'));
	@@ -147,11 +151,16 @@ if ( !class_exists('WordPressHTTPS') ) {
147	add_filter('home_url', array(&$this, 'replace_https'));
148	add_filter('bloginfo', array(&$this, 'bloginfo'), 10, 2);
149	add_filter('bloginfo_url', array(&$this, 'bloginfo'), 10, 2);








150	}
151
152	- // Start output buffering
153	- add_action('plugins_loaded', array(&$this, 'buffer_start'));
154	-
155	// End output buffering
156	//add_action('shutdown', array(&$this, 'buffer_end'));
157	}
	@@ -164,7 +173,7 @@ if ( !class_exists('WordPressHTTPS') ) {
164	*/
165	function process($buffer) {
166	if ( $this->is_ssl() ) {
167	- preg_match_all('/\<(script\|link\|img\|input\|form\|embed\|param)[^>]+((http\|https):\/\/[\/-\w\.#]+)[^>]+>/im',$buffer,$matches);
168
169	for ($i = 0; $i<=sizeof($matches[0]); $i++) {
170	$html = $matches[0][$i];
	@@ -175,8 +184,8 @@ if ( !class_exists('WordPressHTTPS') ) {
175	if ( ( $type == 'link' && ( strpos($html, 'stylesheet') !== false \|\| strpos($html, 'pingback') !== false ) ) \|\| ( $type == 'input' && strpos($html, 'image') !== false ) \|\| ( $type == 'param' && strpos($html, 'movie') !== false ) \|\| $type == 'img' \|\| $type == 'script' \|\| $type == 'embed' ) {
176	if ( strpos($url,$this->http_url) !== false && get_option('wordpress-https_internalurls') == 1 ) {
177	$buffer = str_replace($html, str_replace($this->http_url, $this->https_url, $html), $buffer);
178	- } else if ( $this->shared_ssl && get_option('wordpress-https_internalurls') == 1 && strpos($html,$this->~~replace_http($this->~~http_url)) !== false ) {
179	- $buffer = str_replace($html, str_replace($this->~~replace_http($this->~~http_url), $this->https_url, $html), $buffer);
180	} else if ( get_option('wordpress-https_externalurls') == 1 ) {
181	if ( get_option('wordpress-https_bypass') == 1 ) {
182	$buffer = str_replace($html, $this->replace_http($html), $buffer);
	@@ -189,7 +198,7 @@ if ( !class_exists('WordPressHTTPS') ) {
189
190	// Look for any relative paths that should be udpated to the Shared SSL path
191	if ( $this->shared_ssl == 1 ) {
192	- preg_match_all('/\<(script\|link\|img\|input\|form\|embed\|param\|a)[^>]+[\'"](\/[\/-\w~~\.#~~]*)[^>]+>/im',$buffer,$matches);
193
194	for ($i = 0; $i<=sizeof($matches[0]); $i++) {
195	$html = $matches[0][$i];
	@@ -201,11 +210,44 @@ if ( !class_exists('WordPressHTTPS') ) {
201	}
202	}
203

































204	// Fix any links that contain the HTTPS version of the regular domain when using Shared SSL
205	if ( $this->shared_ssl && get_option('wordpress-https_internalurls') == 1 ) {
206	- $regex_url = ~~str_replace~~(~~'/', '\/',~~ $this->http_url);
207	- $regex_url = ~~preg_quote~~($regex_url);
208	- preg_match_all('/\<a[^>]+(' . $regex_url . ')[^>]+>/im',$buffer,$matches);
209
210	for ($i = 0; $i<=sizeof($matches[0]); $i++) {
211	$html = $matches[0][$i];
	@@ -255,6 +297,22 @@ if ( !class_exists('WordPressHTTPS') ) {
255	}
256	}
257
















258	/**
259	* Redirects page to HTTP or HTTPS accordingly
260	*


4	Plugin URI: http://mvied.com/projects/wordpress-https/
5	Description: WordPress HTTPS is intended to be an all-in-one solution to using SSL on WordPress sites. Free support provided!
6	Author: Mike Ems
7	+ Version: 1.8.5
8	Author URI: http://mvied.com/
9	*/
10

25	*
26	* @var int
27	*/
28	+ var $plugin_version = '1.8.5';
29
30	/**
31	* Plugin URL

103	'wordpress-https_sharedssl_host' => '' // Hostname for Shared SSL
104	);
105
106	+ // Start output buffering
107	+ add_action('plugins_loaded', array(&$this, 'buffer_start'));
108	+
109	+ // Check for admin/login redirects
110	+ add_action('plugins_loaded', array(&$this, 'admin_redirect'));
111	+
112	if ( is_admin() ) {
113	// Add admin menus
114	add_action('admin_menu', array(&$this, 'menu'));

135	// Add 'Force SSL' checkbox to add/edit post pages
136	add_action('post_submitbox_misc_actions', array(&$this, 'post_checkbox'));
137	add_action('save_post', array(&$this, 'post_save'));





138	}
139
140	+ // Check if the page needs to be redirected
141	+ add_action('template_redirect', array(&$this, 'check_https'));
142	+
143	// Filter HTTPS from links in WP 3.0+
144	+ if ( ( get_option('wordpress-https_disable_autohttps') == 1 && !is_admin() && strpos('https://', get_option('home')) !== true ) ) {
145	add_filter('page_link', array(&$this, 'replace_https'));
146	add_filter('post_link', array(&$this, 'replace_https'));
147	add_filter('category_link', array(&$this, 'replace_https'));

151	add_filter('home_url', array(&$this, 'replace_https'));
152	add_filter('bloginfo', array(&$this, 'bloginfo'), 10, 2);
153	add_filter('bloginfo_url', array(&$this, 'bloginfo'), 10, 2);
154	+ // If the whole site is not HTTPS, set links to the front-end to HTTP
155	+ } else if ( is_admin() && $this->is_ssl() && strpos('https://', get_option('home')) !== true ) {
156	+ add_filter('page_link', array(&$this, 'replace_https'));
157	+ add_filter('post_link', array(&$this, 'replace_https'));
158	+ add_filter('category_link', array(&$this, 'replace_https'));
159	+ add_filter('get_archives_link', array(&$this, 'replace_https'));
160	+ add_filter('tag_link', array(&$this, 'replace_https'));
161	+ add_filter('search_link', array(&$this, 'replace_https'));
162	}
163



164	// End output buffering
165	//add_action('shutdown', array(&$this, 'buffer_end'));
166	}

173	*/
174	function process($buffer) {
175	if ( $this->is_ssl() ) {
176	+ preg_match_all('/\<(script\|link\|img\|input\|form\|embed\|param)[^>]+((http\|https):\/\/[\/-\w\.#]+)[^>]+>/im', $buffer, $matches);
177
178	for ($i = 0; $i<=sizeof($matches[0]); $i++) {
179	$html = $matches[0][$i];

184	if ( ( $type == 'link' && ( strpos($html, 'stylesheet') !== false \|\| strpos($html, 'pingback') !== false ) ) \|\| ( $type == 'input' && strpos($html, 'image') !== false ) \|\| ( $type == 'param' && strpos($html, 'movie') !== false ) \|\| $type == 'img' \|\| $type == 'script' \|\| $type == 'embed' ) {
185	if ( strpos($url,$this->http_url) !== false && get_option('wordpress-https_internalurls') == 1 ) {
186	$buffer = str_replace($html, str_replace($this->http_url, $this->https_url, $html), $buffer);
187	+ } else if ( $this->shared_ssl && get_option('wordpress-https_internalurls') == 1 && strpos($html,$this->http_url) !== false ) {
188	+ $buffer = str_replace($html, str_replace($this->http_url, $this->https_url, $html), $buffer);
189	} else if ( get_option('wordpress-https_externalurls') == 1 ) {
190	if ( get_option('wordpress-https_bypass') == 1 ) {
191	$buffer = str_replace($html, $this->replace_http($html), $buffer);

198
199	// Look for any relative paths that should be udpated to the Shared SSL path
200	if ( $this->shared_ssl == 1 ) {
201	+ preg_match_all('/\<(script\|link\|img\|input\|form\|embed\|param\|a)[^>]+[\'"](\/[\/-\w\.#?=&;]*)[^>]+>/im', $buffer, $matches);
202
203	for ($i = 0; $i<=sizeof($matches[0]); $i++) {
204	$html = $matches[0][$i];

210	}
211	}
212
213	+ // Update anchor tags to appropriate URL's
214	+ preg_match_all('/\<a[^>]+[\'"]((http\|https):\/\/[\/-\w\.#?=&;]+)[^>]+>/im', $buffer, $matches);
215	+
216	+ for ($i = 0; $i<=sizeof($matches[0]); $i++) {
217	+ $html = $matches[0][$i];
218	+ $url = $matches[1][$i];
219	+ $scheme = $matches[2][$i];
220	+
221	+ $url_path = parse_url($url, PHP_URL_PATH);
222	+ if ($this->shared_ssl) {
223	+ $url_path = str_replace(parse_url($this->https_url, PHP_URL_PATH), '', $url_path);
224	+ } else {
225	+ $url_path = str_replace(parse_url(get_option('home'), PHP_URL_PATH), '', $url_path);
226	+ }
227	+
228	+ if ($url_path == '/') {
229	+ $post = get_option('page_on_front');
230	+ } else {
231	+ $post = get_page_by_path($url_path);
232	+ $post = $post->ID;
233	+ }
234	+
235	+ if ($post) {
236	+ $force_ssl = get_post_meta($post, 'force_ssl', true);
237	+
238	+ if ($force_ssl) {
239	+ $buffer = str_replace($html, str_replace($this->http_url, $this->https_url, $html), $buffer);
240	+ } else if (get_option('wordpress-https_exclusive_https') == 1) {
241	+ $buffer = str_replace($html, str_replace($this->https_url, $this->http_url, $html), $buffer);
242	+ }
243	+ }
244	+ }
245	+
246	// Fix any links that contain the HTTPS version of the regular domain when using Shared SSL
247	if ( $this->shared_ssl && get_option('wordpress-https_internalurls') == 1 ) {
248	+ $regex_url = preg_quote($this->replace_http($this->http_url));
249	+ $regex_url = str_replace('/', '\/', $regex_url);
250	+ preg_match_all('/\<a[^>]+(' . $regex_url . ')[^>]+>/im', $buffer, $matches);
251
252	for ($i = 0; $i<=sizeof($matches[0]); $i++) {
253	$html = $matches[0][$i];

297	}
298	}
299
300	+ /**
301	+ * Used to redirect admin pages to Shared SSL host
302	+ *
303	+ * @param none
304	+ * @return void
305	+ */
306	+ function admin_redirect() {
307	+ // If we're using Shared SSL and the admin panel should be SSL, redirect
308	+ if ( is_admin() && $this->shared_ssl && force_ssl_admin() && !$this->is_ssl() ) {
309	+ $this->redirect(true);
310	+ // If we're on the login page and it should be SSL, redirect
311	+ } else if ( $GLOBALS['pagenow'] == 'wp-login.php' && ( force_ssl_admin() \|\| force_ssl_login() ) && $this->shared_ssl && !$this->is_ssl() ) {
312	+ $this->redirect(true);
313	+ }
314	+ }
315	+
316	/**
317	* Redirects page to HTTP or HTTPS accordingly
318	*