WordPress HTTPS (SSL) - Version 1.9

Version Description

  • Created Updates widget on settings screen to allow for dynamic updates from the plugin developers.
  • Added support for PHP4.
  • Converted all spaces to tabs in source.
  • Force Shared SSL Admin option added to allow those using Shared SSL the ability to use their certificate for their admin dashboard.
  • Bug fix - Force SSL checkbox will now appear on WordPress versions below 2.9.
  • Bug fix - Password protected pages forced to SSL will now work properly.
  • Bug fix - Plugin should no longer break feeds.
  • Numerous other bug fixes that have since been forgotten due to the length of time this version has been in development.
Download this release

Release Info

Developer Mvied
Plugin Icon wp plugin WordPress HTTPS (SSL)
Version 1.9
Comparing to
See all releases

Code changes from version 1.8.5 to 1.9

Files changed (6) hide show
  1. css/admin.css +48 -35
  2. js/admin.js +0 -19
  3. js/admin.php +47 -0
  4. js/updates.php +38 -0
  5. readme.txt +35 -26
  6. wordpress-https.php +784 -633
css/admin.css CHANGED
@@ -1,11 +1,19 @@
1
  div#message-wrap {
2
- height: 35px;
3
- overflow: hidden;
 
 
 
 
 
 
 
 
 
4
  }
5
 
6
  form#wordpress-https {
7
  float: left;
8
- margin-right: 320px;
9
  margin-top: 15px;
10
  }
11
  form#wordpress-https h3 {
@@ -20,40 +28,45 @@ form#wordpress-https fieldset p {
20
 
21
  div#wphttps-sidebar {
22
  margin: 20px 0 0 -300px;
23
- clear: right;
24
- float: right;
25
- width: 300px;
26
  }
27
  div#wphttps-sidebar div.wphttps-widget {
28
- margin: 0 auto 20px auto;
29
- width: 285px;
30
  }
31
  div.wphttps-widget-content {
32
- background: #F1F1F1;
33
- padding: 5px 20px;
34
- border-bottom-left-radius: 8px;
35
- border-bottom-right-radius: 8px;
36
- -moz-border-radius-bottomleft: 8px;
37
- -moz-border-radius-bottomright: 8px;
38
- border: 1px solid #DDD;
39
- border-top: 0;
40
  }
41
  div.wphttps-widget h3 {
42
- font-size: 13px;
43
- height: 19px;
44
- margin: 0;
45
- overflow: hidden;
46
- padding: 5px 12px;
47
- white-space: nowrap;
48
- background: url(images/widget-title.png) repeat-x;
49
- border: 1px solid #636363;
50
- border-bottom: 0;
51
- border-top-left-radius: 8px;
52
- border-top-right-radius: 8px;
53
- -moz-border-radius-topleft:8px;
54
- -moz-border-radius-topright:8px;
55
- color: #FFF;
56
- text-shadow:0 -1px 0 #3F3F3F;
 
 
 
 
 
57
  }
58
 
59
  div.wphttps-widget#wphttps-donate form {
@@ -69,11 +82,11 @@ img#submit-waiting {
69
  }
70
 
71
  p.description {
72
- color: #666;
73
- font-size: 12px;
74
- font-style: italic;
75
  }
76
 
77
  input#wordpress-https_sharedssl_host {
78
- width: 350px;
79
  }
1
  div#message-wrap {
2
+ position: fixed;
3
+ bottom: 50%;
4
+ left: 50%;
5
+ margin-left: -25%;
6
+ width: 50%;
7
+ z-index: 10;
8
+ text-align: center;
9
+ }
10
+
11
+ div#wphttps-main div#post-body {
12
+ overflow: hidden;
13
  }
14
 
15
  form#wordpress-https {
16
  float: left;
 
17
  margin-top: 15px;
18
  }
19
  form#wordpress-https h3 {
28
 
29
  div#wphttps-sidebar {
30
  margin: 20px 0 0 -300px;
31
+ clear: right;
32
+ float: right;
33
+ width: 300px;
34
  }
35
  div#wphttps-sidebar div.wphttps-widget {
36
+ margin: 0 auto 20px auto;
37
+ width: 285px;
38
  }
39
  div.wphttps-widget-content {
40
+ background: #F1F1F1;
41
+ padding: 5px 20px;
42
+ border-bottom-left-radius: 8px;
43
+ border-bottom-right-radius: 8px;
44
+ -moz-border-radius-bottomleft: 8px;
45
+ -moz-border-radius-bottomright: 8px;
46
+ border: 1px solid #DDD;
47
+ border-top: 0;
48
  }
49
  div.wphttps-widget h3 {
50
+ font-size: 13px;
51
+ height: 19px;
52
+ margin: 0;
53
+ overflow: hidden;
54
+ padding: 5px 12px;
55
+ white-space: nowrap;
56
+ background: url(images/widget-title.png) repeat-x;
57
+ border: 1px solid #636363;
58
+ border-bottom: 0;
59
+ border-top-left-radius: 8px;
60
+ border-top-right-radius: 8px;
61
+ -moz-border-radius-topleft:8px;
62
+ -moz-border-radius-topright:8px;
63
+ color: #FFF;
64
+ text-shadow:0 -1px 0 #3F3F3F;
65
+ }
66
+
67
+ div.wphttps-widget#wphttps-updates img#updates-loading {
68
+ display: block;
69
+ margin: 1em auto;
70
  }
71
 
72
  div.wphttps-widget#wphttps-donate form {
82
  }
83
 
84
  p.description {
85
+ color: #666;
86
+ font-size: 12px;
87
+ font-style: italic;
88
  }
89
 
90
  input#wordpress-https_sharedssl_host {
91
+ width: 350px;
92
  }
js/admin.js DELETED
@@ -1,19 +0,0 @@
1
- jQuery(document).ready(function() {
2
- jQuery('#message-body').fadeOut();
3
-
4
- jQuery('#wordpress-https').submit(function() {
5
- jQuery('#submit-waiting').show();
6
- });
7
- //
8
- var options = {
9
- data: { ajax: '1'},
10
- success: function(responseText, textStatus, XMLHttpRequest) {
11
- jQuery('#message-body').html(responseText);
12
- // .animate is used to delay the fadeOut by 5 seconds
13
- jQuery('#message-body').fadeIn().animate({opacity: 1.0}, 5000).fadeOut();
14
- jQuery('#submit-waiting').hide();
15
- }
16
- };
17
-
18
- jQuery('#wordpress-https').ajaxForm(options);
19
- });
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
js/admin.php ADDED
@@ -0,0 +1,47 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ /** Loads the WordPress Environment */
3
+ require('../../../../wp-blog-header.php');
4
+
5
+ // Disable errors
6
+ error_reporting(0);
7
+
8
+ // Set headers
9
+ header("Status: 200");
10
+ header("HTTP/1.1 200 OK");
11
+ header('Content-Type: application/javascript');
12
+ header('Cache-Control: no-store, no-cache, must-revalidate');
13
+ header('Cache-Control: post-check=0, pre-check=0', FALSE);
14
+ header('Pragma: no-cache');
15
+ header("Vary: Accept-Encoding");
16
+
17
+ ?>
18
+ jQuery(document).ready(function($) {
19
+ $('#message-body').fadeOut();
20
+
21
+ $('#wordpress-https').submit(function() {
22
+ $('#submit-waiting').show();
23
+ });
24
+
25
+ var options = {
26
+ data: { ajax: '1'},
27
+ success: function(responseText, textStatus, XMLHttpRequest) {
28
+ $('#message-body').html(responseText);
29
+ // .animate is used to delay the fadeOut by 5 seconds
30
+ $('#message-body').fadeIn().animate({opacity: 1.0}, 5000).fadeOut();
31
+ $('#submit-waiting').hide();
32
+ }
33
+ };
34
+
35
+ $('#wordpress-https').ajaxForm(options);
36
+
37
+ $('#wphttps-updates .wphttps-widget-content').load('<?php echo parse_url($wordpress_https->plugin_url, PHP_URL_PATH); ?>/js/updates.php');
38
+
39
+ function resize() {
40
+ $('#wphttps-main').width( $('#wphttps-main').parent().width() - ($('#wphttps-sidebar').width() + 15));
41
+ }
42
+
43
+ $(window).resize(function() {
44
+ resize();
45
+ });
46
+ resize();
47
+ });
js/updates.php ADDED
@@ -0,0 +1,38 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ // Set headers
3
+ header("Status: 200");
4
+ header("HTTP/1.1 200 OK");
5
+ header('Content-Type: text/html');
6
+ header('Cache-Control: no-store, no-cache, must-revalidate');
7
+ header('Cache-Control: post-check=0, pre-check=0', FALSE);
8
+ header('Pragma: no-cache');
9
+ header("Vary: Accept-Encoding");
10
+
11
+ function get_content($url) {
12
+ $ch = curl_init();
13
+
14
+ curl_setopt($ch, CURLOPT_URL, $url);
15
+ curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER["HTTP_USER_AGENT"]);
16
+ curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
17
+ curl_setopt($ch, CURLOPT_HEADER, 0);
18
+ curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
19
+
20
+ $result = curl_exec($ch);
21
+ curl_close($ch);
22
+ return $result;
23
+ }
24
+
25
+ $url = 'http://mvied.com/wphttps-updates.html';
26
+
27
+ $content = file_get_contents($url);
28
+
29
+ if (!$content) {
30
+ $content = get_content($url);
31
+ }
32
+
33
+ if ($content) {
34
+ echo $content;
35
+ } else {
36
+ echo "<p class=\"error\">Unable to retrieve updates.</p>";
37
+ }
38
+ ?>
readme.txt CHANGED
@@ -1,19 +1,14 @@
1
  === WordPress HTTPS ===
2
  Contributors: Mvied
3
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=6ZL95VTJ388HG
4
- Tags: ssl, shared ssl, private ssl, http, https, admin, administration, secure admin, login, secure login, security, encryption, encrypted
5
  Requires at least: 2.7.0
6
- Tested up to: 3.0.3
7
- Stable tag: 1.8.5
8
-
9
- WordPress HTTPS is intended to be an all-in-one solution to using SSL on WordPress sites. Free support provided!
10
-
11
- == Description ==
12
 
13
  WordPress HTTPS is intended to be an all-in-one solution to using SSL on WordPress sites.
14
 
15
- Here are the currently available features:
16
-
17
  <ul>
18
  <li>Change all internal scripts, stylesheets and images to HTTPS if the page is being viewed via HTTPS to prevent partially encrypted errors.</li>
19
  <li>Supports Shared and Private SSL.</li>
@@ -21,44 +16,49 @@ Here are the currently available features:
21
  <li>Force pages to HTTP that have not been forced to HTTPS.</li>
22
  <li>Change external elements to HTTPS. The plugin will check for the existence of external elements over HTTPS and, if available, will change them to HTTPS.</li>
23
  <li>Override the external element HTTPS check. If you know that all external elements can be loaded over HTTPS, this option will save some load time on your pages.</li>
24
- <li>Disable WordPress 3.0+ from changing all of your page, category and post links to HTTPS.</li>
25
  </ul>
26
 
27
- There are a few things that can cause a page to still be loaded insecurely after enabling this plugin.
28
- <ul>
29
- <li>YouTube videos - YouTube does not allow videos to be streamed over HTTPS.</li>
30
- <li>Google Maps - Loading Google maps over HTTPS requires a Google Maps API Premiere account. (<a href="http://code.google.com/apis/maps/faq.html#ssl">source</a>)</li>
31
- <li>External elements that can not be delivered over HTTPS - I would suggest removing these or hosting them on your own server.</li>
32
- </ul>
33
-
34
- If you're still having trouble getting your site to load over HTTPS, or any other issues, please <a href="http://wordpress.org/tags/wordpress-https#postform">start a support topic</a> and I will do my best to assist you.
35
 
36
  == Installation ==
37
 
38
- 1. Upload `wordpress-https.php` to the `/wp-content/plugins/` directory
39
  1. Activate the plugin through the 'Plugins' menu in WordPress.
40
 
41
  == Frequently Asked Questions ==
42
 
43
  = How do I make my whole website HTTPS? =
44
 
45
- To make your entire website HTTPS, you simply need to change your home url and site url to HTTPS instead of HTTP. Please read <a href="http://codex.wordpress.org/Changing_The_Site_URL">how to change the site url</a>.
46
 
47
  = How do I make only my administration panel HTTPS? =
48
 
49
- WordPress already has this process well documented. Please read <a href="http://codex.wordpress.org/Administration_Over_SSL">how to set up administration over SSL</a>.
50
 
51
  = How do I make only certain pages HTTPS? =
52
 
53
  As of version 1.5, this plugin grants that ability. Within the Publish box on the add/edit post screen, a checkbox for 'Force SSL' has been added to make this process easy. See Screenshots if you're having a hard time finding it.
54
 
55
- = Will this plugin fix all of my partially encrypted errors? =
 
 
 
 
 
 
 
 
 
 
 
56
 
57
- In most cases, yes. There are limitations to what this plugin can fix. Here are a few that I've run into:
58
  <ul>
59
- <li>YouTube videos - YouTube does not allow videos to be streamed over HTTPS.</li>
60
- <li>Google Maps - Loading Google maps over HTTPS requires a Google Maps API Premiere account. (<a href="http://code.google.com/apis/maps/faq.html#ssl">source</a>)</li>
61
- <li>External elements that can not be delivered over HTTPS - I would suggest removing these or hosting them on your own server.</li>
 
62
  </ul>
63
 
64
  == Screenshots ==
@@ -67,6 +67,15 @@ In most cases, yes. There are limitations to what this plugin can fix. Here are
67
 
68
  == Changelog ==
69
 
 
 
 
 
 
 
 
 
 
70
  = 1.8.5 =
71
  * In version 1.8.5, when a page is forced to HTTPS, any links to that page will always be HTTPS, even when using the 'Disable Automatic HTTPS' option. Likewise, when the 'Force SSL Exclusively' option is enabled, all links to pages not forced to HTTPS will be changed to HTTP on HTTPS pages.
72
  * Updated RegEx's for more complicated URL's.
1
  === WordPress HTTPS ===
2
  Contributors: Mvied
3
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=6ZL95VTJ388HG
4
+ Tags: encrypted, ssl, http, https
5
  Requires at least: 2.7.0
6
+ Tested up to: 3.2.1
7
+ Stable tag: 1.9
 
 
 
 
8
 
9
  WordPress HTTPS is intended to be an all-in-one solution to using SSL on WordPress sites.
10
 
11
+ == Description ==
 
12
  <ul>
13
  <li>Change all internal scripts, stylesheets and images to HTTPS if the page is being viewed via HTTPS to prevent partially encrypted errors.</li>
14
  <li>Supports Shared and Private SSL.</li>
16
  <li>Force pages to HTTP that have not been forced to HTTPS.</li>
17
  <li>Change external elements to HTTPS. The plugin will check for the existence of external elements over HTTPS and, if available, will change them to HTTPS.</li>
18
  <li>Override the external element HTTPS check. If you know that all external elements can be loaded over HTTPS, this option will save some load time on your pages.</li>
19
+ <li>Disable WordPress 3.0+ from changing all of your page, category and post links to HTTPS on HTTPS pages.</li>
20
  </ul>
21
 
22
+ If you're having partially encrypted errors or other problems, please read the <a href="http://wordpress.org/extend/plugins/wordpress-https/faq/">FAQ</a>. If you're still having trouble, please <a href="http://wordpress.org/tags/wordpress-https#postform">start a support topic</a> and I will do my best to assist you.
 
 
 
 
 
 
 
23
 
24
  == Installation ==
25
 
26
+ 1. Upload the `wordpress-https` folder to the `/wp-content/plugins/` directory.
27
  1. Activate the plugin through the 'Plugins' menu in WordPress.
28
 
29
  == Frequently Asked Questions ==
30
 
31
  = How do I make my whole website HTTPS? =
32
 
33
+ To make your entire website HTTPS, you simply need to change your home url and site url to HTTPS instead of HTTP. Please read <a href="http://codex.wordpress.org/Changing_The_Site_URL" target="_blank">how to change the site url</a>.
34
 
35
  = How do I make only my administration panel HTTPS? =
36
 
37
+ WordPress already has this process well documented. Please read <a href="http://codex.wordpress.org/Administration_Over_SSL" target="_blank">how to set up administration over SSL</a>.
38
 
39
  = How do I make only certain pages HTTPS? =
40
 
41
  As of version 1.5, this plugin grants that ability. Within the Publish box on the add/edit post screen, a checkbox for 'Force SSL' has been added to make this process easy. See Screenshots if you're having a hard time finding it.
42
 
43
+ = How do I fix partially encrypted errors? =
44
+
45
+ To identify what is causing your page(s) to be insecure, please follow the instructions below.
46
+ <ol>
47
+ <li>Download <a href="http://www.google.com/chrome" target="_blank">Google Chrome</a>.</li>
48
+ <li>Open the page you're having trouble with in Google Chrome.</li>
49
+ <li>Open the Developer Tools. <a href="http://code.google.com/chrome/devtools/docs/overview.html#access" target="_blank">How to access the Developer Tools.</a></li>
50
+ <li>Click on the Console tab.</li>
51
+ </ol>
52
+ For each item that is making your page partially encrypted, you should see an entry in the console similar to "The page at https://www.example.com/ displayed insecure content from http://www.example.com/." Note that the URL that is loading insecure content is HTTP and not HTTPS.
53
+
54
+ If you see any external elements (not hosted no your server) that are loading over HTTP, try enabling the 'External HTTPS Elements' option in the WordPress HTTPS settings.
55
 
56
+ Any other insecure content warnings can generally be resolved by changing absolute references to elements, or removing the insecure elements from the page completely. Although WordPress HTTPS does its best to fix all insecure content, there are a few cases that are impossible to fix.
57
  <ul>
58
+ <li>Elements loaded via JavaScript that are hard-coded to HTTP. Usually this can be fixed by altering the JavaScript calling these elements.</li>
59
+ <li>External elements that can not be delivered over HTTPS. These elements will have to be removed from the page, or hosted locally so that they can be loaded over HTTPS.</li>
60
+ <li>YouTube videos - YouTube does not allow videos to be streamed over HTTPS. YouTube videos will have to be removed from secure pages.</li>
61
+ <li>Google Maps - Loading Google maps over HTTPS requires a Google Maps API Premiere account. (<a href="http://code.google.com/apis/maps/faq.html#ssl" target="_blank">source</a>)</li>
62
  </ul>
63
 
64
  == Screenshots ==
67
 
68
  == Changelog ==
69
 
70
+ = 1.9 =
71
+ * Created Updates widget on settings screen to allow for dynamic updates from the plugin developers.
72
+ * Added support for PHP4.
73
+ * Converted all spaces to tabs in source.
74
+ * Force Shared SSL Admin option added to allow those using Shared SSL the ability to use their certificate for their admin dashboard.
75
+ * Bug fix - Force SSL checkbox will now appear on WordPress versions below 2.9.
76
+ * Bug fix - Password protected pages forced to SSL will now work properly.
77
+ * Bug fix - Plugin should no longer break feeds.
78
+ * Numerous other bug fixes that have since been forgotten due to the length of time this version has been in development.
79
  = 1.8.5 =
80
  * In version 1.8.5, when a page is forced to HTTPS, any links to that page will always be HTTPS, even when using the 'Disable Automatic HTTPS' option. Likewise, when the 'Force SSL Exclusively' option is enabled, all links to pages not forced to HTTPS will be changed to HTTP on HTTPS pages.
81
  * Updated RegEx's for more complicated URL's.
wordpress-https.php CHANGED
@@ -1,658 +1,809 @@
1
  <?php
2
  /*
3
- Plugin Name: WordPress HTTPS
4
- Plugin URI: http://mvied.com/projects/wordpress-https/
5
- Description: WordPress HTTPS is intended to be an all-in-one solution to using SSL on WordPress sites. Free support provided!
6
- Author: Mike Ems
7
- Version: 1.8.5
8
- Author URI: http://mvied.com/
9
- */
10
 
11
  /**
12
- * Class for the WordPress plugin WordPress HTTPS
13
- *
14
- * @author Mike Ems
15
- * @package WordPressHTTPS
16
- * @copyright Copyright 2010
17
- *
18
- */
 
 
19
 
20
  if ( !class_exists('WordPressHTTPS') ) {
21
- class WordPressHTTPS {
22
-
23
- /**
24
- * Plugin version
25
- *
26
- * @var int
27
- */
28
- var $plugin_version = '1.8.5';
29
-
30
- /**
31
- * Plugin URL
32
- *
33
- * @var string
34
- */
35
- var $plugin_url;
36
-
37
- /**
38
- * HTTP URL
39
- *
40
- * @var string
41
- */
42
- var $http_url;
43
-
44
- /**
45
- * HTTPS URL
46
- *
47
- * @var string
48
- */
49
- var $https_url;
50
-
51
- /**
52
- * Shared SSL
53
- *
54
- * @var boolean
55
- */
56
- var $shared_ssl = 0;
57
-
58
- /**
59
- * Default options
60
- *
61
- * @var array
62
- */
63
- var $options_default;
64
-
65
- /**
66
- * Initialize plugin
67
- *
68
- * @param none
69
- * @return void
70
- */
71
- function __construct() {
72
- // Assign plugin_url
73
- if ( version_compare( get_bloginfo('version'), '2.8', '>=' ) ) {
74
- $this->plugin_url = plugins_url('', __FILE__);
75
- } else {
76
- $this->plugin_url = WP_PLUGIN_URL . '/' . plugin_basename(dirname(__FILE__));
77
- }
78
-
79
- // Assign HTTP URL
80
- $this->http_url = 'http://' . parse_url(get_option('home'), PHP_URL_HOST);
81
- // Assign HTTPS URL
82
- $this->https_url = $this->replace_http($this->http_url);
83
-
84
- // Shared SSL
85
- if (get_option('wordpress-https_sharedssl') == 1 && get_option('wordpress-https_sharedssl_host') != '') {
86
- // Turn on Shared SSL
87
- $this->shared_ssl = 1;
88
- // Assign HTTPS URL to Shared SSL Host
89
- $this->https_url = get_option('wordpress-https_sharedssl_host');
90
- // Prevent WordPress from causing a redirect loop
91
- remove_filter('template_redirect', 'redirect_canonical');
92
- }
93
-
94
- // Define default options
95
- $this->options_default = array(
96
- 'wordpress-https_internalurls' => 1, // Force internal URL's to HTTPS
97
- 'wordpress-https_externalurls' => 0, // Force external URL's to HTTPS
98
- 'wordpress-https_bypass' => 0, // Bypass option to check if external elements can be loaded via HTTPS
99
- 'wordpress-https_disable_autohttps' => 0, // Prevents WordPress 3.0+ from making all links HTTPS when viewing a secure page.
100
- 'wordpress-https_exclusive_https' => 0, // Exclusively force SSL on posts and pages with the `Force SSL` option checked.
101
- 'wordpress-https_frontpage' => 0, // Force SSL on front page
102
- 'wordpress-https_sharedssl' => 0, // Enable Shared SSL
103
- 'wordpress-https_sharedssl_host' => '' // Hostname for Shared SSL
104
- );
105
-
106
- // Start output buffering
107
- add_action('plugins_loaded', array(&$this, 'buffer_start'));
108
-
109
- // Check for admin/login redirects
110
- add_action('plugins_loaded', array(&$this, 'admin_redirect'));
111
-
112
- if ( is_admin() ) {
113
- // Add admin menus
114
- add_action('admin_menu', array(&$this, 'menu'));
115
-
116
- // Load on plugins page
117
- if ( $GLOBALS['pagenow'] == 'plugins.php' ) {
118
- add_filter( 'plugin_row_meta', array( &$this, 'plugin_links' ), 10, 2);
119
- }
120
-
121
- // Load on Settings page
122
- if ( @$_GET['page'] == 'wordpress-https' ) {
123
- wp_enqueue_script('jquery-form', $this->plugin_url . '/js/jquery.form.js', array('jquery'), '2.47', true);
124
- wp_enqueue_script('wordpress-https', $this->plugin_url . '/js/admin.js', array('jquery'), $this->plugin_version, true);
125
- wp_enqueue_style('wordpress-https', $this->plugin_url . '/css/admin.css', $this->plugin_version, true);
126
-
127
- // Set default options
128
- foreach ( $this->options_default as $option => $value ) {
129
- if ( get_option($option) === false ) {
130
- add_option($option, $value);
131
- }
132
- }
133
- }
134
-
135
- // Add 'Force SSL' checkbox to add/edit post pages
136
- add_action('post_submitbox_misc_actions', array(&$this, 'post_checkbox'));
137
- add_action('save_post', array(&$this, 'post_save'));
138
- }
139
-
140
- // Check if the page needs to be redirected
141
- add_action('template_redirect', array(&$this, 'check_https'));
142
-
143
- // Filter HTTPS from links in WP 3.0+
144
- if ( ( get_option('wordpress-https_disable_autohttps') == 1 && !is_admin() && strpos('https://', get_option('home')) !== true ) ) {
145
- add_filter('page_link', array(&$this, 'replace_https'));
146
- add_filter('post_link', array(&$this, 'replace_https'));
147
- add_filter('category_link', array(&$this, 'replace_https'));
148
- add_filter('get_archives_link', array(&$this, 'replace_https'));
149
- add_filter('tag_link', array(&$this, 'replace_https'));
150
- add_filter('search_link', array(&$this, 'replace_https'));
151
- add_filter('home_url', array(&$this, 'replace_https'));
152
- add_filter('bloginfo', array(&$this, 'bloginfo'), 10, 2);
153
- add_filter('bloginfo_url', array(&$this, 'bloginfo'), 10, 2);
154
- // If the whole site is not HTTPS, set links to the front-end to HTTP
155
- } else if ( is_admin() && $this->is_ssl() && strpos('https://', get_option('home')) !== true ) {
156
- add_filter('page_link', array(&$this, 'replace_https'));
157
- add_filter('post_link', array(&$this, 'replace_https'));
158
- add_filter('category_link', array(&$this, 'replace_https'));
159
- add_filter('get_archives_link', array(&$this, 'replace_https'));
160
- add_filter('tag_link', array(&$this, 'replace_https'));
161
- add_filter('search_link', array(&$this, 'replace_https'));
162
- }
163
-
164
- // End output buffering
165
- //add_action('shutdown', array(&$this, 'buffer_end'));
166
- }
167
-
168
- /**
169
- * Process output buffer
170
- *
171
- * @param string
172
- * @return string
173
- */
174
- function process($buffer) {
175
- if ( $this->is_ssl() ) {
176
- preg_match_all('/\<(script|link|img|input|form|embed|param)[^>]+((http|https):\/\/[\/-\w\.#]+)[^>]+>/im', $buffer, $matches);
177
-
178
- for ($i = 0; $i<=sizeof($matches[0]); $i++) {
179
- $html = $matches[0][$i];
180
- $type = $matches[1][$i];
181
- $url = $matches[2][$i];
182
- $scheme = $matches[3][$i];
183
-
184
- if ( ( $type == 'link' && ( strpos($html, 'stylesheet') !== false || strpos($html, 'pingback') !== false ) ) || ( $type == 'input' && strpos($html, 'image') !== false ) || ( $type == 'param' && strpos($html, 'movie') !== false ) || $type == 'img' || $type == 'script' || $type == 'embed' ) {
185
- if ( strpos($url,$this->http_url) !== false && get_option('wordpress-https_internalurls') == 1 ) {
186
- $buffer = str_replace($html, str_replace($this->http_url, $this->https_url, $html), $buffer);
187
- } else if ( $this->shared_ssl && get_option('wordpress-https_internalurls') == 1 && strpos($html,$this->http_url) !== false ) {
188
- $buffer = str_replace($html, str_replace($this->http_url, $this->https_url, $html), $buffer);
189
- } else if ( get_option('wordpress-https_externalurls') == 1 ) {
190
- if ( get_option('wordpress-https_bypass') == 1 ) {
191
- $buffer = str_replace($html, $this->replace_http($html), $buffer);
192
- } else if (@file_get_contents($this->replace_http($url))) {
193
- $buffer = str_replace($html, $this->replace_http($html), $buffer);
194
- }
195
- }
196
- }
197
- }
198
-
199
- // Look for any relative paths that should be udpated to the Shared SSL path
200
- if ( $this->shared_ssl == 1 ) {
201
- preg_match_all('/\<(script|link|img|input|form|embed|param|a)[^>]+[\'"](\/[\/-\w\.#?=&;]*)[^>]+>/im', $buffer, $matches);
202
-
203
- for ($i = 0; $i<=sizeof($matches[0]); $i++) {
204
- $html = $matches[0][$i];
205
- $type = $matches[1][$i];
206
- $url = $matches[2][$i];
207
-
208
- $buffer = str_replace($html, str_replace($url, $this->https_url . $url, $html), $buffer);
209
- }
210
- }
211
- }
212
-
213
- // Update anchor tags to appropriate URL's
214
- preg_match_all('/\<a[^>]+[\'"]((http|https):\/\/[\/-\w\.#?=&;]+)[^>]+>/im', $buffer, $matches);
215
-
216
- for ($i = 0; $i<=sizeof($matches[0]); $i++) {
217
- $html = $matches[0][$i];
218
- $url = $matches[1][$i];
219
- $scheme = $matches[2][$i];
220
-
221
- $url_path = parse_url($url, PHP_URL_PATH);
222
- if ($this->shared_ssl) {
223
- $url_path = str_replace(parse_url($this->https_url, PHP_URL_PATH), '', $url_path);
224
- } else {
225
- $url_path = str_replace(parse_url(get_option('home'), PHP_URL_PATH), '', $url_path);
226
- }
227
-
228
- if ($url_path == '/') {
229
- $post = get_option('page_on_front');
230
- } else {
231
- $post = get_page_by_path($url_path);
232
- $post = $post->ID;
233
- }
234
-
235
- if ($post) {
236
- $force_ssl = get_post_meta($post, 'force_ssl', true);
237
-
238
- if ($force_ssl) {
239
- $buffer = str_replace($html, str_replace($this->http_url, $this->https_url, $html), $buffer);
240
- } else if (get_option('wordpress-https_exclusive_https') == 1) {
241
- $buffer = str_replace($html, str_replace($this->https_url, $this->http_url, $html), $buffer);
242
- }
243
- }
244
- }
245
-
246
- // Fix any links that contain the HTTPS version of the regular domain when using Shared SSL
247
- if ( $this->shared_ssl && get_option('wordpress-https_internalurls') == 1 ) {
248
- $regex_url = preg_quote($this->replace_http($this->http_url));
249
- $regex_url = str_replace('/', '\/', $regex_url);
250
- preg_match_all('/\<a[^>]+(' . $regex_url . ')[^>]+>/im', $buffer, $matches);
251
-
252
- for ($i = 0; $i<=sizeof($matches[0]); $i++) {
253
- $html = $matches[0][$i];
254
- $url = $matches[1][$i];
255
-
256
- $buffer = str_replace($html, str_replace($url, $this->https_url, $html), $buffer);
257
- }
258
- }
259
-
260
- return $buffer;
261
- }
262
-
263
- /**
264
- * Checks if the current page is SSL
265
- *
266
- * @param none
267
- * @return void
268
- */
269
- function is_ssl() {
270
- if ( $this->shared_ssl == 1 && strpos($this->https_url, $_SERVER['HTTP_X_FORWARDED_SERVER']) !== false ) {
271
- return true;
272
- }
273
- return is_ssl();
274
- }
275
-
276
- /**
277
- * Checks if the current page needs to be redirected
278
- *
279
- * @param none
280
- * @return void
281
- */
282
- function check_https() {
283
- global $post;
284
- if ( is_front_page() && get_option('show_on_front') == 'posts' ) {
285
- if ( get_option('wordpress-https_frontpage') == 1 && !$this->is_ssl() ) {
286
- $this->redirect(true);
287
- } else if ( get_option('wordpress-https_frontpage') != 1 && get_option('wordpress-https_exclusive_https') == 1 && $this->is_ssl() ) {
288
- $this->redirect(false);
289
- }
290
- } else if ( ( is_single() || is_page() || is_front_page() || is_home() ) && $post->ID > 0 ) {
291
- $forceSSL = get_post_meta($post->ID, 'force_ssl');
292
- if ( !$this->is_ssl() && $forceSSL ) {
293
- $this->redirect(true);
294
- } else if ( get_option('wordpress-https_exclusive_https') == 1 && !$forceSSL ) {
295
- $this->redirect(false);
296
- }
297
- }
298
- }
299
-
300
- /**
301
- * Used to redirect admin pages to Shared SSL host
302
- *
303
- * @param none
304
- * @return void
305
- */
306
- function admin_redirect() {
307
- // If we're using Shared SSL and the admin panel should be SSL, redirect
308
- if ( is_admin() && $this->shared_ssl && force_ssl_admin() && !$this->is_ssl() ) {
309
- $this->redirect(true);
310
- // If we're on the login page and it should be SSL, redirect
311
- } else if ( $GLOBALS['pagenow'] == 'wp-login.php' && ( force_ssl_admin() || force_ssl_login() ) && $this->shared_ssl && !$this->is_ssl() ) {
312
- $this->redirect(true);
313
- }
314
- }
315
-
316
- /**
317
- * Redirects page to HTTP or HTTPS accordingly
318
- *
319
- * @param boolean $ssl
320
- * @return void
321
- */
322
- function redirect($ssl = true) {
323
- if ( !$this->is_ssl() && $ssl == true ) {
324
- $url = parse_url($this->https_url);
325
- $url['scheme'] = 'https';
326
- } else if ( $this->is_ssl() && $ssl == false ) {
327
- $url = parse_url($this->http_url);
328
- $url['scheme'] = 'http';
329
- } else {
330
- $url = false;
331
- }
332
- if ($url) {
333
- $destination = $url['scheme'] . '://' . $url['host'] . (($this->shared_ssl) ? $url['path'] : '') . $_SERVER['REQUEST_URI'];
334
- wp_redirect($destination, 301);
335
- exit();
336
- }
337
- }
338
-
339
- /**
340
- * Add 'Force SSL' checkbox to add/edit post pages
341
- *
342
- * @param none
343
- * @return void
344
- */
345
- function post_checkbox() {
346
- global $post;
347
-
348
- wp_nonce_field(plugin_basename(__FILE__), 'wordpress-https');
349
-
350
- $checked = false;
351
- if ($post->ID) {
352
- $checked = get_post_meta($post->ID, 'force_ssl', true);
353
- }
354
- echo '<div class="misc-pub-section misc-pub-section-last" style="border-top: 1px solid #EEE;"><label>Force SSL: <input type="checkbox" value="1" name="force_ssl" id="force_ssl"'.(($checked) ? ' checked="checked"' : '').' /></label></div>';
355
- }
356
-
357
- /**
358
- * Save Force SSL option to post or page
359
- *
360
- * @param int $post_id
361
- * @return int $post_id
362
- */
363
- function post_save( $post_id ) {
364
- if ( array_key_exists('wordpress-https', $_POST) ) {
365
- if ( !wp_verify_nonce($_POST['wordpress-https'], plugin_basename(__FILE__))) {
366
- return $post_id;
367
- }
368
-
369
- if ( defined('DOING_AUTOSAVE') && DOING_AUTOSAVE ) {
370
- return $post_id;
371
- }
372
-
373
- if ( $_POST['post_type'] == 'page' ) {
374
- if ( !current_user_can('edit_page', $post_id) ) {
375
- return $post_id;
376
- }
377
- } else {
378
- if ( !current_user_can('edit_post', $post_id) ) {
379
- return $post_id;
380
- }
381
- }
382
-
383
- $forceSSL = (($_POST['force_ssl'] == 1) ? true : false);
384
- if ($forceSSL) {
385
- update_post_meta($post_id, 'force_ssl', 1);
386
- } else {
387
- delete_post_meta($post_id, 'force_ssl');
388
- }
389
-
390
- return $forceSSL;
391
- }
392
- return $post_id;
393
- }
394
-
395
- /**
396
- * Filters HTTPS urls from bloginfo function
397
- *
398
- * @param string $result
399
- * @param string $show
400
- * @return string
401
- */
402
- function bloginfo($result = '', $show = '') {
403
- if ($show == 'stylesheet_url' || $show == 'template_url' || $show == 'wpurl' || $show == 'home' || $show == 'siteurl' || $show == 'url') {
404
- $result = $this->replace_https($result);
405
- }
406
- return $result;
407
- }
408
-
409
- /**
410
- * Add admin panel menu option
411
- *
412
- * @param none
413
- * @return void
414
- */
415
- function menu() {
416
- add_options_page('WordPress HTTPS Settings', 'WordPress HTTPS', 'manage_options', 'wordpress-https', array(&$this, 'settings'));
417
- }
418
-
419
- /**
420
- * Add plugin links to Manage Plugins page in admin panel
421
- *
422
- * @param array $links
423
- * @param string $file
424
- * @return array
425
- */
426
- function plugin_links($links, $file) {
427
- if ( strpos($file, basename( __FILE__)) === false ) {
428
- return $links;
429
- }
430
-
431
- $links[] = '<a href="' . site_url() . '/wp-admin/options-general.php?page=wordpress-https" title="WordPress HTTPS Settings">Settings</a>';
432
- $links[] = '<a href="http://wordpress.org/extend/plugins/wordpress-https/faq/" title="Frequently Asked Questions">FAQ</a>';
433
- $links[] = '<a href="http://wordpress.org/tags/wordpress-https#postform" title="Support">Support</a>';
434
- $links[] = '<a href="https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=6ZL95VTJ388HG" title="Support WordPress HTTPS development with a donation!">Donate</a>';
435
- return $links;
436
- }
437
-
438
- /**
439
- * Start output buffering
440
- *
441
- * @param none
442
- * @return void
443
- */
444
- function buffer_start() {
445
- if ( get_option('wordpress-https_externalurls') == 1 && get_option('wordpress-https_bypass') != 1 ) {
446
- @ini_set('allow_url_fopen', 1);
447
- }
448
- ob_start(array(&$this, 'process'));
449
- }
450
-
451
- /**
452
- * End output buffering
453
- *
454
- * @param none
455
- * @return void
456
- */
457
- function buffer_end() {
458
- ob_end_flush();
459
- }
460
-
461
- /**
462
- * Replace HTTPS with HTTP
463
- *
464
- * @param string
465
- * @return string
466
- */
467
- function replace_https($string) {
468
- return str_replace('https://', 'http://', $string);
469
- }
470
-
471
- /**
472
- * Replace HTTP with HTTPS
473
- *
474
- * @param string
475
- * @return string
476
- */
477
- function replace_http($string) {
478
- return str_replace('http://', 'https://', $string);
479
- }
480
-
481
- /**
482
- * Settings page in admin panel
483
- *
484
- * @param none
485
- * @return void
486
- */
487
- function settings() {
488
- if ( !current_user_can('manage_options') ) {
489
- wp_die( __('You do not have sufficient permissions to access this page.') );
490
- }
491
-
492
- if ( $_SERVER['REQUEST_METHOD'] === 'POST' ) {
493
- $errors = array();
494
-
495
- foreach ($this->options_default as $key => $default) {
496
- if (!array_key_exists($key, $_POST) && $default == 0) {
497
- $_POST[$key] = 0;
498
- update_option($key, $_POST[$key]);
499
- } else {
500
- if ( $key == 'wordpress-https_sharedssl' && $_POST['wordpress-https_sharedssl_host'] == '' ) {
501
- $errors[] = '<strong>Shared SSL Host</strong> - Invalid host.';
502
- $_POST[$key] = 0;
503
- update_option($key, $_POST[$key]);
504
- } else if ( $key == 'wordpress-https_sharedssl_host' && $_POST[$key] != '' ) {
505
- $url = parse_url($_POST[$key]);
506
- if ( sizeof($url) > 0 ) {
507
- $_POST[$key] = 'https://' . $url['host'] . $url['path'];
508
- if ( substr($_POST[$key], -1, 1) == '/' ) {
509
- $_POST[$key] = substr($_POST[$key], 0, strlen($_POST[$key])-1);
510
- }
511
- update_option($key, $_POST[$key]);
512
- } else {
513
- $errors[] = '<strong>Shared SSL Host</strong> - Invalid host.';
514
- update_option($key, '');
515
- }
516
- } else if ( $key == 'wordpress-https_externalurls' && @ini_get('allow_url_fopen') != 1 ) {
517
- $errors[] = '<strong>External HTTPS Elements</strong> - PHP configuration error: allow_url_fopen must be enabled.';
518
- $_POST[$key] = 0;
519
- update_option($key, $_POST[$key]);
520
- } else if ($key == 'wordpress-https_disable_autohttps' && version_compare(get_bloginfo('version'),'3.0','<')) {
521
- $_POST[$key] = 0;
522
- update_option($key, $_POST[$key]);
523
- } else {
524
- update_option($key, $_POST[$key]);
525
- }
526
- }
527
- }
528
-
529
- if ( @$_POST['ajax'] == 1 ) {
530
- ob_clean();
531
- if ( sizeof( $errors ) > 0 ) {
532
- echo " <ul id=\"message\">\n";
533
- foreach ( $errors as $error ) {
534
- echo " <li class=\"error\"><p>".$error."</p></li>\n";
535
- }
536
- echo " </ul>\n";
537
- } else {
538
- echo " <div class=\"updated below-h2 fade\" id=\"message\"><p>Settings saved.</p></div>\n";
539
- }
540
- exit();
541
- }
542
- }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
543
  ?>
544
- <div class="wrap">
545
- <div id="icon-options-general" class="icon32"><br /></div>
546
- <h2>WordPress HTTPS Settings</h2>
 
547
 
548
  <?php
549
- if ( $_SERVER['REQUEST_METHOD'] === 'POST' ) {
550
- if ( sizeof( $errors ) > 0 ) {
551
- echo " <ul id=\"message\">\n";
552
- foreach ( $errors as $error ) {
553
- echo " <li class=\"error\"><p>".$error."</p></li>\n";
554
- }
555
- echo " </ul>\n";
556
- } else {
557
- echo " <div class=\"updated below-h2 fade\" id=\"message\"><p>Settings saved.</p></div>\n";
558
- }
559
- } else {
560
- echo " <div id=\"message-wrap\"><div id=\"message-body\"></div></div>\n";
561
- }
562
  ?>
563
 
564
- <div id="wphttps-sidebar">
565
-
566
- <div class="wphttps-widget" id="wphttps-support">
567
- <h3 class="wphttps-widget-title">Support</h3>
568
- <div class="wphttps-widget-content">
569
- <p>Have you tried everything and your website is still giving you partially encrypted errors?</p>
570
- <p>If you haven't already, check out the <a href="http://wordpress.org/extend/plugins/wordpress-https/faq/" target="_blank">Frequently Asked Questions</a>.</p>
571
- <p>Still not fixed? Having other problems? Please <a href="http://wordpress.org/tags/wordpress-https#postform" target="_blank">start a support topic</a> and I'll do my best to assist you.</p>
572
- </div>
573
- </div>
574
-
575
- <div class="wphttps-widget" id="wphttps-donate">
576
- <h3 class="wphttps-widget-title">Donate</h3>
577
- <div class="wphttps-widget-content">
578
- <p>If you found this plugin useful, or I've already helped you with your website, please considering buying me a <a href="http://en.wikipedia.org/wiki/Newcastle_Brown_Ale" target="_blank">beer</a> or two.</p>
579
- <p>Donations help alleviate the time spent developing and supporting this plugin and are greatly appreciated.</p>
580
-
581
- <form action="https://www.paypal.com/cgi-bin/webscr" method="post">
582
- <input type="hidden" name="cmd" value="_s-xclick">
583
- <input type="hidden" name="hosted_button_id" value="N9NFVADLVUR7A">
584
- <input type="image" src="https://www.paypal.com/en_US/i/btn/btn_donate_SM.gif" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!">
585
- <img alt="" border="0" src="https://www.paypal.com/en_US/i/scr/pixel.gif" width="1" height="1">
586
- </form>
587
-
588
- </div>
589
- </div>
590
-
591
- </div>
592
-
593
- <form name="form" id="wordpress-https" action="options-general.php?page=wordpress-https" method="post">
594
- <?php settings_fields('wordpress-https'); ?>
595
-
596
- <fieldset>
597
- <label for="wordpress-https_internalurls"><input name="wordpress-https_internalurls" type="checkbox" id="wordpress-https_internalurls" value="1"<?php echo ((get_option('wordpress-https_internalurls')) ? ' checked="checked"' : ''); ?> /> <strong>Internal HTTPS Elements</strong></label>
598
- <p>Force internal elements to HTTPS when viewing a secure page.</p>
599
- <p class="description">Fixes most partially encrypted errors.</p>
600
- </fieldset>
601
-
602
- <fieldset>
603
- <label for="wordpress-https_externalurls"><input name="wordpress-https_externalurls" type="checkbox" id="wordpress-https_externalurls" value="1"<?php echo ((get_option('wordpress-https_externalurls')) ? ' checked="checked"' : ''); ?> /> <strong>External HTTPS Elements</strong></label>
604
- <p>Attempt to automatically force external elements to HTTPS when viewing a secure page. External elements are any element not hosted on your domain.</p>
605
- <p class="description">Warning: This option checks that the external element can be loaded via HTTPS while the page is loading. Depending on the amount of external elements, this could affect the load times of your pages.</p>
606
- </fieldset>
607
-
608
- <fieldset>
609
- <label for="wordpress-https_bypass"><input name="wordpress-https_bypass" type="checkbox" id="wordpress-https_bypass" value="1"<?php echo ((get_option('wordpress-https_bypass')) ? ' checked="checked"' : ''); ?> /> <strong>Bypass External Check</strong></label>
610
- <p>Disable the option to check if an external element can be loaded over HTTPS.</p>
611
- <p class="description">Warning: Bypassing the HTTPS check for external elements may cause elements to not load at all. Only enable this option if you know that all external elements can be loaded over HTTPS.</p>
612
- </fieldset>
 
 
 
 
 
 
613
 
614
  <?php if (version_compare(get_bloginfo('version'),'3.0','>=')) { ?>
615
- <fieldset>
616
- <label for="wordpress-https_disable_autohttps"><input name="wordpress-https_disable_autohttps" type="checkbox" id="wordpress-https_disable_autohttps" value="1"<?php echo ((get_option('wordpress-https_disable_autohttps')) ? ' checked="checked"' : ''); ?> /> <strong>Disable Automatic HTTPS</strong></label>
617
- <p>Prevents WordPress 3.0+ from making all links HTTPS when viewing a secure page.</p>
618
- <p class="description">When a page is viewed via HTTPS in WordPress 3.0+, all internal page, category and post links are forced to HTTPS. This option will disable that.</p>
619
- </fieldset>
620
 
621
  <?php } ?>
622
- <fieldset>
623
- <label for="wordpress-https_exclusive_https"><input name="wordpress-https_exclusive_https" type="checkbox" id="wordpress-https_exclusive_https" value="1"<?php echo ((get_option('wordpress-https_exclusive_https')) ? ' checked="checked"' : ''); ?> /> <strong>Force SSL Exclusively</strong></label>
624
- <p>Exclusively force SSL on posts and pages with the `Force SSL` option checked. All others are redirected to HTTP.</p>
625
- <p class="description">WordPress HTTPS adds a 'Force SSL' checkbox to each post and page right above the publish button (<a href="<?php echo $this->plugin_url; ?>/screenshot-2.png" target="_blank">screenshot</a>). When selected, the post or page will be forced to HTTPS. With this option enabled, all posts and pages without 'Force SSL' checked will be redirected to HTTP.</p>
626
- </fieldset>
627
-
628
- <fieldset>
629
- <label for="wordpress-https_sharedssl"><input name="wordpress-https_sharedssl" type="checkbox" id="wordpress-https_sharedssl" value="1"<?php echo ((get_option('wordpress-https_sharedssl')) ? ' checked="checked"' : ''); ?> /> <strong>Shared SSL</strong></label>
630
- <p>Enable this option if you are using a Shared SSL certificate and your Shared SSL Host is something other than '<?php echo $this->replace_http($this->http_url); ?>/'.</p>
631
- <label><strong>Shared SSL Host</strong> <input name="wordpress-https_sharedssl_host" type="text" id="wordpress-https_sharedssl_host" value="<?php echo get_option('wordpress-https_sharedssl_host'); ?>" /></label>
632
- </fieldset>
 
 
 
 
 
 
633
 
634
  <?php if (get_option('show_on_front') == 'posts') { ?>
635
- <fieldset>
636
- <label for="wordpress-https_frontpage"><input name="wordpress-https_frontpage" type="checkbox" id="wordpress-https_frontpage" value="1"<?php echo ((get_option('wordpress-https_frontpage')) ? ' checked="checked"' : ''); ?> /> <strong>HTTPS Front Page</strong></label>
637
- <p>It appears you are using your latest posts for your home page. If you would like that page to have SSL enforced, enable this option.</p>
638
- </fieldset>
639
 
640
  <?php } ?>
641
- <p class="button-controls">
642
- <input type="submit" name="Submit" value="Save Changes" class="button-primary" />
643
- <img alt="Waiting..." src="<?php echo $this->plugin_url; ?>/css/images/wpspin_light.gif" class="waiting" id="submit-waiting" />
644
- </p>
645
- </form>
646
-
647
- <br style="clear: both" />
648
 
649
- </div>
650
  <?php
651
- }
652
- } // End WordPressHTTPS Class
653
  }
654
 
655
  if ( class_exists('WordPressHTTPS') ) {
656
- $wordpress_https = new WordPressHTTPS();
 
657
  }
658
- ?>
 
 
 
 
 
 
 
1
  <?php
2
  /*
3
+ Plugin Name: WordPress HTTPS
4
+ Plugin URI: http://mvied.com/projects/wordpress-https/
5
+ Description: WordPress HTTPS is intended to be an all-in-one solution to using SSL on WordPress sites.
6
+ Author: Mike Ems
7
+ Version: 1.9
8
+ Author URI: http://mvied.com/
9
+ */
10
 
11
  /**
12
+ * Class for the WordPress plugin WordPress HTTPS
13
+ *
14
+ * @authorMike Ems
15
+ * @package WordPressHTTPS
16
+ * @copyright Copyright 2011
17
+ *
18
+ * @return object
19
+ *
20
+ */
21
 
22
  if ( !class_exists('WordPressHTTPS') ) {
23
+ class WordPressHTTPS {
24
+
25
+ /**
26
+ * Plugin version
27
+ *
28
+ * @var int
29
+ */
30
+ var $plugin_version = '1.9';
31
+
32
+ /**
33
+ * Plugin URL
34
+ *
35
+ * @var string
36
+ */
37
+ var $plugin_url;
38
+
39
+ /**
40
+ * HTTP URL
41
+ *
42
+ * @var string
43
+ */
44
+ var $http_url;
45
+
46
+ /**
47
+ * HTTPS URL
48
+ *
49
+ * @var string
50
+ */
51
+ var $https_url;
52
+
53
+ /**
54
+ * Shared SSL
55
+ *
56
+ * @var boolean
57
+ */
58
+ var $shared_ssl = 0;
59
+
60
+ /**
61
+ * Shared SSL Admin
62
+ *
63
+ * @var boolean
64
+ */
65
+ var $shared_ssl_admin = 0;
66
+
67
+ /**
68
+ * Default options
69
+ *
70
+ * @var array
71
+ */
72
+ var $options_default = array(
73
+ 'wordpress-https_internalurls' => 1, // Force internal URL's to HTTPS
74
+ 'wordpress-https_externalurls' => 0, // Force external URL's to HTTPS
75
+ 'wordpress-https_bypass' => 0, // Bypass option to check if external elements can be loaded via HTTPS
76
+ 'wordpress-https_disable_autohttps'=> 0, // Prevents WordPress 3.0+ from making all links HTTPS when viewing a secure page.
77
+ 'wordpress-https_exclusive_https'=> 0, // Exclusively force SSL on posts and pages with the `Force SSL` option checked.
78
+ 'wordpress-https_frontpage'=> 0, // Force SSL on front page
79
+ 'wordpress-https_sharedssl'=> 0, // Enable Shared SSL
80
+ 'wordpress-https_sharedssl_admin' => 0, // Shared SSL for admin panel
81
+ 'wordpress-https_sharedssl_host' => '' // Hostname for Shared SSL
82
+ );
83
+
84
+ /**
85
+ * Initialize plugin (PHP4)
86
+ *
87
+ * @param none
88
+ * @return void
89
+ */
90
+ function WordPressHTTPS() {
91
+ $argcv = func_get_args();
92
+ call_user_func_array(array(&$this, '__construct'), $argcv);
93
+ }
94
+
95
+ /**
96
+ * Initialize plugin (PHP5+)
97
+ *
98
+ * @param none
99
+ * @return void
100
+ */
101
+ function __construct() {
102
+ // Assign plugin_url
103
+ if ( version_compare( get_bloginfo('version'), '2.8', '>=' ) ) {
104
+ $this->plugin_url = plugins_url('', __FILE__);
105
+ } else {
106
+ $this->plugin_url = WP_PLUGIN_URL . '/' . plugin_basename(dirname(__FILE__));
107
+ }
108
+
109
+ // Assign HTTP URL
110
+ $this->http_url = 'http://' . parse_url(get_option('home'), PHP_URL_HOST);
111
+ // Assign HTTPS URL
112
+ $this->https_url = $this->replace_http($this->http_url);
113
+
114
+ // Shared SSL
115
+ if (get_option('wordpress-https_sharedssl') == 1 && get_option('wordpress-https_sharedssl_host') != '') {
116
+ // Turn on Shared SSL
117
+ $this->shared_ssl = 1;
118
+ // Assign HTTPS URL to Shared SSL Host
119
+ $this->https_url = get_option('wordpress-https_sharedssl_host');
120
+ // Prevent WordPress from causing a redirect loop
121
+ remove_filter('template_redirect', 'redirect_canonical');
122
+ }
123
+
124
+ // Fix admin_url for Shared SSL login
125
+ if ( $GLOBALS['pagenow'] == 'wp-login.php' && $this->shared_ssl == 1 && $this->is_ssl() ) {
126
+ add_filter( 'admin_url', array( &$this, 'replace_http_url' ) );
127
+ }
128
+
129
+ // Filter site_url in admin panel when using Shared SSL
130
+ if ( is_admin() && $this->shared_ssl == 1 && $this->is_ssl() ) {
131
+ add_filter( 'site_url', array( &$this, 'replace_http_url' ) );
132
+ }
133
+
134
+ // Redirect login page if using Shared SSL. This is not pluggable due to the redirect methods used in wp-login.php
135
+ if ( $GLOBALS['pagenow'] == 'wp-login.php' && $this->shared_ssl == 1 && !$this->is_ssl() && get_option('wordpress-https_sharedssl_admin') == 1 ) {
136
+ $this->redirect(true);
137
+ }
138
+
139
+ // Start output buffering
140
+ add_action('plugins_loaded', array(&$this, 'buffer_start'));
141
+
142
+ if ( is_admin() ) {
143
+ // Add admin menus
144
+ add_action('admin_menu', array(&$this, 'menu'));
145
+
146
+ // Load on plugins page
147
+ if ( $GLOBALS['pagenow'] == 'plugins.php' ) {
148
+ add_filter( 'plugin_row_meta', array( &$this, 'plugin_links' ), 10, 2);
149
+ }
150
+
151
+ // Load on Settings page
152
+ if ( @$_GET['page'] == 'wordpress-https' ) {
153
+ wp_enqueue_script('jquery-form', $this->plugin_url . '/js/jquery.form.js', array('jquery'), '2.47', true);
154
+ wp_enqueue_script('wordpress-https', $this->plugin_url . '/js/admin.php', array('jquery'), $this->plugin_version, true);
155
+ wp_enqueue_style('wordpress-https', $this->plugin_url . '/css/admin.css', $this->plugin_version, true);
156
+ }
157
+
158
+ // Add 'Force SSL' checkbox to add/edit post pages
159
+ if ( version_compare( get_bloginfo('version'), '2.8', '>' ) ) {
160
+ add_action('post_submitbox_misc_actions', array(&$this, 'post_checkbox'));
161
+ } else {
162
+ add_action('post_submitbox_start', array(&$this, 'post_checkbox'));
163
+ }
164
+ add_action('save_post', array(&$this, 'post_save'));
165
+ }
166
+
167
+ // Check if the page needs to be redirected
168
+ add_action('template_redirect', array(&$this, 'check_https'));
169
+
170
+ // Filter HTTPS from links in WP 3.0+
171
+ if ( get_option('wordpress-https_disable_autohttps') == 1 && !is_admin() && strpos(get_option('home'), 'https://') === false ) {
172
+ add_filter('page_link', array(&$this, 'replace_https'));
173
+ add_filter('post_link', array(&$this, 'replace_https'));
174
+ add_filter('category_link', array(&$this, 'replace_https'));
175
+ add_filter('get_archives_link', array(&$this, 'replace_https'));
176
+ add_filter('tag_link', array(&$this, 'replace_https'));
177
+ add_filter('search_link', array(&$this, 'replace_https'));
178
+ add_filter('home_url', array(&$this, 'replace_https'));
179
+ add_filter('bloginfo', array(&$this, 'bloginfo'), 10, 2);
180
+ add_filter('bloginfo_url', array(&$this, 'bloginfo'), 10, 2);
181
+
182
+ // If the whole site is not HTTPS, set links to the front-end to HTTP
183
+ } else if ( is_admin() && $this->is_ssl() && strpos(get_option('home'), 'https://') === false ) {
184
+ add_filter('page_link', array(&$this, 'replace_https'));
185
+ add_filter('post_link', array(&$this, 'replace_https'));
186
+ add_filter('category_link', array(&$this, 'replace_https'));
187
+ add_filter('get_archives_link', array(&$this, 'replace_https'));
188
+ add_filter('tag_link', array(&$this, 'replace_https'));
189
+ add_filter('search_link', array(&$this, 'replace_https'));
190
+ }
191
+
192
+ // End output buffering
193
+ //add_action('shutdown', array(&$this, 'buffer_end'));
194
+ }
195
+
196
+ /**
197
+ * Operations performed when plugin is activated.
198
+ *
199
+ * @param none
200
+ * @return void
201
+ */
202
+ function install() {
203
+ // Set default options
204
+ foreach ( $this->options_default as $option => $value ) {
205
+ if ( get_option($option) === false ) {
206
+ add_option($option, $value);
207
+ }
208
+ }
209
+ }
210
+
211
+ /**
212
+ * Sets the authentication cookies based User ID.
213
+ * Override for WordPress' pluggable function wp_set_auth_cookie
214
+ *
215
+ * The $remember parameter increases the time that the cookie will be kept. The
216
+ * default the cookie is kept without remembering is two days. When $remember is
217
+ * set, the cookies will be kept for 14 days or two weeks.
218
+ *
219
+ * @param int $user_id User ID
220
+ * @param bool $remember Whether to remember the user or not
221
+ */
222
+ function wp_set_auth_cookie($user_id, $remember = false, $secure = '') {
223
+ if ( $remember ) {
224
+ $expiration = $expire = time() + apply_filters('auth_cookie_expiration', 1209600, $user_id, $remember);
225
+ } else {
226
+ $expiration = time() + apply_filters('auth_cookie_expiration', 172800, $user_id, $remember);
227
+ $expire = 0;
228
+ }
229
+
230
+ if ( $this->shared_ssl == 1 && $this->is_ssl() ) {
231
+ $secure = (($secure === '') ? true : $secure);
232
+ } else if ( $secure === '' ) {
233
+ $secure = is_ssl() ? true : false;
234
+ }
235
+
236
+ if ( $secure ) {
237
+ $auth_cookie_name = SECURE_AUTH_COOKIE;
238
+ $scheme = 'secure_auth';
239
+ } else {
240
+ $auth_cookie_name = AUTH_COOKIE;
241
+ $scheme = 'auth';
242
+ }
243
+
244
+ $auth_cookie = wp_generate_auth_cookie($user_id, $expiration, $scheme);
245
+ $logged_in_cookie = wp_generate_auth_cookie($user_id, $expiration, 'logged_in');
246
+
247
+ do_action('set_auth_cookie', $auth_cookie, $expire, $expiration, $user_id, $scheme);
248
+ do_action('set_logged_in_cookie', $logged_in_cookie, $expire, $expiration, $user_id, 'logged_in');
249
+
250
+ // Cookie paths defined to accomodate Shared SSL
251
+ $cookie_domain = (($this->shared_ssl == 1 && $this->is_ssl()) ? '.' . parse_url($this->https_url, PHP_URL_HOST) : COOKIE_DOMAIN);
252
+ $cookie_path = (($this->shared_ssl == 1 && $this->is_ssl()) ? rtrim(parse_url($this->https_url, PHP_URL_PATH), '/') . ((COOKIEPATH != '/') ? COOKIEPATH : '') . '/' : COOKIEPATH);
253
+ $cookie_path_site = (($this->shared_ssl == 1 && $this->is_ssl()) ? rtrim(parse_url($this->https_url, PHP_URL_PATH), '/') . ((SITECOOKIEPATH != '/') ? SITECOOKIEPATH : '') . '/' : SITECOOKIEPATH);
254
+ $cookie_path_plugins = (($this->shared_ssl == 1 && $this->is_ssl()) ? rtrim(parse_url($this->https_url, PHP_URL_PATH), '/') . ((PLUGINS_COOKIE_PATH != '/') ? PLUGINS_COOKIE_PATH : '') . '/' : PLUGINS_COOKIE_PATH);
255
+ $cookie_path_admin = $cookie_path_site . 'wp-admin';
256
+
257
+ // Set httponly if the php version is >= 5.2.0
258
+ if ( version_compare(phpversion(), '5.2.0', 'ge') ) {
259
+ setcookie($auth_cookie_name, $auth_cookie, $expire, $cookie_path_plugins, $cookie_domain, $secure, true);
260
+ setcookie($auth_cookie_name, $auth_cookie, $expire, $cookie_path_admin, $cookie_domain, $secure, true);
261
+ setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, $cookie_path, $cookie_domain, false, true);
262
+ if ( $cookie_path != $cookie_path_site )
263
+ setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, $cookie_path_site, $cookie_domain, false, true);
264
+ } else {
265
+ if ( !empty($cookie_domain) )
266
+ $cookie_domain .= '; HttpOnly';
267
+ setcookie($auth_cookie_name, $auth_cookie, $expire, $cookie_path_plugins, $cookie_domain, $secure);
268
+ setcookie($auth_cookie_name, $auth_cookie, $expire, $cookie_path_admin, $cookie_domain, $secure);
269
+ setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, $cookie_path, $cookie_domain);
270
+ if ( $cookie_path != $cookie_path_site )
271
+ setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, $cookie_path_site, $cookie_domain);
272
+ }
273
+ }
274
+
275
+ /**
276
+ * Process output buffer
277
+ *
278
+ * @param string
279
+ * @return string
280
+ */
281
+ function process($buffer) {
282
+ if ( $this->is_ssl() ) {
283
+ // Fix the regular stuff
284
+ if (is_admin()) {
285
+ preg_match_all('/\<(script|link)[^>]+((http|https):\/\/[\/-\w\.#?=\+&;]+)[^>]+>/im', $buffer, $matches);
286
+ } else {
287
+ preg_match_all('/\<(script|link|img|input|form|embed|param)[^>]+((http|https):\/\/[\/-\w\.#?=\+&;]+)[^>]+>/im', $buffer, $matches);
288
+ }
289
+
290
+ for ($i = 0; $i<=sizeof($matches[0]); $i++) {
291
+ $html = $matches[0][$i];
292
+ $type = $matches[1][$i];
293
+ $url= $matches[2][$i];
294
+ $scheme = $matches[3][$i];
295
+
296
+ if ( $type == 'img' || $type == 'script' || $type == 'embed' ||
297
+ ( $type == 'link' && ( strpos($html, 'stylesheet') !== false || strpos($html, 'pingback') !== false ) ) ||
298
+ ( $type == 'form' && strpos($html, 'loginform') !== false ) ||
299
+ ( $type == 'form' && strpos($html, 'wp-pass.php') !== false ) ||
300
+ ( $type == 'input' && strpos($html, 'image') !== false ) ||
301
+ ( $type == 'param' && strpos($html, 'movie') !== false )
302
+ ) {
303
+ if ( strpos($url, $this->http_url) !== false && get_option('wordpress-https_internalurls') == 1 ) {
304
+ $buffer = str_replace($html, $this->replace_http_url($html), $buffer);
305
+ } else if ( $this->shared_ssl && get_option('wordpress-https_internalurls') == 1 && strpos($html, $this->http_url) !== false ) {
306
+ $buffer = str_replace($html, $this->replace_http_url($html), $buffer);
307
+ } else if ( strpos($url, $this->https_url) === false && strpos($url, 'https://') === false && get_option('wordpress-https_externalurls') == 1 ) {
308
+ if ( get_option('wordpress-https_bypass') == 1 ) {
309
+ $buffer = str_replace($html, $this->replace_http($html), $buffer);
310
+ } else if ( @file_get_contents($this->replace_http($url)) !== false ) {
311
+ $buffer = str_replace($html, $this->replace_http($html), $buffer);
312
+ }
313
+ }
314
+ }
315
+ }
316
+
317
+ // Fix any CSS background images
318
+ preg_match_all('/background: url\([\'"]?(http:\/\/[\/-\w\.#?=\+&;]+)[\'"]?\)/im', $buffer, $matches);
319
+ for ($i = 0; $i<=sizeof($matches[0]); $i++) {
320
+ $css = $matches[0][$i];
321
+ $url = $matches[1][$i];
322
+
323
+ $buffer = str_replace($css, $this->replace_http_url($css), $buffer);
324
+ }
325
+
326
+ // Look for any relative paths that should be udpated to the Shared SSL path
327
+ if ( $this->shared_ssl == 1 ) {
328
+ preg_match_all('/\<(script|link|img|input|form|embed|param|a)[^>]+[\'"](\/[\/-\w\.#?=\+&;]*)[^>]+>/im', $buffer, $matches);
329
+
330
+ for ($i = 0; $i<=sizeof($matches[0]); $i++) {
331
+ $html = $matches[0][$i];
332
+ $type = $matches[1][$i];
333
+ $url= $matches[2][$i];
334
+
335
+ $buffer = str_replace($html, str_replace($url, $this->https_url . $url, $html), $buffer);
336
+ }
337
+ }
338
+ }
339
+
340
+ // Update anchor tags to appropriate URL's
341
+ preg_match_all('/\<a[^>]+[\'"]((http|https):\/\/[\/-\w\.#?=\+&;]+)[^>]+>/im', $buffer, $matches);
342
+
343
+ for ($i = 0; $i<=sizeof($matches[0]); $i++) {
344
+ $html = $matches[0][$i];
345
+ $url= $matches[1][$i];
346
+ $scheme = $matches[2][$i];
347
+
348
+ $url_path = parse_url($url, PHP_URL_PATH);
349
+ if ($this->shared_ssl) {
350
+ $url_path = str_replace(parse_url($this->https_url, PHP_URL_PATH), '', $url_path);
351
+ } else {
352
+ $url_path = str_replace(parse_url(get_option('home'), PHP_URL_PATH), '', $url_path);
353
+ }
354
+
355
+ if ( preg_match("/page_id=([\d]+)/", parse_url($url, PHP_URL_QUERY), $postID) == 1 ) {
356
+ $post = $postID[1];
357
+ } else if ($post = get_page_by_path($url_path)) {
358
+ $post = $post->ID;
359
+ } else if ($url_path == '/') {
360
+ $post = get_option('page_on_front');
361
+ }
362
+
363
+ if ($post) {
364
+ $force_ssl = get_post_meta($post, 'force_ssl', true);
365
+
366
+ if ($force_ssl) {
367
+ $buffer = str_replace($html, $this->replace_http_url($html), $buffer);
368
+ } else if (get_option('wordpress-https_exclusive_https') == 1) {
369
+ $buffer = str_replace($html, str_replace($this->https_url, $this->http_url, $html), $buffer);
370
+ }
371
+ }
372
+ }
373
+
374
+ // Fix any links that contain the HTTPS version of the regular domain when using Shared SSL
375
+ if ( $this->shared_ssl && get_option('wordpress-https_internalurls') == 1 ) {
376
+ $regex_url = preg_quote($this->replace_http($this->http_url));
377
+ $regex_url = str_replace('/', '\/', $regex_url);
378
+ preg_match_all('/\<a[^>]+(' . $regex_url . ')[^>]+>/im', $buffer, $matches);
379
+
380
+ for ($i = 0; $i<=sizeof($matches[0]); $i++) {
381
+ $html = $matches[0][$i];
382
+ $url= $matches[1][$i];
383
+
384
+ $buffer = str_replace($html, str_replace($url, $this->https_url, $html), $buffer);
385
+ }
386
+ }
387
+
388
+ return $buffer;
389
+ }
390
+
391
+ /**
392
+ * Checks if the current page is SSL
393
+ *
394
+ * @param none
395
+ * @return void
396
+ */
397
+ function is_ssl() {
398
+ // Some extra checks for proxies and Shared SSL
399
+ if ( isset($_SERVER['HTTP_X_FORWARDED_SERVER']) && !is_ssl() && strpos($this->https_url, $_SERVER['HTTP_X_URL_SCHEME'] . '://' . $_SERVER['HTTP_X_FORWARDED_SERVER']) !== false ) {
400
+ return true;
401
+ } else if ( $this->shared_ssl == 1 && !is_ssl() && strpos($this->https_url, $_SERVER['HTTP_HOST']) !== false ) {
402
+ return true;
403
+ }
404
+ return is_ssl();
405
+ }
406
+
407
+ /**
408
+ * Checks if the current page needs to be redirected
409
+ *
410
+ * @param none
411
+ * @return void
412
+ */
413
+ function check_https() {
414
+ global $post;
415
+ if ( is_front_page() && get_option('show_on_front') == 'posts' ) {
416
+ if ( get_option('wordpress-https_frontpage') == 1 && !$this->is_ssl() ) {
417
+ $this->redirect(true);
418
+ } else if ( get_option('wordpress-https_frontpage') != 1 && get_option('wordpress-https_exclusive_https') == 1 && $this->is_ssl() ) {
419
+ $this->redirect(false);
420
+ }
421
+ } else if ( ( is_single() || is_page() || is_front_page() || is_home() ) && $post->ID > 0 ) {
422
+ $forceSSL = get_post_meta($post->ID, 'force_ssl');
423
+ if ( !$this->is_ssl() && $forceSSL ) {
424
+ $this->redirect(true);
425
+ } else if ( get_option('wordpress-https_exclusive_https') == 1 && !$forceSSL ) {
426
+ $this->redirect(false);
427
+ }
428
+ }
429
+ }
430
+
431
+ /**
432
+ * Redirects page to HTTP or HTTPS accordingly
433
+ *
434
+ * @param boolean $ssl
435
+ * @return void
436
+ */
437
+ function redirect($ssl = true) {
438
+ if ( !$this->is_ssl() && $ssl == true ) {
439
+ $url = parse_url($this->https_url);
440
+ $url['scheme'] = 'https';
441
+ } else if ( $this->is_ssl() && $ssl == false ) {
442
+ $url = parse_url($this->http_url);
443
+ $url['scheme'] = 'http';
444
+ } else {
445
+ $url = false;
446
+ }
447
+ if ($url) {
448
+ $destination = $url['scheme'] . '://' . $url['host'] . (($this->shared_ssl) ? $url['path'] : '') . $_SERVER['REQUEST_URI'];
449
+ if (function_exists('wp_redirect')) {
450
+ wp_redirect($destination, 301);
451
+ } else {
452
+ // End all output buffering and redirect
453
+ while(@ob_end_flush());
454
+ header("Location: " . $destination);
455
+ }
456
+ exit();
457
+ }
458
+ }
459
+
460
+ /**
461
+ * Add 'Force SSL' checkbox to add/edit post pages
462
+ *
463
+ * @param none
464
+ * @return void
465
+ */
466
+ function post_checkbox() {
467
+ global $post;
468
+
469
+ wp_nonce_field(plugin_basename(__FILE__), 'wordpress-https');
470
+
471
+ $checked = false;
472
+ if ($post->ID) {
473
+ $checked = get_post_meta($post->ID, 'force_ssl', true);
474
+ }
475
+ echo '<div class="misc-pub-section misc-pub-section-last" style="border-top: 1px solid #EEE;"><label>Force SSL: <input type="checkbox" value="1" name="force_ssl" id="force_ssl"'.(($checked) ? ' checked="checked"' : '').' /></label></div>';
476
+ }
477
+
478
+ /**
479
+ * Save Force SSL option to post or page
480
+ *
481
+ * @param int $post_id
482
+ * @return int $post_id
483
+ */
484
+ function post_save( $post_id ) {
485
+ if ( array_key_exists('wordpress-https', $_POST) ) {
486
+ if ( !wp_verify_nonce($_POST['wordpress-https'], plugin_basename(__FILE__))) {
487
+ return $post_id;
488
+ }
489
+
490
+ if ( defined('DOING_AUTOSAVE') && DOING_AUTOSAVE ) {
491
+ return $post_id;
492
+ }
493
+
494
+ if ( $_POST['post_type'] == 'page' ) {
495
+ if ( !current_user_can('edit_page', $post_id) ) {
496
+ return $post_id;
497
+ }
498
+ } else {
499
+ if ( !current_user_can('edit_post', $post_id) ) {
500
+ return $post_id;
501
+ }
502
+ }
503
+
504
+ $forceSSL = (($_POST['force_ssl'] == 1) ? true : false);
505
+ if ($forceSSL) {
506
+ update_post_meta($post_id, 'force_ssl', 1);
507
+ } else {
508
+ delete_post_meta($post_id, 'force_ssl');
509
+ }
510
+
511
+ return $forceSSL;
512
+ }
513
+ return $post_id;
514
+ }
515
+
516
+ /**
517
+ * Filters HTTPS urls from bloginfo function
518
+ *
519
+ * @param string $result
520
+ * @param string $show
521
+ * @return string
522
+ */
523
+ function bloginfo($result = '', $show = '') {
524
+ if ($show == 'stylesheet_url' || $show == 'template_url' || $show == 'wpurl' || $show == 'home' || $show == 'siteurl' || $show == 'url') {
525
+ $result = $this->replace_https($result);
526
+ }
527
+ return $result;
528
+ }
529
+
530
+ /**
531
+ * Add admin panel menu option
532
+ *
533
+ * @param none
534
+ * @return void
535
+ */
536
+ function menu() {
537
+ add_options_page('WordPress HTTPS Settings', 'WordPress HTTPS', 'manage_options', 'wordpress-https', array(&$this, 'settings'));
538
+ }
539
+
540
+ /**
541
+ * Add plugin links to Manage Plugins page in admin panel
542
+ *
543
+ * @param array $links
544
+ * @param string $file
545
+ * @return array
546
+ */
547
+ function plugin_links($links, $file) {
548
+ if ( strpos($file, basename( __FILE__)) === false ) {
549
+ return $links;
550
+ }
551
+
552
+ $links[] = '<a href="' . site_url() . '/wp-admin/options-general.php?page=wordpress-https" title="WordPress HTTPS Settings">Settings</a>';
553
+ $links[] = '<a href="http://wordpress.org/extend/plugins/wordpress-https/faq/" title="Frequently Asked Questions">FAQ</a>';
554
+ $links[] = '<a href="http://wordpress.org/tags/wordpress-https#postform" title="Support">Support</a>';
555
+ $links[] = '<a href="https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=6ZL95VTJ388HG" title="Support WordPress HTTPS development with a donation!">Donate</a>';
556
+ return $links;
557
+ }
558
+
559
+ /**
560
+ * Start output buffering
561
+ *
562
+ * @param none
563
+ * @return void
564
+ */
565
+ function buffer_start() {
566
+ if ( get_option('wordpress-https_externalurls') == 1 && get_option('wordpress-https_bypass') != 1 ) {
567
+ @ini_set('allow_url_fopen', 1);
568
+ }
569
+ ob_start(array(&$this, 'process'));
570
+ }
571
+
572
+ /**
573
+ * End output buffering
574
+ *
575
+ * @param none
576
+ * @return void
577
+ */
578
+ function buffer_end() {
579
+ ob_end_flush();
580
+ }
581
+
582
+ /**
583
+ * Replaces HTTP URL to HTTPS URL
584
+ *
585
+ * @param none
586
+ * @return string
587
+ */
588
+ function replace_http_url($url) {
589
+ return str_replace($this->http_url, $this->https_url, $url);
590
+ }
591
+
592
+ /**
593
+ * Replace HTTPS with HTTP
594
+ *
595
+ * @param string
596
+ * @return string
597
+ */
598
+ function replace_https($string) {
599
+ return str_replace('https://', 'http://', $string);
600
+ }
601
+
602
+ /**
603
+ * Replace HTTP with HTTPS
604
+ *
605
+ * @param string
606
+ * @return string
607
+ */
608
+ function replace_http($string) {
609
+ return str_replace('http://', 'https://', $string);
610
+ }
611
+
612
+ /**
613
+ * Settings page in admin panel
614
+ *
615
+ * @param none
616
+ * @return void
617
+ */
618
+ function settings() {
619
+ if ( !current_user_can('manage_options') ) {
620
+ wp_die( __('You do not have sufficient permissions to access this page.') );
621
+ }
622
+
623
+ if ( $_SERVER['REQUEST_METHOD'] === 'POST' ) {
624
+ $errors = array();
625
+
626
+ foreach ($this->options_default as $key => $default) {
627
+ if (!array_key_exists($key, $_POST) && $default == 0) {
628
+ $_POST[$key] = 0;
629
+ update_option($key, $_POST[$key]);
630
+ } else {
631
+ if ( $key == 'wordpress-https_sharedssl_host' ) {
632
+ if ( isset($_POST[$key]) ) {
633
+ $url = parse_url($_POST[$key]);
634
+ }
635
+ if ( sizeof($url) > 1 ) {
636
+ $_POST[$key] = 'https://' . $url['host'] . @$url['path'];
637
+ if ( substr($_POST[$key], -1, 1) == '/' ) {
638
+ $_POST[$key] = substr($_POST[$key], 0, strlen($_POST[$key])-1);
639
+ }
640
+ } else if ( $_POST['wordpress-https_sharedssl'] == 1 ) {
641
+ $errors[] = '<strong>Shared SSL Host</strong> - Invalid host.';
642
+ update_option('wordpress-https_sharedssl', 0);
643
+ }
644
+ } else if ( $key == 'wordpress-https_sharedssl_admin' ) {
645
+ if ( force_ssl_admin() || force_ssl_login() ) {
646
+ $errors[] = '<strong>Shared SSL Admin</strong> - FORCE_SSL_ADMIN and FORCE_SSL_LOGIN can not be set to true in your wp-config.php.';
647
+ $_POST[$key] = 0;
648
+ }
649
+ } else if ( $key == 'wordpress-https_externalurls' && @ini_get('allow_url_fopen') != 1 ) {
650
+ $errors[] = '<strong>External HTTPS Elements</strong> - PHP configuration error: allow_url_fopen must be enabled.';
651
+ $_POST[$key] = 0;
652
+ } else if ($key == 'wordpress-https_disable_autohttps' && version_compare(get_bloginfo('version'),'3.0','<')) {
653
+ $_POST[$key] = 0;
654
+ }
655
+
656
+ update_option($key, $_POST[$key]);
657
+ }
658
+ }
659
+
660
+ if ( array_key_exists('ajax', $_POST) ) {
661
+ ob_clean();
662
+ if ( sizeof( $errors ) > 0 ) {
663
+ echo "<div class=\"error below-h2 fade\" id=\"message\">\n\t<ul>\n";
664
+ foreach ( $errors as $error ) {
665
+ echo "\t\t<li><p>".$error."</p></li>\n";
666
+ }
667
+ echo "\t</ul>\n</div>\n";
668
+ } else {
669
+ echo "<div class=\"updated below-h2 fade\" id=\"message\"><p>Settings saved.</p></div>\n";
670
+ }
671
+ exit();
672
+ }
673
+ }
674
  ?>
675
+
676
+ <div class="wrap">
677
+ <div id="icon-options-general" class="icon32"><br /></div>
678
+ <h2>WordPress HTTPS Settings</h2>
679
 
680
  <?php
681
+ if ( $_SERVER['REQUEST_METHOD'] === 'POST' ) {
682
+ if ( sizeof( $errors ) > 0 ) {
683
+ echo "\t<ul id=\"message\">\n";
684
+ foreach ( $errors as $error ) {
685
+ echo "\t\t<li class=\"error\"><p>".$error."</p></li>\n";
686
+ }
687
+ echo "\t</ul>\n";
688
+ } else {
689
+ echo "\t\t<div class=\"updated below-h2 fade\" id=\"message\"><p>Settings saved.</p></div>\n";
690
+ }
691
+ } else {
692
+ echo "\t<div id=\"message-wrap\"><div id=\"message-body\"></div></div>\n";
693
+ }
694
  ?>
695
 
696
+ <div id="wphttps-sidebar">
697
+
698
+ <div class="wphttps-widget" id="wphttps-updates">
699
+ <h3 class="wphttps-widget-title">Developer Updates</h3>
700
+ <div class="wphttps-widget-content"><img alt="Loading..." src="<?php echo parse_url($this->plugin_url, PHP_URL_PATH); ?>/css/images/wpspin_light.gif" class="loading" id="updates-loading" /></div>
701
+ </div>
702
+
703
+ <div class="wphttps-widget" id="wphttps-support">
704
+ <h3 class="wphttps-widget-title">Support</h3>
705
+ <div class="wphttps-widget-content">
706
+ <p>Have you tried everything and your website is still giving you partially encrypted errors?</p>
707
+ <p>If you haven't already, check out the <a href="http://wordpress.org/extend/plugins/wordpress-https/faq/" target="_blank">Frequently Asked Questions</a>.</p>
708
+ <p>Still not fixed? Having other problems? Please <a href="http://wordpress.org/tags/wordpress-https#postform" target="_blank">start a support topic</a> and I'll do my best to assist you.</p>
709
+ </div>
710
+ </div>
711
+
712
+ <div class="wphttps-widget" id="wphttps-donate">
713
+ <h3 class="wphttps-widget-title">Donate</h3>
714
+ <div class="wphttps-widget-content">
715
+ <p>If you found this plugin useful, or I've already helped you with your website, please considering buying me a <a href="http://en.wikipedia.org/wiki/Newcastle_Brown_Ale" target="_blank">beer</a> or two.</p>
716
+ <p>Donations help alleviate the time spent developing and supporting this plugin and are greatly appreciated.</p>
717
+
718
+ <form action="https://www.paypal.com/cgi-bin/webscr" method="post">
719
+ <input type="hidden" name="cmd" value="_s-xclick">
720
+ <input type="hidden" name="hosted_button_id" value="N9NFVADLVUR7A">
721
+ <input type="image" src="https://www.paypal.com/en_US/i/btn/btn_donate_SM.gif" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!">
722
+ <img alt="" border="0" src="https://www.paypal.com/en_US/i/scr/pixel.gif" width="1" height="1">
723
+ </form>
724
+ </div>
725
+ </div>
726
+
727
+ </div>
728
+
729
+ <div id="wphttps-main">
730
+ <div id="post-body">
731
+ <form name="form" id="wordpress-https" action="options-general.php?page=wordpress-https" method="post">
732
+ <?php settings_fields('wordpress-https'); ?>
733
+
734
+ <fieldset>
735
+ <label for="wordpress-https_internalurls"><input name="wordpress-https_internalurls" type="checkbox" id="wordpress-https_internalurls" value="1"<?php echo ((get_option('wordpress-https_internalurls')) ? ' checked="checked"' : ''); ?> /> <strong>Internal HTTPS Elements</strong></label>
736
+ <p>Force internal elements to HTTPS when viewing a secure page.</p>
737
+ <p class="description">Fixes most partially encrypted errors.</p>
738
+ </fieldset>
739
+
740
+ <fieldset>
741
+ <label for="wordpress-https_externalurls"><input name="wordpress-https_externalurls" type="checkbox" id="wordpress-https_externalurls" value="1"<?php echo ((get_option('wordpress-https_externalurls')) ? ' checked="checked"' : ''); ?> /> <strong>External HTTPS Elements</strong></label>
742
+ <p>Attempt to automatically force external elements to HTTPS when viewing a secure page. External elements are any element not hosted on your domain.</p>
743
+ <p class="description">Warning: This option checks that the external element can be loaded via HTTPS while the page is loading. Depending on the amount of external elements, this could affect the load times of your pages.</p>
744
+ </fieldset>
745
+
746
+ <fieldset>
747
+ <label for="wordpress-https_bypass"><input name="wordpress-https_bypass" type="checkbox" id="wordpress-https_bypass" value="1"<?php echo ((get_option('wordpress-https_bypass')) ? ' checked="checked"' : ''); ?> /> <strong>Bypass External Check</strong></label>
748
+ <p>Disable the option to check if an external element can be loaded over HTTPS.</p>
749
+ <p class="description">Warning: Bypassing the HTTPS check for external elements may cause elements to not load at all. Only enable this option if you know that all external elements can be loaded over HTTPS.</p>
750
+ </fieldset>
751
 
752
  <?php if (version_compare(get_bloginfo('version'),'3.0','>=')) { ?>
753
+ <fieldset>
754
+ <label for="wordpress-https_disable_autohttps"><input name="wordpress-https_disable_autohttps" type="checkbox" id="wordpress-https_disable_autohttps" value="1"<?php echo ((get_option('wordpress-https_disable_autohttps')) ? ' checked="checked"' : ''); ?> /> <strong>Disable Automatic HTTPS</strong></label>
755
+ <p>Prevents WordPress 3.0+ from making all links HTTPS when viewing a secure page.</p>
756
+ <p class="description">When a page is viewed via HTTPS in WordPress 3.0+, all internal page, category and post links are forced to HTTPS. This option will disable that.</p>
757
+ </fieldset>
758
 
759
  <?php } ?>
760
+ <fieldset>
761
+ <label for="wordpress-https_exclusive_https"><input name="wordpress-https_exclusive_https" type="checkbox" id="wordpress-https_exclusive_https" value="1"<?php echo ((get_option('wordpress-https_exclusive_https')) ? ' checked="checked"' : ''); ?> /> <strong>Force SSL Exclusively</strong></label>
762
+ <p>Exclusively force SSL on posts and pages with the `Force SSL` option checked. All others are redirected to HTTP.</p>
763
+ <p class="description">WordPress HTTPS adds a 'Force SSL' checkbox to each post and page right above the publish button (<a href="<?php echo $this->plugin_url; ?>/screenshot-2.png" target="_blank">screenshot</a>). When selected, the post or page will be forced to HTTPS. With this option enabled, all posts and pages without 'Force SSL' checked will be redirected to HTTP.</p>
764
+ </fieldset>
765
+
766
+ <fieldset>
767
+ <label for="wordpress-https_sharedssl"><input name="wordpress-https_sharedssl" type="checkbox" id="wordpress-https_sharedssl" value="1"<?php echo ((get_option('wordpress-https_sharedssl')) ? ' checked="checked"' : ''); ?> /> <strong>Shared SSL</strong></label>
768
+ <p>Enable this option if you are using a Shared SSL certificate and your Shared SSL Host is something other than '<?php echo $this->replace_http($this->http_url); ?>/'.</p>
769
+ <label><strong>Shared SSL Host</strong> <input name="wordpress-https_sharedssl_host" type="text" id="wordpress-https_sharedssl_host" value="<?php echo get_option('wordpress-https_sharedssl_host'); ?>" /></label>
770
+ </fieldset>
771
+
772
+ <fieldset>
773
+ <label for="wordpress-https_sharedssl_admin"><input name="wordpress-https_sharedssl_admin" type="checkbox" id="wordpress-https_sharedssl_admin" value="1"<?php echo ((get_option('wordpress-https_sharedssl_admin')) ? ' checked="checked"' : ''); ?> /> <strong>Force Shared SSL Admin</strong></label>
774
+ <p>Enable this option if you are using a Shared SSL certificate and you only want to access your admin panel over HTTPS.</p>
775
+ <p class="description">Notice: FORCE_SSL_ADMIN and FORCE_SSL_LOGIN can not be set to true in your wp-config.php.</p>
776
+ </fieldset>
777
 
778
  <?php if (get_option('show_on_front') == 'posts') { ?>
779
+ <fieldset>
780
+ <label for="wordpress-https_frontpage"><input name="wordpress-https_frontpage" type="checkbox" id="wordpress-https_frontpage" value="1"<?php echo ((get_option('wordpress-https_frontpage')) ? ' checked="checked"' : ''); ?> /> <strong>HTTPS Front Page</strong></label>
781
+ <p>It appears you are using your latest posts for your home page. If you would like that page to have SSL enforced, enable this option.</p>
782
+ </fieldset>
783
 
784
  <?php } ?>
785
+ <p class="button-controls">
786
+ <input type="submit" name="Submit" value="Save Changes" class="button-primary" />
787
+ <img alt="Waiting..." src="<?php echo parse_url($this->plugin_url, PHP_URL_PATH); ?>/css/images/wpspin_light.gif" class="waiting" id="submit-waiting" />
788
+ </p>
789
+ </form>
790
+ </div>
791
+ </div>
792
 
 
793
  <?php
794
+ }
795
+ } // End WordPressHTTPS Class
796
  }
797
 
798
  if ( class_exists('WordPressHTTPS') ) {
799
+ $wordpress_https = new WordPressHTTPS();
800
+ register_activation_hook( __FILE__, array(&$wordpress_https, 'install'));
801
  }
802
+
803
+ // Use WordPress HTTPS wp_set_auth_cookie method for WordPress' wp_set_auth_cookie pluggable function
804
+ if ( !function_exists('wp_set_auth_cookie') ) {
805
+ function wp_set_auth_cookie($user_id, $remember, $secure) {
806
+ global $wordpress_https;
807
+ return $wordpress_https->wp_set_auth_cookie($user_id, $remember, $secure);
808
+ }
809
+ }