WordPress HTTPS (SSL) - Version 1.9.1

Version Description

  • Bug Fix - Cookies were not being set to the correct paths when logging in, causing logins to fail.
  • Bug Fix - Links to the front page when using latest posts were not correctly being set to HTTP/HTTPS.
  • Bug Fix - When using Shared SSL, the HTTPS version of the site_url was not being correctly replaced with the Shared SSL URL for internal elements.
  • Bug Fix - When using Shared SSL, the admin login page was not always redirecting properly due to output buffering.
  • Bug Fix - When using Shared SSL, the auth_redirect function was not redirecting to the Shared SSL URL.
  • Bug Fix - If the home_url contained 'www' but the URL appeared without 'www', the URL would not be fixed.
  • Stanards - Updated redirect method to use https or http as a an argument rather than true or false to better comply with WordPress coding standards.
Download this release

Release Info

Developer Mvied
Plugin Icon wp plugin WordPress HTTPS (SSL)
Version 1.9.1
Comparing to
See all releases

Code changes from version 1.9 to 1.9.1

Files changed (2) hide show
  1. readme.txt +161 -153
  2. wordpress-https.php +173 -66
readme.txt CHANGED
@@ -1,154 +1,162 @@
1
- === WordPress HTTPS ===
2
- Contributors: Mvied
3
- Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=6ZL95VTJ388HG
4
- Tags: encrypted, ssl, http, https
5
- Requires at least: 2.7.0
6
- Tested up to: 3.2.1
7
- Stable tag: 1.9
8
-
9
- WordPress HTTPS is intended to be an all-in-one solution to using SSL on WordPress sites.
10
-
11
- == Description ==
12
- <ul>
13
- <li>Change all internal scripts, stylesheets and images to HTTPS if the page is being viewed via HTTPS to prevent partially encrypted errors.</li>
14
- <li>Supports Shared and Private SSL.</li>
15
- <li>Force HTTPS on only the pages you need to be HTTPS.</li>
16
- <li>Force pages to HTTP that have not been forced to HTTPS.</li>
17
- <li>Change external elements to HTTPS. The plugin will check for the existence of external elements over HTTPS and, if available, will change them to HTTPS.</li>
18
- <li>Override the external element HTTPS check. If you know that all external elements can be loaded over HTTPS, this option will save some load time on your pages.</li>
19
- <li>Disable WordPress 3.0+ from changing all of your page, category and post links to HTTPS on HTTPS pages.</li>
20
- </ul>
21
-
22
- If you're having partially encrypted errors or other problems, please read the <a href="http://wordpress.org/extend/plugins/wordpress-https/faq/">FAQ</a>. If you're still having trouble, please <a href="http://wordpress.org/tags/wordpress-https#postform">start a support topic</a> and I will do my best to assist you.
23
-
24
- == Installation ==
25
-
26
- 1. Upload the `wordpress-https` folder to the `/wp-content/plugins/` directory.
27
- 1. Activate the plugin through the 'Plugins' menu in WordPress.
28
-
29
- == Frequently Asked Questions ==
30
-
31
- = How do I make my whole website HTTPS? =
32
-
33
- To make your entire website HTTPS, you simply need to change your home url and site url to HTTPS instead of HTTP. Please read <a href="http://codex.wordpress.org/Changing_The_Site_URL" target="_blank">how to change the site url</a>.
34
-
35
- = How do I make only my administration panel HTTPS? =
36
-
37
- WordPress already has this process well documented. Please read <a href="http://codex.wordpress.org/Administration_Over_SSL" target="_blank">how to set up administration over SSL</a>.
38
-
39
- = How do I make only certain pages HTTPS? =
40
-
41
- As of version 1.5, this plugin grants that ability. Within the Publish box on the add/edit post screen, a checkbox for 'Force SSL' has been added to make this process easy. See Screenshots if you're having a hard time finding it.
42
-
43
- = How do I fix partially encrypted errors? =
44
-
45
- To identify what is causing your page(s) to be insecure, please follow the instructions below.
46
- <ol>
47
- <li>Download <a href="http://www.google.com/chrome" target="_blank">Google Chrome</a>.</li>
48
- <li>Open the page you're having trouble with in Google Chrome.</li>
49
- <li>Open the Developer Tools. <a href="http://code.google.com/chrome/devtools/docs/overview.html#access" target="_blank">How to access the Developer Tools.</a></li>
50
- <li>Click on the Console tab.</li>
51
- </ol>
52
- For each item that is making your page partially encrypted, you should see an entry in the console similar to "The page at https://www.example.com/ displayed insecure content from http://www.example.com/." Note that the URL that is loading insecure content is HTTP and not HTTPS.
53
-
54
- If you see any external elements (not hosted no your server) that are loading over HTTP, try enabling the 'External HTTPS Elements' option in the WordPress HTTPS settings.
55
-
56
- Any other insecure content warnings can generally be resolved by changing absolute references to elements, or removing the insecure elements from the page completely. Although WordPress HTTPS does its best to fix all insecure content, there are a few cases that are impossible to fix.
57
- <ul>
58
- <li>Elements loaded via JavaScript that are hard-coded to HTTP. Usually this can be fixed by altering the JavaScript calling these elements.</li>
59
- <li>External elements that can not be delivered over HTTPS. These elements will have to be removed from the page, or hosted locally so that they can be loaded over HTTPS.</li>
60
- <li>YouTube videos - YouTube does not allow videos to be streamed over HTTPS. YouTube videos will have to be removed from secure pages.</li>
61
- <li>Google Maps - Loading Google maps over HTTPS requires a Google Maps API Premiere account. (<a href="http://code.google.com/apis/maps/faq.html#ssl" target="_blank">source</a>)</li>
62
- </ul>
63
-
64
- == Screenshots ==
65
- 1. WordPress HTTPS Settings screen
66
- 2. Force SSL checkbox added to add/edit posts screen
67
-
68
- == Changelog ==
69
-
70
- = 1.9 =
71
- * Created Updates widget on settings screen to allow for dynamic updates from the plugin developers.
72
- * Added support for PHP4.
73
- * Converted all spaces to tabs in source.
74
- * Force Shared SSL Admin option added to allow those using Shared SSL the ability to use their certificate for their admin dashboard.
75
- * Bug fix - Force SSL checkbox will now appear on WordPress versions below 2.9.
76
- * Bug fix - Password protected pages forced to SSL will now work properly.
77
- * Bug fix - Plugin should no longer break feeds.
78
- * Numerous other bug fixes that have since been forgotten due to the length of time this version has been in development.
79
- = 1.8.5 =
80
- * In version 1.8.5, when a page is forced to HTTPS, any links to that page will always be HTTPS, even when using the 'Disable Automatic HTTPS' option. Likewise, when the 'Force SSL Exclusively' option is enabled, all links to pages not forced to HTTPS will be changed to HTTP on HTTPS pages.
81
- * Updated RegEx's for more complicated URL's.
82
- * Bug fix - When in the admin panel, only link URL's are changed back to HTTP again.
83
- * Added support for using Shared SSL together with the FORCE_SSL_ADMIN and FORCE_SSL_LOGIN options.
84
- = 1.8.1 =
85
- * Re-enabled the canonical redirect for WordPres sites not using Shared SSL.
86
- = 1.8 =
87
- * Fixed cross-browser CSS issue on plugin settings page.
88
- * Corrected and updated plugin settings validation.
89
- * Lengthened the fade out timer on messages from the plugin settings page from 2 to 5 seconds so that the more lengthy error messages could be read before the message faded.
90
- * If viewing an admin page via SSL, and your Home URL is not set to HTTPS, links to the front-end of the website will be forced to HTTP. By default, WordPress changes these links to HTTPS.
91
- * When using Shared SSL, any anchor that links to the regular HTTPS version of the domain will be changed to use the Shared SSL Host.
92
- * Added embed and param tags to the list of tags that are fixed by WordPress HTTPS. This is to fix flash movies.
93
- = 1.7.5 =
94
- * Bug fix - When using 'Latest Posts' as the front page, the front page would redirect to HTTP when viewed over HTTPS even if the 'Force SSL Exclusively' option was disabled.
95
- * Prevented the 'Disable Automatic HTTPS' option from parsing URL's in the admin panel.
96
- * General code cleanup and such.
97
- = 1.7 =
98
- * Bug fix - External URL's were not being forced to HTTPS after the last update.
99
- * Added the functionality to correct relative URL's when using Shared SSL.
100
- * General code cleanup and such.
101
- = 1.6.5 =
102
- * Added support for Shared SSL.
103
- = 1.6.3 =
104
- * Changed the redirection check to use `template_redirect` hook rather than `get_header`.
105
- = 1.6.2 =
106
- * Tag links were not being set back to HTTP when the 'Disable Automatic HTTPS' option was enabled.
107
- = 1.6.1 =
108
- * Bug fix - front page redirection was causing issues when a static page was selected for the posts page.
109
- = 1.6 =
110
- * Added the ability to force the front page to HTTPS.
111
- * Multiple enhancements to core functionality of plugin. Mostly just changing code to integrate more smoothely with WordPress.
112
- * Enhancements have been made to the plugin's settings page.
113
- = 1.5.2 =
114
- * Fixed a bug that would prevent stylesheets from being fixed if the rel attribute came after the href attribute. Bug could have also caused errors with other tags.
115
- = 1.5.1 =
116
- * Added input elements with the type of 'image' to be filtered for insecure content.
117
- = 1.5 =
118
- * Added the ability to force SSL on certain pages.
119
- * Also added the option to exclusively force SSL on certain pages. Pages not forced to HTTPS are forced to HTTP.
120
- * Plugin now filters the `bloginfo` and `bloginfo_url` functions for HTTPS URL's when the 'Disable Automatic HTTPS' option is enabled in WordPress 3.0+.
121
- = 1.0.1 =
122
- * Bug fix.
123
- = 1.0 =
124
- * Major modifications to plugin structure, efficiency, and documentation.
125
- * Added the option to disable WordPress 3.0+ from changing all of your page, category and post links to HTTPS.
126
- = 0.5.1 =
127
- * Bug fix.
128
- = 0.5 =
129
- * Due to increasing concerns about plugin performance, the option to bypass the HTTPS check on external elements has been added.
130
- = 0.4 =
131
- * Plugin functions converted to OOP class.
132
- * The plugin will now attempt to set the allow_url_fopen option to true with `ini_set` function if possible.
133
- = 0.3 =
134
- * Added the option to change external elements to HTTPS if the external server allows the elements to be accessed via HTTPS.
135
- = 0.2 =
136
- * Changed the way in which HTTPS was detected to be more reliable.
137
- = 0.1 =
138
- * Initial Release.
139
-
140
- == Upgrade Notice ==
141
- = 1.7 =
142
- 1.6.5 created a bug in which external elements were no longer forced to HTTPS. Please update to fix this.
143
- = 1.6.1 =
144
- Version 1.6.1 fixes a bug with using a static page for the posts page.
145
- = 1.0.1 =
146
- Version 1.0.1 fixes a bug in 1.0 that made it to release. Apologies!
147
- = 1.0 =
148
- Version 1.0 gives you the ability to disable WordPress 3.0+ from changing all of your page, category and post links to HTTPS.
149
- = 0.5.1 =
150
- Fixes `PHP Warning: Invalid argument supplied for foreach()` error.
151
- = 0.3 =
152
- Version 0.3 gives you the option to change external elements to HTTPS if the external server allows the elements to be accessed via HTTPS.
153
- = 0.2 =
 
 
 
 
 
 
 
 
154
  Version 0.1 did not correctly detect HTTPS on IIS and possibly other servers. Please update to version 0.2 to fix this issue.
1
+ === WordPress HTTPS ===
2
+ Contributors: Mvied
3
+ Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=6ZL95VTJ388HG
4
+ Tags: security, encryption, ssl, shared ssl, http, https
5
+ Requires at least: 2.7.0
6
+ Tested up to: 3.2.1
7
+ Stable tag: 1.9.1
8
+
9
+ WordPress HTTPS is intended to be an all-in-one solution to using SSL on WordPress sites.
10
+
11
+ == Description ==
12
+ <ul>
13
+ <li>Supports Shared and Private SSL.</li>
14
+ <li>Change internal and external scripts, stylesheets and images to HTTPS if the page is being viewed via HTTPS to prevent partially encrypted errors.</li>
15
+ <li>Force HTTPS on only the pages you need to be HTTPS.</li>
16
+ <li>Force pages to HTTP that have not been forced to HTTPS.</li>
17
+ <li>Prevent WordPress from changing all of your page, category and post links to HTTPS on HTTPS pages.</li>
18
+ </ul>
19
+
20
+ If you're having partially encrypted errors or other problems, please read the <a href="http://wordpress.org/extend/plugins/wordpress-https/faq/">FAQ</a>. If you're still having trouble, please <a href="http://wordpress.org/tags/wordpress-https#postform">start a support topic</a> and I will do my best to assist you.
21
+
22
+ == Installation ==
23
+
24
+ 1. Upload the `wordpress-https` folder to the `/wp-content/plugins/` directory.
25
+ 1. Activate the plugin through the 'Plugins' menu in WordPress.
26
+
27
+ == Frequently Asked Questions ==
28
+
29
+ = How do I make my whole website HTTPS? =
30
+
31
+ To make your entire website HTTPS, you simply need to change your home url and site url to HTTPS instead of HTTP. Please read <a href="http://codex.wordpress.org/Changing_The_Site_URL" target="_blank">how to change the site url</a>.
32
+
33
+ = How do I make only my administration panel HTTPS? =
34
+
35
+ WordPress already has this process well documented. Please read <a href="http://codex.wordpress.org/Administration_Over_SSL" target="_blank">how to set up administration over SSL</a>.
36
+
37
+ If you are using Shared SSL, there is an option in WordPress HTTPS to Force Shared SSL Admin.
38
+
39
+ = How do I make only certain pages HTTPS? =
40
+
41
+ As of version 1.5, this plugin grants that ability. Within the Publish box on the add/edit post screen, a checkbox for 'Force SSL' has been added to make this process easy. See Screenshots if you're having a hard time finding it.
42
+
43
+ = How do I fix partially encrypted errors? =
44
+
45
+ To identify what is causing your page(s) to be insecure, please follow the instructions below.
46
+ <ol>
47
+ <li>Download <a href="http://www.google.com/chrome" target="_blank">Google Chrome</a>.</li>
48
+ <li>Open the page you're having trouble with in Google Chrome.</li>
49
+ <li>Open the Developer Tools. <a href="http://code.google.com/chrome/devtools/docs/overview.html#access" target="_blank">How to access the Developer Tools.</a></li>
50
+ <li>Click on the Console tab.</li>
51
+ </ol>
52
+ For each item that is making your page partially encrypted, you should see an entry in the console similar to "The page at https://www.example.com/ displayed insecure content from http://www.example.com/." Note that the URL that is loading insecure content is HTTP and not HTTPS.
53
+
54
+ If you see any external elements (not hosted no your server) that are loading over HTTP, try enabling the 'External HTTPS Elements' option in the WordPress HTTPS settings.
55
+
56
+ Any other insecure content warnings can generally be resolved by changing absolute references to elements, or removing the insecure elements from the page completely. Although WordPress HTTPS does its best to fix all insecure content, there are a few cases that are impossible to fix.
57
+ <ul>
58
+ <li>Elements loaded via JavaScript that are hard-coded to HTTP. Usually this can be fixed by altering the JavaScript calling these elements.</li>
59
+ <li>External elements that can not be delivered over HTTPS. These elements will have to be removed from the page, or hosted locally so that they can be loaded over HTTPS.</li>
60
+ <li>YouTube videos - YouTube does not allow videos to be streamed over HTTPS. YouTube videos will have to be removed from secure pages.</li>
61
+ <li>Google Maps - Loading Google maps over HTTPS requires a Google Maps API Premiere account. (<a href="http://code.google.com/apis/maps/faq.html#ssl" target="_blank">source</a>)</li>
62
+ </ul>
63
+
64
+ == Screenshots ==
65
+ 1. WordPress HTTPS Settings screen
66
+ 2. Force SSL checkbox added to add/edit posts screen
67
+
68
+ == Changelog ==
69
+
70
+ = 1.9.1 =
71
+ * Bug Fix - Cookies were not being set to the correct paths when logging in, causing logins to fail.
72
+ * Bug Fix - Links to the front page when using latest posts were not correctly being set to HTTP/HTTPS.
73
+ * Bug Fix - When using Shared SSL, the HTTPS version of the site_url was not being correctly replaced with the Shared SSL URL for internal elements.
74
+ * Bug Fix - When using Shared SSL, the admin login page was not always redirecting properly due to output buffering.
75
+ * Bug Fix - When using Shared SSL, the auth_redirect function was not redirecting to the Shared SSL URL.
76
+ * Bug Fix - If the home_url contained 'www' but the URL appeared without 'www', the URL would not be fixed.
77
+ * Stanards - Updated redirect method to use https or http as a an argument rather than true or false to better comply with WordPress coding standards.
78
+ = 1.9 =
79
+ * Created Updates widget on settings screen to allow for dynamic updates from the plugin developers.
80
+ * Added support for PHP4.
81
+ * Converted all spaces to tabs in source.
82
+ * Force Shared SSL Admin option added to allow those using Shared SSL the ability to use their certificate for their admin dashboard.
83
+ * Bug fix - Force SSL checkbox will now appear on WordPress versions below 2.9.
84
+ * Bug fix - Password protected pages forced to SSL will now work properly.
85
+ * Bug fix - Plugin should no longer break feeds.
86
+ * Numerous other bug fixes that have since been forgotten due to the length of time this version has been in development.
87
+ = 1.8.5 =
88
+ * In version 1.8.5, when a page is forced to HTTPS, any links to that page will always be HTTPS, even when using the 'Disable Automatic HTTPS' option. Likewise, when the 'Force SSL Exclusively' option is enabled, all links to pages not forced to HTTPS will be changed to HTTP on HTTPS pages.
89
+ * Updated RegEx's for more complicated URL's.
90
+ * Bug fix - When in the admin panel, only link URL's are changed back to HTTP again.
91
+ * Added support for using Shared SSL together with the FORCE_SSL_ADMIN and FORCE_SSL_LOGIN options.
92
+ = 1.8.1 =
93
+ * Re-enabled the canonical redirect for WordPres sites not using Shared SSL.
94
+ = 1.8 =
95
+ * Fixed cross-browser CSS issue on plugin settings page.
96
+ * Corrected and updated plugin settings validation.
97
+ * Lengthened the fade out timer on messages from the plugin settings page from 2 to 5 seconds so that the more lengthy error messages could be read before the message faded.
98
+ * If viewing an admin page via SSL, and your Home URL is not set to HTTPS, links to the front-end of the website will be forced to HTTP. By default, WordPress changes these links to HTTPS.
99
+ * When using Shared SSL, any anchor that links to the regular HTTPS version of the domain will be changed to use the Shared SSL Host.
100
+ * Added embed and param tags to the list of tags that are fixed by WordPress HTTPS. This is to fix flash movies.
101
+ = 1.7.5 =
102
+ * Bug fix - When using 'Latest Posts' as the front page, the front page would redirect to HTTP when viewed over HTTPS even if the 'Force SSL Exclusively' option was disabled.
103
+ * Prevented the 'Disable Automatic HTTPS' option from parsing URL's in the admin panel.
104
+ * General code cleanup and such.
105
+ = 1.7 =
106
+ * Bug fix - External URL's were not being forced to HTTPS after the last update.
107
+ * Added the functionality to correct relative URL's when using Shared SSL.
108
+ * General code cleanup and such.
109
+ = 1.6.5 =
110
+ * Added support for Shared SSL.
111
+ = 1.6.3 =
112
+ * Changed the redirection check to use `template_redirect` hook rather than `get_header`.
113
+ = 1.6.2 =
114
+ * Tag links were not being set back to HTTP when the 'Disable Automatic HTTPS' option was enabled.
115
+ = 1.6.1 =
116
+ * Bug fix - front page redirection was causing issues when a static page was selected for the posts page.
117
+ = 1.6 =
118
+ * Added the ability to force the front page to HTTPS.
119
+ * Multiple enhancements to core functionality of plugin. Mostly just changing code to integrate more smoothely with WordPress.
120
+ * Enhancements have been made to the plugin's settings page.
121
+ = 1.5.2 =
122
+ * Fixed a bug that would prevent stylesheets from being fixed if the rel attribute came after the href attribute. Bug could have also caused errors with other tags.
123
+ = 1.5.1 =
124
+ * Added input elements with the type of 'image' to be filtered for insecure content.
125
+ = 1.5 =
126
+ * Added the ability to force SSL on certain pages.
127
+ * Also added the option to exclusively force SSL on certain pages. Pages not forced to HTTPS are forced to HTTP.
128
+ * Plugin now filters the `bloginfo` and `bloginfo_url` functions for HTTPS URL's when the 'Disable Automatic HTTPS' option is enabled in WordPress 3.0+.
129
+ = 1.0.1 =
130
+ * Bug fix.
131
+ = 1.0 =
132
+ * Major modifications to plugin structure, efficiency, and documentation.
133
+ * Added the option to disable WordPress 3.0+ from changing all of your page, category and post links to HTTPS.
134
+ = 0.5.1 =
135
+ * Bug fix.
136
+ = 0.5 =
137
+ * Due to increasing concerns about plugin performance, the option to bypass the HTTPS check on external elements has been added.
138
+ = 0.4 =
139
+ * Plugin functions converted to OOP class.
140
+ * The plugin will now attempt to set the allow_url_fopen option to true with `ini_set` function if possible.
141
+ = 0.3 =
142
+ * Added the option to change external elements to HTTPS if the external server allows the elements to be accessed via HTTPS.
143
+ = 0.2 =
144
+ * Changed the way in which HTTPS was detected to be more reliable.
145
+ = 0.1 =
146
+ * Initial Release.
147
+
148
+ == Upgrade Notice ==
149
+ = 1.7 =
150
+ 1.6.5 created a bug in which external elements were no longer forced to HTTPS. Please update to fix this.
151
+ = 1.6.1 =
152
+ Version 1.6.1 fixes a bug with using a static page for the posts page.
153
+ = 1.0.1 =
154
+ Version 1.0.1 fixes a bug in 1.0 that made it to release. Apologies!
155
+ = 1.0 =
156
+ Version 1.0 gives you the ability to disable WordPress 3.0+ from changing all of your page, category and post links to HTTPS.
157
+ = 0.5.1 =
158
+ Fixes `PHP Warning: Invalid argument supplied for foreach()` error.
159
+ = 0.3 =
160
+ Version 0.3 gives you the option to change external elements to HTTPS if the external server allows the elements to be accessed via HTTPS.
161
+ = 0.2 =
162
  Version 0.1 did not correctly detect HTTPS on IIS and possibly other servers. Please update to version 0.2 to fix this issue.
wordpress-https.php CHANGED
@@ -4,14 +4,14 @@
4
  Plugin URI: http://mvied.com/projects/wordpress-https/
5
  Description: WordPress HTTPS is intended to be an all-in-one solution to using SSL on WordPress sites.
6
  Author: Mike Ems
7
- Version: 1.9
8
  Author URI: http://mvied.com/
9
  */
10
 
11
  /**
12
  * Class for the WordPress plugin WordPress HTTPS
13
  *
14
- * @authorMike Ems
15
  * @package WordPressHTTPS
16
  * @copyright Copyright 2011
17
  *
@@ -27,7 +27,7 @@ if ( !class_exists('WordPressHTTPS') ) {
27
  *
28
  * @var int
29
  */
30
- var $plugin_version = '1.9';
31
 
32
  /**
33
  * Plugin URL
@@ -119,6 +119,8 @@ if ( !class_exists('WordPressHTTPS') ) {
119
  $this->https_url = get_option('wordpress-https_sharedssl_host');
120
  // Prevent WordPress from causing a redirect loop
121
  remove_filter('template_redirect', 'redirect_canonical');
 
 
122
  }
123
 
124
  // Fix admin_url for Shared SSL login
@@ -133,7 +135,7 @@ if ( !class_exists('WordPressHTTPS') ) {
133
 
134
  // Redirect login page if using Shared SSL. This is not pluggable due to the redirect methods used in wp-login.php
135
  if ( $GLOBALS['pagenow'] == 'wp-login.php' && $this->shared_ssl == 1 && !$this->is_ssl() && get_option('wordpress-https_sharedssl_admin') == 1 ) {
136
- $this->redirect(true);
137
  }
138
 
139
  // Start output buffering
@@ -218,6 +220,7 @@ if ( !class_exists('WordPressHTTPS') ) {
218
  *
219
  * @param int $user_id User ID
220
  * @param bool $remember Whether to remember the user or not
 
221
  */
222
  function wp_set_auth_cookie($user_id, $remember = false, $secure = '') {
223
  if ( $remember ) {
@@ -227,10 +230,8 @@ if ( !class_exists('WordPressHTTPS') ) {
227
  $expire = 0;
228
  }
229
 
230
- if ( $this->shared_ssl == 1 && $this->is_ssl() ) {
231
- $secure = (($secure === '') ? true : $secure);
232
- } else if ( $secure === '' ) {
233
- $secure = is_ssl() ? true : false;
234
  }
235
 
236
  if ( $secure ) {
@@ -248,41 +249,109 @@ if ( !class_exists('WordPressHTTPS') ) {
248
  do_action('set_logged_in_cookie', $logged_in_cookie, $expire, $expiration, $user_id, 'logged_in');
249
 
250
  // Cookie paths defined to accomodate Shared SSL
251
- $cookie_domain = (($this->shared_ssl == 1 && $this->is_ssl()) ? '.' . parse_url($this->https_url, PHP_URL_HOST) : COOKIE_DOMAIN);
252
- $cookie_path = (($this->shared_ssl == 1 && $this->is_ssl()) ? rtrim(parse_url($this->https_url, PHP_URL_PATH), '/') . ((COOKIEPATH != '/') ? COOKIEPATH : '') . '/' : COOKIEPATH);
253
- $cookie_path_site = (($this->shared_ssl == 1 && $this->is_ssl()) ? rtrim(parse_url($this->https_url, PHP_URL_PATH), '/') . ((SITECOOKIEPATH != '/') ? SITECOOKIEPATH : '') . '/' : SITECOOKIEPATH);
254
- $cookie_path_plugins = (($this->shared_ssl == 1 && $this->is_ssl()) ? rtrim(parse_url($this->https_url, PHP_URL_PATH), '/') . ((PLUGINS_COOKIE_PATH != '/') ? PLUGINS_COOKIE_PATH : '') . '/' : PLUGINS_COOKIE_PATH);
255
  $cookie_path_admin = $cookie_path_site . 'wp-admin';
256
 
257
- // Set httponly if the php version is >= 5.2.0
258
- if ( version_compare(phpversion(), '5.2.0', 'ge') ) {
259
  setcookie($auth_cookie_name, $auth_cookie, $expire, $cookie_path_plugins, $cookie_domain, $secure, true);
260
  setcookie($auth_cookie_name, $auth_cookie, $expire, $cookie_path_admin, $cookie_domain, $secure, true);
261
  setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, $cookie_path, $cookie_domain, false, true);
262
  if ( $cookie_path != $cookie_path_site )
263
  setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, $cookie_path_site, $cookie_domain, false, true);
264
  } else {
265
- if ( !empty($cookie_domain) )
266
- $cookie_domain .= '; HttpOnly';
267
- setcookie($auth_cookie_name, $auth_cookie, $expire, $cookie_path_plugins, $cookie_domain, $secure);
268
- setcookie($auth_cookie_name, $auth_cookie, $expire, $cookie_path_admin, $cookie_domain, $secure);
269
- setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, $cookie_path, $cookie_domain);
270
- if ( $cookie_path != $cookie_path_site )
271
- setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, $cookie_path_site, $cookie_domain);
272
  }
273
  }
274
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
275
  /**
276
  * Process output buffer
277
  *
278
- * @param string
279
- * @return string
280
  */
281
  function process($buffer) {
282
  if ( $this->is_ssl() ) {
283
  // Fix the regular stuff
284
- if (is_admin()) {
285
- preg_match_all('/\<(script|link)[^>]+((http|https):\/\/[\/-\w\.#?=\+&;]+)[^>]+>/im', $buffer, $matches);
286
  } else {
287
  preg_match_all('/\<(script|link|img|input|form|embed|param)[^>]+((http|https):\/\/[\/-\w\.#?=\+&;]+)[^>]+>/im', $buffer, $matches);
288
  }
@@ -290,7 +359,7 @@ if ( !class_exists('WordPressHTTPS') ) {
290
  for ($i = 0; $i<=sizeof($matches[0]); $i++) {
291
  $html = $matches[0][$i];
292
  $type = $matches[1][$i];
293
- $url= $matches[2][$i];
294
  $scheme = $matches[3][$i];
295
 
296
  if ( $type == 'img' || $type == 'script' || $type == 'embed' ||
@@ -300,15 +369,23 @@ if ( !class_exists('WordPressHTTPS') ) {
300
  ( $type == 'input' && strpos($html, 'image') !== false ) ||
301
  ( $type == 'param' && strpos($html, 'movie') !== false )
302
  ) {
303
- if ( strpos($url, $this->http_url) !== false && get_option('wordpress-https_internalurls') == 1 ) {
304
- $buffer = str_replace($html, $this->replace_http_url($html), $buffer);
305
- } else if ( $this->shared_ssl && get_option('wordpress-https_internalurls') == 1 && strpos($html, $this->http_url) !== false ) {
306
- $buffer = str_replace($html, $this->replace_http_url($html), $buffer);
307
- } else if ( strpos($url, $this->https_url) === false && strpos($url, 'https://') === false && get_option('wordpress-https_externalurls') == 1 ) {
308
- if ( get_option('wordpress-https_bypass') == 1 ) {
309
- $buffer = str_replace($html, $this->replace_http($html), $buffer);
310
- } else if ( @file_get_contents($this->replace_http($url)) !== false ) {
311
- $buffer = str_replace($html, $this->replace_http($html), $buffer);
 
 
 
 
 
 
 
 
312
  }
313
  }
314
  }
@@ -342,9 +419,11 @@ if ( !class_exists('WordPressHTTPS') ) {
342
 
343
  for ($i = 0; $i<=sizeof($matches[0]); $i++) {
344
  $html = $matches[0][$i];
345
- $url= $matches[1][$i];
346
  $scheme = $matches[2][$i];
347
 
 
 
348
  $url_path = parse_url($url, PHP_URL_PATH);
349
  if ($this->shared_ssl) {
350
  $url_path = str_replace(parse_url($this->https_url, PHP_URL_PATH), '', $url_path);
@@ -357,11 +436,16 @@ if ( !class_exists('WordPressHTTPS') ) {
357
  } else if ($post = get_page_by_path($url_path)) {
358
  $post = $post->ID;
359
  } else if ($url_path == '/') {
360
- $post = get_option('page_on_front');
 
 
 
 
 
361
  }
362
 
363
  if ($post) {
364
- $force_ssl = get_post_meta($post, 'force_ssl', true);
365
 
366
  if ($force_ssl) {
367
  $buffer = str_replace($html, $this->replace_http_url($html), $buffer);
@@ -392,7 +476,7 @@ if ( !class_exists('WordPressHTTPS') ) {
392
  * Checks if the current page is SSL
393
  *
394
  * @param none
395
- * @return void
396
  */
397
  function is_ssl() {
398
  // Some extra checks for proxies and Shared SSL
@@ -414,16 +498,16 @@ if ( !class_exists('WordPressHTTPS') ) {
414
  global $post;
415
  if ( is_front_page() && get_option('show_on_front') == 'posts' ) {
416
  if ( get_option('wordpress-https_frontpage') == 1 && !$this->is_ssl() ) {
417
- $this->redirect(true);
418
  } else if ( get_option('wordpress-https_frontpage') != 1 && get_option('wordpress-https_exclusive_https') == 1 && $this->is_ssl() ) {
419
- $this->redirect(false);
420
  }
421
  } else if ( ( is_single() || is_page() || is_front_page() || is_home() ) && $post->ID > 0 ) {
422
  $forceSSL = get_post_meta($post->ID, 'force_ssl');
423
  if ( !$this->is_ssl() && $forceSSL ) {
424
- $this->redirect(true);
425
  } else if ( get_option('wordpress-https_exclusive_https') == 1 && !$forceSSL ) {
426
- $this->redirect(false);
427
  }
428
  }
429
  }
@@ -431,26 +515,26 @@ if ( !class_exists('WordPressHTTPS') ) {
431
  /**
432
  * Redirects page to HTTP or HTTPS accordingly
433
  *
434
- * @param boolean $ssl
435
  * @return void
436
  */
437
- function redirect($ssl = true) {
438
- if ( !$this->is_ssl() && $ssl == true ) {
439
  $url = parse_url($this->https_url);
440
- $url['scheme'] = 'https';
441
- } else if ( $this->is_ssl() && $ssl == false ) {
442
  $url = parse_url($this->http_url);
443
- $url['scheme'] = 'http';
444
  } else {
445
  $url = false;
446
  }
447
  if ($url) {
448
- $destination = $url['scheme'] . '://' . $url['host'] . (($this->shared_ssl) ? $url['path'] : '') . $_SERVER['REQUEST_URI'];
449
  if (function_exists('wp_redirect')) {
450
  wp_redirect($destination, 301);
451
  } else {
452
  // End all output buffering and redirect
453
- while(@ob_end_flush());
454
  header("Location: " . $destination);
455
  }
456
  exit();
@@ -518,7 +602,7 @@ if ( !class_exists('WordPressHTTPS') ) {
518
  *
519
  * @param string $result
520
  * @param string $show
521
- * @return string
522
  */
523
  function bloginfo($result = '', $show = '') {
524
  if ($show == 'stylesheet_url' || $show == 'template_url' || $show == 'wpurl' || $show == 'home' || $show == 'siteurl' || $show == 'url') {
@@ -542,7 +626,7 @@ if ( !class_exists('WordPressHTTPS') ) {
542
  *
543
  * @param array $links
544
  * @param string $file
545
- * @return array
546
  */
547
  function plugin_links($links, $file) {
548
  if ( strpos($file, basename( __FILE__)) === false ) {
@@ -582,18 +666,33 @@ if ( !class_exists('WordPressHTTPS') ) {
582
  /**
583
  * Replaces HTTP URL to HTTPS URL
584
  *
585
- * @param none
586
- * @return string
587
  */
588
- function replace_http_url($url) {
589
- return str_replace($this->http_url, $this->https_url, $url);
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
590
  }
591
 
592
  /**
593
  * Replace HTTPS with HTTP
594
  *
595
- * @param string
596
- * @return string
597
  */
598
  function replace_https($string) {
599
  return str_replace('https://', 'http://', $string);
@@ -602,8 +701,8 @@ if ( !class_exists('WordPressHTTPS') ) {
602
  /**
603
  * Replace HTTP with HTTPS
604
  *
605
- * @param string
606
- * @return string
607
  */
608
  function replace_http($string) {
609
  return str_replace('http://', 'https://', $string);
@@ -680,11 +779,11 @@ if ( !class_exists('WordPressHTTPS') ) {
680
  <?php
681
  if ( $_SERVER['REQUEST_METHOD'] === 'POST' ) {
682
  if ( sizeof( $errors ) > 0 ) {
683
- echo "\t<ul id=\"message\">\n";
684
  foreach ( $errors as $error ) {
685
- echo "\t\t<li class=\"error\"><p>".$error."</p></li>\n";
686
  }
687
- echo "\t</ul>\n";
688
  } else {
689
  echo "\t\t<div class=\"updated below-h2 fade\" id=\"message\"><p>Settings saved.</p></div>\n";
690
  }
@@ -800,10 +899,18 @@ if ( class_exists('WordPressHTTPS') ) {
800
  register_activation_hook( __FILE__, array(&$wordpress_https, 'install'));
801
  }
802
 
803
- // Use WordPress HTTPS wp_set_auth_cookie method for WordPress' wp_set_auth_cookie pluggable function
804
- if ( !function_exists('wp_set_auth_cookie') ) {
805
  function wp_set_auth_cookie($user_id, $remember, $secure) {
806
  global $wordpress_https;
807
  return $wordpress_https->wp_set_auth_cookie($user_id, $remember, $secure);
808
  }
 
 
 
 
 
 
 
 
809
  }
4
  Plugin URI: http://mvied.com/projects/wordpress-https/
5
  Description: WordPress HTTPS is intended to be an all-in-one solution to using SSL on WordPress sites.
6
  Author: Mike Ems
7
+ Version: 1.9.1
8
  Author URI: http://mvied.com/
9
  */
10
 
11
  /**
12
  * Class for the WordPress plugin WordPress HTTPS
13
  *
14
+ * @author Mike Ems
15
  * @package WordPressHTTPS
16
  * @copyright Copyright 2011
17
  *
27
  *
28
  * @var int
29
  */
30
+ var $plugin_version = '1.9.1';
31
 
32
  /**
33
  * Plugin URL
119
  $this->https_url = get_option('wordpress-https_sharedssl_host');
120
  // Prevent WordPress from causing a redirect loop
121
  remove_filter('template_redirect', 'redirect_canonical');
122
+ // Remove Shared SSL authentication cookies on logout
123
+ add_action('clear_auth_cookie', array( &$this, 'clear_auth_cookie' ));
124
  }
125
 
126
  // Fix admin_url for Shared SSL login
135
 
136
  // Redirect login page if using Shared SSL. This is not pluggable due to the redirect methods used in wp-login.php
137
  if ( $GLOBALS['pagenow'] == 'wp-login.php' && $this->shared_ssl == 1 && !$this->is_ssl() && get_option('wordpress-https_sharedssl_admin') == 1 ) {
138
+ $this->redirect('https');
139
  }
140
 
141
  // Start output buffering
220
  *
221
  * @param int $user_id User ID
222
  * @param bool $remember Whether to remember the user or not
223
+ * @param bool $secure Whether or not cookie is secure
224
  */
225
  function wp_set_auth_cookie($user_id, $remember = false, $secure = '') {
226
  if ( $remember ) {
230
  $expire = 0;
231
  }
232
 
233
+ if ( $secure === '' ) {
234
+ $secure = $this->is_ssl() ? true : false;
 
 
235
  }
236
 
237
  if ( $secure ) {
249
  do_action('set_logged_in_cookie', $logged_in_cookie, $expire, $expiration, $user_id, 'logged_in');
250
 
251
  // Cookie paths defined to accomodate Shared SSL
252
+ $cookie_domain = '.' . parse_url($this->https_url, PHP_URL_HOST);
253
+ $cookie_path = rtrim(parse_url($this->https_url, PHP_URL_PATH), '/') . COOKIEPATH;
254
+ $cookie_path_site = rtrim(parse_url($this->https_url, PHP_URL_PATH), '/') . SITECOOKIEPATH;
255
+ $cookie_path_plugins = rtrim(parse_url($this->https_url, PHP_URL_PATH), '/') . PLUGINS_COOKIE_PATH;
256
  $cookie_path_admin = $cookie_path_site . 'wp-admin';
257
 
258
+ if ( $this->shared_ssl == 1 && $this->is_ssl() ) {
 
259
  setcookie($auth_cookie_name, $auth_cookie, $expire, $cookie_path_plugins, $cookie_domain, $secure, true);
260
  setcookie($auth_cookie_name, $auth_cookie, $expire, $cookie_path_admin, $cookie_domain, $secure, true);
261
  setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, $cookie_path, $cookie_domain, false, true);
262
  if ( $cookie_path != $cookie_path_site )
263
  setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, $cookie_path_site, $cookie_domain, false, true);
264
  } else {
265
+ setcookie($auth_cookie_name, $auth_cookie, $expire, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN, $secure, true);
266
+ setcookie($auth_cookie_name, $auth_cookie, $expire, ADMIN_COOKIE_PATH, COOKIE_DOMAIN, $secure, true);
267
+ setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, COOKIE_DOMAIN, $secure_logged_in_cookie, true);
268
+ if ( COOKIEPATH != SITECOOKIEPATH )
269
+ setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN, $secure_logged_in_cookie, true);
 
 
270
  }
271
  }
272
 
273
+ /**
274
+ * Removes all of the cookies associated with authentication.
275
+ *
276
+ * @param none
277
+ * @return void
278
+ */
279
+ function clear_auth_cookie() {
280
+ // Cookie paths defined to accomodate Shared SSL
281
+ $cookie_domain = '.' . parse_url($this->https_url, PHP_URL_HOST);
282
+ $cookie_path = rtrim(parse_url($this->https_url, PHP_URL_PATH), '/') . COOKIEPATH;
283
+ $cookie_path_site = rtrim(parse_url($this->https_url, PHP_URL_PATH), '/') . SITECOOKIEPATH;
284
+ $cookie_path_plugins = rtrim(parse_url($this->https_url, PHP_URL_PATH), '/') . PLUGINS_COOKIE_PATH;
285
+ $cookie_path_admin = $cookie_path_site . 'wp-admin';
286
+
287
+ setcookie(AUTH_COOKIE, ' ', time() - 31536000, $cookie_path_admin, $cookie_domain);
288
+ setcookie(AUTH_COOKIE, ' ', time() - 31536000, $cookie_path_plugins, $cookie_domain);
289
+ setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, $cookie_path_admin, $cookie_domain);
290
+ setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, $cookie_path_plugins, $cookie_domain);
291
+ setcookie(LOGGED_IN_COOKIE, ' ', time() - 31536000, $cookie_path, $cookie_domain);
292
+ setcookie(LOGGED_IN_COOKIE, ' ', time() - 31536000, $cookie_path_site, $cookie_domain);
293
+ }
294
+
295
+ /**
296
+ * Checks if a user is logged in, if not it redirects them to the login page.
297
+ *
298
+ * @param none
299
+ * @return void
300
+ */
301
+ function auth_redirect() {
302
+ if ( $this->is_ssl() || force_ssl_admin() )
303
+ $secure = true;
304
+ else
305
+ $secure = false;
306
+
307
+ // If https is required and request is http, redirect
308
+ if ( $secure && !$this->is_ssl() && false !== strpos($_SERVER['REQUEST_URI'], 'wp-admin') ) {
309
+ $this->redirect('https');
310
+ }
311
+
312
+ if ( $user_id = wp_validate_auth_cookie( '', apply_filters( 'auth_redirect_scheme', '' ) ) ) {
313
+ do_action('auth_redirect', $user_id);
314
+
315
+ // If the user wants ssl but the session is not ssl, redirect.
316
+ if ( !$secure && get_user_option('use_ssl', $user_id) && false !== strpos($_SERVER['REQUEST_URI'], 'wp-admin') ) {
317
+ $this->redirect('https');
318
+ }
319
+
320
+ return; // The cookie is good so we're done
321
+ }
322
+
323
+ // The cookie is no good so force login
324
+ nocache_headers();
325
+
326
+ if ( $this->is_ssl() )
327
+ $proto = 'https://';
328
+ else
329
+ $proto = 'http://';
330
+
331
+ $redirect = ( strpos($_SERVER['REQUEST_URI'], '/options.php') && wp_get_referer() ) ? wp_get_referer() : $proto . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
332
+
333
+ // Rewrite URL to Shared SSL URL
334
+ if ( $this->shared_ssl == 1 && strpos($redirect, 'https://') !== false ) {
335
+ $redirect = $this->replace_http_url( $redirect );
336
+ }
337
+
338
+ $login_url = wp_login_url($redirect);
339
+
340
+ wp_redirect($login_url);
341
+ exit();
342
+ }
343
+
344
  /**
345
  * Process output buffer
346
  *
347
+ * @param string $buffer
348
+ * @return string $buffer
349
  */
350
  function process($buffer) {
351
  if ( $this->is_ssl() ) {
352
  // Fix the regular stuff
353
+ if ( is_admin() ) {
354
+ preg_match_all('/\<(script|link|img)[^>]+((http|https):\/\/[\/-\w\.#?=\+&;]+)[^>]+>/im', $buffer, $matches);
355
  } else {
356
  preg_match_all('/\<(script|link|img|input|form|embed|param)[^>]+((http|https):\/\/[\/-\w\.#?=\+&;]+)[^>]+>/im', $buffer, $matches);
357
  }
359
  for ($i = 0; $i<=sizeof($matches[0]); $i++) {
360
  $html = $matches[0][$i];
361
  $type = $matches[1][$i];
362
+ $url = $matches[2][$i];
363
  $scheme = $matches[3][$i];
364
 
365
  if ( $type == 'img' || $type == 'script' || $type == 'embed' ||
369
  ( $type == 'input' && strpos($html, 'image') !== false ) ||
370
  ( $type == 'param' && strpos($html, 'movie') !== false )
371
  ) {
372
+ if ( is_admin() && $type == 'img' ) {
373
+ if ( strpos($url, $this->replace_http($this->http_url)) !== false && $this->shared_ssl == 1 ) {
374
+ $buffer = str_replace($html, $this->replace_http_url($html), $buffer);
375
+ }
376
+ } else {
377
+ if ( strpos($url, $this->http_url) !== false && get_option('wordpress-https_internalurls') == 1 ) {
378
+ $buffer = str_replace($html, $this->replace_http_url($html), $buffer);
379
+ } else if ( strpos($url, $this->replace_http($this->http_url)) !== false && $this->shared_ssl == 1 ) {
380
+ $buffer = str_replace($html, $this->replace_http_url($html), $buffer);
381
+ } else if ( $this->shared_ssl && get_option('wordpress-https_internalurls') == 1 && strpos($html, $this->http_url) !== false ) {
382
+ $buffer = str_replace($html, $this->replace_http_url($html), $buffer);
383
+ } else if ( strpos($url, $this->https_url) === false && strpos($url, 'https://') === false && get_option('wordpress-https_externalurls') == 1 ) {
384
+ if ( get_option('wordpress-https_bypass') == 1 ) {
385
+ $buffer = str_replace($html, $this->replace_http($html), $buffer);
386
+ } else if ( @file_get_contents($this->replace_http($url)) !== false ) {
387
+ $buffer = str_replace($html, $this->replace_http($html), $buffer);
388
+ }
389
  }
390
  }
391
  }
419
 
420
  for ($i = 0; $i<=sizeof($matches[0]); $i++) {
421
  $html = $matches[0][$i];
422
+ $url = $matches[1][$i];
423
  $scheme = $matches[2][$i];
424
 
425
+ unset($force_ssl);
426
+
427
  $url_path = parse_url($url, PHP_URL_PATH);
428
  if ($this->shared_ssl) {
429
  $url_path = str_replace(parse_url($this->https_url, PHP_URL_PATH), '', $url_path);
436
  } else if ($post = get_page_by_path($url_path)) {
437
  $post = $post->ID;
438
  } else if ($url_path == '/') {
439
+ if (get_option('show_on_front') == 'posts') {
440
+ $post = true;
441
+ $force_ssl = (( get_option('wordpress-https_frontpage') == 1 ) ? true : false);
442
+ } else {
443
+ $post = get_option('page_on_front');
444
+ }
445
  }
446
 
447
  if ($post) {
448
+ $force_ssl = (( !isset($force_ssl) ) ? get_post_meta($post, 'force_ssl', true) : $force_ssl);
449
 
450
  if ($force_ssl) {
451
  $buffer = str_replace($html, $this->replace_http_url($html), $buffer);
476
  * Checks if the current page is SSL
477
  *
478
  * @param none
479
+ * @return bool
480
  */
481
  function is_ssl() {
482
  // Some extra checks for proxies and Shared SSL
498
  global $post;
499
  if ( is_front_page() && get_option('show_on_front') == 'posts' ) {
500
  if ( get_option('wordpress-https_frontpage') == 1 && !$this->is_ssl() ) {
501
+ $this->redirect('https');
502
  } else if ( get_option('wordpress-https_frontpage') != 1 && get_option('wordpress-https_exclusive_https') == 1 && $this->is_ssl() ) {
503
+ $this->redirect('http');
504
  }
505
  } else if ( ( is_single() || is_page() || is_front_page() || is_home() ) && $post->ID > 0 ) {
506
  $forceSSL = get_post_meta($post->ID, 'force_ssl');
507
  if ( !$this->is_ssl() && $forceSSL ) {
508
+ $this->redirect('https');
509
  } else if ( get_option('wordpress-https_exclusive_https') == 1 && !$forceSSL ) {
510
+ $this->redirect('http');
511
  }
512
  }
513
  }
515
  /**
516
  * Redirects page to HTTP or HTTPS accordingly
517
  *
518
+ * @param string $scheme Either http or https
519
  * @return void
520
  */
521
+ function redirect($scheme = 'https') {
522
+ if ( !$this->is_ssl() && $scheme == 'https' ) {
523
  $url = parse_url($this->https_url);
524
+ $url['scheme'] = $scheme;
525
+ } else if ( $this->is_ssl() && $scheme == 'http' ) {
526
  $url = parse_url($this->http_url);
527
+ $url['scheme'] = $scheme;
528
  } else {
529
  $url = false;
530
  }
531
  if ($url) {
532
+ $destination = $url['scheme'] . '://' . $url['host'] . (( $this->shared_ssl == 1 ) ? $url['path'] : '') . $_SERVER['REQUEST_URI'];
533
  if (function_exists('wp_redirect')) {
534
  wp_redirect($destination, 301);
535
  } else {
536
  // End all output buffering and redirect
537
+ while(@ob_end_clean());
538
  header("Location: " . $destination);
539
  }
540
  exit();
602
  *
603
  * @param string $result
604
  * @param string $show
605
+ * @return string $result
606
  */
607
  function bloginfo($result = '', $show = '') {
608
  if ($show == 'stylesheet_url' || $show == 'template_url' || $show == 'wpurl' || $show == 'home' || $show == 'siteurl' || $show == 'url') {
626
  *
627
  * @param array $links
628
  * @param string $file
629
+ * @return array $links
630
  */
631
  function plugin_links($links, $file) {
632
  if ( strpos($file, basename( __FILE__)) === false ) {
666
  /**
667
  * Replaces HTTP URL to HTTPS URL
668
  *
669
+ * @param string $string
670
+ * @return string $string
671
  */
672
+ function replace_http_url($string) {
673
+ preg_match_all('/(http|https):\/\/[\/-\w\.#?=\+&;]+/im', $string, $url);
674
+ $url = $url[0][0];
675
+
676
+ // If URL matches home_url, but lacks www, add www
677
+ if ( strpos(get_option('home'), '://www.') !== false && strpos($url, '://www.') === false && parse_url($url, PHP_URL_HOST) != NULL ) {
678
+ $url_host = parse_url($url, PHP_URL_HOST);
679
+ $url_host_www = 'www.' . $url_host;
680
+ if ( strpos(get_option('home'), $url_host_www) !== false ) {
681
+ $string = str_replace($url_host, $url_host_www, $string);
682
+ }
683
+ }
684
+
685
+ // Replace the HTTPS version of the domain with $this->https_url for Shared SSL
686
+ $string = str_replace($this->replace_http($this->http_url), $this->https_url, $string);
687
+ $string = str_replace($this->http_url, $this->https_url, $string);
688
+ return $string;
689
  }
690
 
691
  /**
692
  * Replace HTTPS with HTTP
693
  *
694
+ * @param string $string
695
+ * @return string $string
696
  */
697
  function replace_https($string) {
698
  return str_replace('https://', 'http://', $string);
701
  /**
702
  * Replace HTTP with HTTPS
703
  *
704
+ * @param string $string
705
+ * @return string $string
706
  */
707
  function replace_http($string) {
708
  return str_replace('http://', 'https://', $string);
779
  <?php
780
  if ( $_SERVER['REQUEST_METHOD'] === 'POST' ) {
781
  if ( sizeof( $errors ) > 0 ) {
782
+ echo "<div class=\"error below-h2 fade\" id=\"message\">\n\t<ul>\n";
783
  foreach ( $errors as $error ) {
784
+ echo "\t\t<li><p>".$error."</p></li>\n";
785
  }
786
+ echo "\t</ul>\n</div>\n";
787
  } else {
788
  echo "\t\t<div class=\"updated below-h2 fade\" id=\"message\"><p>Settings saved.</p></div>\n";
789
  }
899
  register_activation_hook( __FILE__, array(&$wordpress_https, 'install'));
900
  }
901
 
902
+ // Use WordPress HTTPS wp_set_auth_cookie method for WordPress' wp_set_auth_cookie pluggable function if using Shared SSL
903
+ if ( $wordpress_https->shared_ssl == 1 && !function_exists('wp_set_auth_cookie') ) {
904
  function wp_set_auth_cookie($user_id, $remember, $secure) {
905
  global $wordpress_https;
906
  return $wordpress_https->wp_set_auth_cookie($user_id, $remember, $secure);
907
  }
908
+ }
909
+
910
+ // Use WordPress HTTPS auth_redirect method for WordPress' auth_redirect pluggable function if using Shared SSL
911
+ if ( $wordpress_https->shared_ssl == 1 && !function_exists('auth_redirect') ) {
912
+ function auth_redirect() {
913
+ global $wordpress_https;
914
+ return $wordpress_https->auth_redirect();
915
+ }
916
  }