WordPress HTTPS (SSL) - Version 1.9.2

Version Description

Added External URL caching to the plugin so that external elements will only be checked for once, increasing the speed of sites not using the Bypass External Check option.
Any forms whose action points to page that has the Forced SSL option on will be updated to HTTPS even on HTTP pages.
Bug Fix - When using Shared SSL, permalink structure was being buggy.
Bug Fix - Certain server configurations were causing the plugin to create redirect loops when using the Force SSL Exclusively option.

Release Info

Developer	Mvied
Plugin	WordPress HTTPS (SSL)
Version	1.9.2
Comparing to
See all releases

Code changes from version 1.9.1 to 1.9.2

Files changed (3) hide show

css/admin.css +7 -0
readme.txt +167 -162
wordpress-https.php +81 -75

css/admin.css CHANGED Viewed

	@@ -8,6 +8,13 @@ div#message-wrap {
8	text-align: center;
9	}
10







11	div#wphttps-main div#post-body {
12	overflow: hidden;
13	}


8	text-align: center;
9	}
10
11	+ div#message {
12	+ margin: 15px 0 0 0;
13	+ }
14	+ div#message p {
15	+ line-height: 100%;
16	+ }
17	+
18	div#wphttps-main div#post-body {
19	overflow: hidden;
20	}

readme.txt CHANGED Viewed

@@ -1,162 +1,167 @@
-            -
            === WordPress HTTPS ===
-            -
            Contributors: Mvied
-            -
            Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=6ZL95VTJ388HG
-            -
            Tags: security, encryption, ssl, shared ssl, http, https
-            -
            Requires at least: 2.7.0
-            -
            Tested up to: 3.2.1
-            -
            Stable tag: 1.9.1
-            -
-            -
            WordPress HTTPS is intended to be an all-in-one solution to using SSL on WordPress sites.
-            -
-            -
            == Description ==
-            -
            <ul>
-            -
             <li>Supports Shared and Private SSL.</li>
-            -
             <li>Change internal and external scripts, stylesheets and images to HTTPS if the page is being viewed via HTTPS to prevent partially encrypted errors.</li>
-            -
             <li>Force HTTPS on only the pages you need to be HTTPS.</li>
-            -
             <li>Force pages to HTTP that have not been forced to HTTPS.</li>
-            -
             <li>Prevent WordPress from changing all of your page, category and post links to HTTPS on HTTPS pages.</li>
-            -
            </ul>
-            -
-            -
            If you're having partially encrypted errors or other problems, please read the <a href="http://wordpress.org/extend/plugins/wordpress-https/faq/">FAQ</a>. If you're still having trouble, please <a href="http://wordpress.org/tags/wordpress-https#postform">start a support topic</a> and I will do my best to assist you.
-            -
-            -
            == Installation ==
-            -
-            -
            1. Upload the `wordpress-https` folder to the `/wp-content/plugins/` directory.
-            -
            1. Activate the plugin through the 'Plugins' menu in WordPress.
-            -
-            -
            == Frequently Asked Questions ==
-            -
-            -
            = How do I make my whole website HTTPS? =
-            -
-            -
            To make your entire website HTTPS, you simply need to change your home url and site url to HTTPS instead of HTTP. Please read <a href="http://codex.wordpress.org/Changing_The_Site_URL" target="_blank">how to change the site url</a>.
-            -
-            -
            = How do I make only my administration panel HTTPS? =
-            -
-            -
            WordPress already has this process well documented. Please read <a href="http://codex.wordpress.org/Administration_Over_SSL" target="_blank">how to set up administration over SSL</a>.
-            -
-            -
            If you are using Shared SSL, there is an option in WordPress HTTPS to Force Shared SSL Admin.
-            -
-            -
            = How do I make only certain pages HTTPS? =
-            -
-            -
            As of version 1.5, this plugin grants that ability. Within the Publish box on the add/edit post screen, a checkbox for 'Force SSL' has been added to make this process easy. See Screenshots if you're having a hard time finding it.
-            -
-            -
            = How do I fix partially encrypted errors? =
-            -
-            -
            To identify what is causing your page(s) to be insecure, please follow the instructions below.
-            -
            <ol>
-            -
             <li>Download <a href="http://www.google.com/chrome" target="_blank">Google Chrome</a>.</li>
-            -
             <li>Open the page you're having trouble with in Google Chrome.</li>
-            -
             <li>Open the Developer Tools. <a href="http://code.google.com/chrome/devtools/docs/overview.html#access" target="_blank">How to access the Developer Tools.</a></li>
-            -
             <li>Click on the Console tab.</li>
-            -
            </ol>
-            -
            For each item that is making your page partially encrypted, you should see an entry in the console similar to "The page at https://www.example.com/ displayed insecure content from http://www.example.com/." Note that the URL that is loading insecure content is HTTP and not HTTPS.
-            -
-            -
            If you see any external elements (not hosted no your server) that are loading over HTTP, try enabling the 'External HTTPS Elements' option in the WordPress HTTPS settings.
-            -
-            -
            Any other insecure content warnings can generally be resolved by changing absolute references to elements, or removing the insecure elements from the page completely. Although WordPress HTTPS does its best to fix all insecure content, there are a few cases that are impossible to fix.
-            -
            <ul>
-            -
             <li>Elements loaded via JavaScript that are hard-coded to HTTP. Usually this can be fixed by altering the JavaScript calling these elements.</li>
-            -
             <li>External elements that can not be delivered over HTTPS. These elements will have to be removed from the page, or hosted locally so that they can be loaded over HTTPS.</li>
-            -
             <li>YouTube videos - YouTube does not allow videos to be streamed over HTTPS. YouTube videos will have to be removed from secure pages.</li>
-            -
             <li>Google Maps - Loading Google maps over HTTPS requires a Google Maps API Premiere account. (<a href="http://code.google.com/apis/maps/faq.html#ssl" target="_blank">source</a>)</li>
-            -
            </ul>
-            -
-            -
            == Screenshots ==
-            -
            1. WordPress HTTPS Settings screen
-            -
            2. Force SSL checkbox added to add/edit posts screen
-            -
-            -
            == Changelog ==
-            -
-            -
            = 1.9.1 =
-            -
            * Bug Fix - Cookies were not being set to the correct paths when logging in, causing logins to fail.
-            -
            * Bug Fix - Links to the front page when using latest posts were not correctly being set to HTTP/HTTPS.
-            -
            * Bug Fix - When using Shared SSL, the HTTPS version of the site_url was not being correctly replaced with the Shared SSL URL for internal elements.
-            -
            * Bug Fix - When using Shared SSL, the admin login page was not always redirecting properly due to output buffering.
-            -
            * Bug Fix - When using Shared SSL, the auth_redirect function was not redirecting to the Shared SSL URL.
-            -
            * Bug Fix - If the home_url contained 'www' but the URL appeared without 'www', the URL would not be fixed.
-            -
            * Stanards - Updated redirect method to use https or http as a an argument rather than true or false to better comply with WordPress coding standards.
-            -
            = 1.9 =
-            -
            * Created Updates widget on settings screen to allow for dynamic updates from the plugin developers.
-            -
            * Added support for PHP4.
-            -
            * Converted all spaces to tabs in source.
-            -
            * Force Shared SSL Admin option added to allow those using Shared SSL the ability to use their certificate for their admin dashboard.
-            -
            * Bug fix - Force SSL checkbox will now appear on WordPress versions below 2.9.
-            -
            * Bug fix - Password protected pages forced to SSL will now work properly.
-            -
            * Bug fix - Plugin should no longer break feeds.
-            -
            * Numerous other bug fixes that have since been forgotten due to the length of time this version has been in development.
-            -
            = 1.8.5 =
-            -
            * In version 1.8.5, when a page is forced to HTTPS, any links to that page will always be HTTPS, even when using the 'Disable Automatic HTTPS' option. Likewise, when the 'Force SSL Exclusively' option is enabled, all links to pages not forced to HTTPS will be changed to HTTP on HTTPS pages.
-            -
            * Updated RegEx's for more complicated URL's.
-            -
            * Bug fix - When in the admin panel, only link URL's are changed back to HTTP again.
-            -
            * Added support for using Shared SSL together with the FORCE_SSL_ADMIN and FORCE_SSL_LOGIN options.
-            -
            = 1.8.1 =
-            -
            * Re-enabled the canonical redirect for WordPres sites not using Shared SSL.
-            -
            = 1.8 =
-            -
            * Fixed cross-browser CSS issue on plugin settings page.
-            -
            * Corrected and updated plugin settings validation.
-            -
            * Lengthened the fade out timer on messages from the plugin settings page from 2 to 5 seconds so that the more lengthy error messages could be read before the message faded.
-            -
            * If viewing an admin page via SSL, and your Home URL is not set to HTTPS, links to the front-end of the website will be forced to HTTP. By default, WordPress changes these links to HTTPS.
-            -
            * When using Shared SSL, any anchor that links to the regular HTTPS version of the domain will be changed to use the Shared SSL Host.
-            -
            * Added embed and param tags to the list of tags that are fixed by WordPress HTTPS. This is to fix flash movies.
-            -
            = 1.7.5 =
-            -
            * Bug fix - When using 'Latest Posts' as the front page, the front page would redirect to HTTP when viewed over HTTPS even if the 'Force SSL Exclusively' option was disabled.
-            -
            * Prevented the 'Disable Automatic HTTPS' option from parsing URL's in the admin panel.
-            -
            * General code cleanup and such.
-            -
            = 1.7 =
-            -
            * Bug fix - External URL's were not being forced to HTTPS after the last update.
-            -
            * Added the functionality to correct relative URL's when using Shared SSL.
-            -
            * General code cleanup and such.
-            -
            = 1.6.5 =
-            -
            * Added support for Shared SSL.
-            -
            = 1.6.3 =
-            -
            * Changed the redirection check to use `template_redirect` hook rather than `get_header`.
-            -
            = 1.6.2 =
-            -
            * Tag links were not being set back to HTTP when the 'Disable Automatic HTTPS' option was enabled.
-            -
            = 1.6.1 =
-            -
            * Bug fix - front page redirection was causing issues when a static page was selected for the posts page.
-            -
            = 1.6 =
-            -
            * Added the ability to force the front page to HTTPS.
-            -
            * Multiple enhancements to core functionality of plugin. Mostly just changing code to integrate more smoothely with WordPress.
-            -
            * Enhancements have been made to the plugin's settings page.
-            -
            = 1.5.2 =
-            -
            * Fixed a bug that would prevent stylesheets from being fixed if the rel attribute came after the href attribute. Bug could have also caused errors with other tags.
-            -
            = 1.5.1 =
-            -
            * Added input elements with the type of 'image' to be filtered for insecure content.
-            -
            = 1.5 =
-            -
            * Added the ability to force SSL on certain pages.
-            -
            * Also added the option to exclusively force SSL on certain pages. Pages not forced to HTTPS are forced to HTTP.
-            -
            * Plugin now filters the `bloginfo` and `bloginfo_url` functions for HTTPS URL's when the 'Disable Automatic HTTPS' option is enabled in WordPress 3.0+.
-            -
            = 1.0.1 =
-            -
            * Bug fix.
-            -
            = 1.0 =
-            -
            * Major modifications to plugin structure, efficiency, and documentation.
-            -
            * Added the option to disable WordPress 3.0+ from changing all of your page, category and post links to HTTPS.
-            -
            = 0.5.1 =
-            -
            * Bug fix.
-            -
            = 0.5 =
-            -
            * Due to increasing concerns about plugin performance, the option to bypass the HTTPS check on external elements has been added.
-            -
            = 0.4 =
-            -
            * Plugin functions converted to OOP class.
-            -
            * The plugin will now attempt to set the allow_url_fopen option to true with `ini_set` function if possible.
-            -
            = 0.3 =
-            -
            * Added the option to change external elements to HTTPS if the external server allows the elements to be accessed via HTTPS.
-            -
            = 0.2 =
-            -
            * Changed the way in which HTTPS was detected to be more reliable.
-            -
            = 0.1 =
-            -
            * Initial Release.
-            -
-            -
            == Upgrade Notice ==
-            -
            = 1.7 =
-            -
            1.6.5 created a bug in which external elements were no longer forced to HTTPS. Please update to fix this.
-            -
            = 1.6.1 =
-            -
            Version 1.6.1 fixes a bug with using a static page for the posts page.
-            -
            = 1.0.1 =
-            -
            Version 1.0.1 fixes a bug in 1.0 that made it to release. Apologies!
-            -
            = 1.0 =
-            -
            Version 1.0 gives you the ability to disable WordPress 3.0+ from changing all of your page, category and post links to HTTPS.
-            -
            = 0.5.1 =
-            -
            Fixes `PHP Warning:  Invalid argument supplied for foreach()` error.
-            -
            = 0.3 =
-            -
            Version 0.3 gives you the option to change external elements to HTTPS if the external server allows the elements to be accessed via HTTPS.
-            -
            = 0.2 =
-            -
            Version 0.1 did not correctly detect HTTPS on IIS and possibly other servers. Please update to version 0.2 to fix this issue.


1	+ === WordPress HTTPS (SSL) ===
2	+ Contributors: Mvied
3	+ Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=6ZL95VTJ388HG
4	+ Tags: security, encryption, ssl, shared ssl, private ssl, http, https
5	+ Requires at least: 2.7.0
6	+ Tested up to: 3.2.1
7	+ Stable tag: 1.9.2
8	+
9	+ WordPress HTTPS is intended to be an all-in-one solution to using SSL on WordPress sites.
10	+
11	+ == Description ==
12	+ <ul>
13	+ <li>Supports Shared and Private SSL.</li>
14	+ <li>Change internal and external scripts, stylesheets and images to HTTPS if the page is being viewed via HTTPS to prevent partially encrypted errors.</li>
15	+ <li>Force HTTPS on only the pages you need to be HTTPS.</li>
16	+ <li>Force pages to HTTP that have not been forced to HTTPS.</li>
17	+ <li>Prevent WordPress from changing all of your page, category and post links to HTTPS on HTTPS pages.</li>
18	+ </ul>
19	+
20	+ If you're having partially encrypted errors or other problems, please read the <a href="http://wordpress.org/extend/plugins/wordpress-https/faq/">FAQ</a>. If you're still having trouble, please <a href="http://wordpress.org/tags/wordpress-https#postform">start a support topic</a> and I will do my best to assist you.
21	+
22	+ == Installation ==
23	+
24	+ 1. Upload the `wordpress-https` folder to the `/wp-content/plugins/` directory.
25	+ 1. Activate the plugin through the 'Plugins' menu in WordPress.
26	+
27	+ == Frequently Asked Questions ==
28	+
29	+ = How do I make my whole website HTTPS? =
30	+
31	+ To make your entire website HTTPS, you simply need to change your home url and site url to HTTPS instead of HTTP. Please read <a href="http://codex.wordpress.org/Changing_The_Site_URL" target="_blank">how to change the site url</a>.
32	+
33	+ = How do I make only my administration panel HTTPS? =
34	+
35	+ WordPress already has this process well documented. Please read <a href="http://codex.wordpress.org/Administration_Over_SSL" target="_blank">how to set up administration over SSL</a>.
36	+
37	+ If you are using Shared SSL, there is an option in WordPress HTTPS to Force Shared SSL Admin.
38	+
39	+ = How do I make only certain pages HTTPS? =
40	+
41	+ As of version 1.5, this plugin grants that ability. Within the Publish box on the add/edit post screen, a checkbox for 'Force SSL' has been added to make this process easy. See Screenshots if you're having a hard time finding it.
42	+
43	+ = How do I fix partially encrypted errors? =
44	+
45	+ To identify what is causing your page(s) to be insecure, please follow the instructions below.
46	+ <ol>
47	+ <li>Download <a href="http://www.google.com/chrome" target="_blank">Google Chrome</a>.</li>
48	+ <li>Open the page you're having trouble with in Google Chrome.</li>
49	+ <li>Open the Developer Tools. <a href="http://code.google.com/chrome/devtools/docs/overview.html#access" target="_blank">How to access the Developer Tools.</a></li>
50	+ <li>Click on the Console tab.</li>
51	+ </ol>
52	+ For each item that is making your page partially encrypted, you should see an entry in the console similar to "The page at https://www.example.com/ displayed insecure content from http://www.example.com/." Note that the URL that is loading insecure content is HTTP and not HTTPS.
53	+
54	+ If you see any external elements (not hosted no your server) that are loading over HTTP, try enabling the 'External HTTPS Elements' option in the WordPress HTTPS settings.
55	+
56	+ Any other insecure content warnings can generally be resolved by changing absolute references to elements, or removing the insecure elements from the page completely. Although WordPress HTTPS does its best to fix all insecure content, there are a few cases that are impossible to fix.
57	+ <ul>
58	+ <li>Elements loaded via JavaScript that are hard-coded to HTTP. Usually this can be fixed by altering the JavaScript calling these elements.</li>
59	+ <li>External elements that can not be delivered over HTTPS. These elements will have to be removed from the page, or hosted locally so that they can be loaded over HTTPS.</li>
60	+ <li>YouTube videos - YouTube does not allow videos to be streamed over HTTPS. YouTube videos will have to be removed from secure pages.</li>
61	+ <li>Google Maps - Loading Google maps over HTTPS requires a Google Maps API Premiere account. (<a href="http://code.google.com/apis/maps/faq.html#ssl" target="_blank">source</a>)</li>
62	+ </ul>
63	+
64	+ == Screenshots ==
65	+ 1. WordPress HTTPS Settings screen
66	+ 2. Force SSL checkbox added to add/edit posts screen
67	+
68	+ == Changelog ==
69	+
70	+ = 1.9.2 =
71	+ * Added External URL caching to the plugin so that external elements will only be checked for once, increasing the speed of sites not using the Bypass External Check option.
72	+ * Any forms whose action points to page that has the Forced SSL option on will be updated to HTTPS even on HTTP pages.
73	+ * Bug Fix - When using Shared SSL, permalink structure was being buggy.
74	+ * Bug Fix - Certain server configurations were causing the plugin to create redirect loops when using the Force SSL Exclusively option.
75	+ = 1.9.1 =
76	+ * Bug Fix - Cookies were not being set to the correct paths when logging in, causing logins to fail.
77	+ * Bug Fix - Links to the front page when using latest posts were not correctly being set to HTTP/HTTPS.
78	+ * Bug Fix - When using Shared SSL, the HTTPS version of the site_url was not being correctly replaced with the Shared SSL URL for internal elements.
79	+ * Bug Fix - When using Shared SSL, the admin login page was not always redirecting properly due to output buffering.
80	+ * Bug Fix - When using Shared SSL, the auth_redirect function was not redirecting to the Shared SSL URL.
81	+ * Bug Fix - If the home_url contained 'www' but the URL appeared without 'www', the URL would not be fixed.
82	+ * Standards - Updated redirect method to use https or http as a an argument rather than true or false to better comply with WordPress coding standards.
83	+ = 1.9 =
84	+ * Created Updates widget on settings screen to allow for dynamic updates from the plugin developers.
85	+ * Added support for PHP4.
86	+ * Converted all spaces to tabs in source.
87	+ * Force Shared SSL Admin option added to allow those using Shared SSL the ability to use their certificate for their admin dashboard.
88	+ * Bug fix - Force SSL checkbox will now appear on WordPress versions below 2.9.
89	+ * Bug fix - Password protected pages forced to SSL will now work properly.
90	+ * Bug fix - Plugin should no longer break feeds.
91	+ * Numerous other bug fixes that have since been forgotten due to the length of time this version has been in development.
92	+ = 1.8.5 =
93	+ * In version 1.8.5, when a page is forced to HTTPS, any links to that page will always be HTTPS, even when using the 'Disable Automatic HTTPS' option. Likewise, when the 'Force SSL Exclusively' option is enabled, all links to pages not forced to HTTPS will be changed to HTTP on HTTPS pages.
94	+ * Updated RegEx's for more complicated URL's.
95	+ * Bug fix - When in the admin panel, only link URL's are changed back to HTTP again.
96	+ * Added support for using Shared SSL together with the FORCE_SSL_ADMIN and FORCE_SSL_LOGIN options.
97	+ = 1.8.1 =
98	+ * Re-enabled the canonical redirect for WordPres sites not using Shared SSL.
99	+ = 1.8 =
100	+ * Fixed cross-browser CSS issue on plugin settings page.
101	+ * Corrected and updated plugin settings validation.
102	+ * Lengthened the fade out timer on messages from the plugin settings page from 2 to 5 seconds so that the more lengthy error messages could be read before the message faded.
103	+ * If viewing an admin page via SSL, and your Home URL is not set to HTTPS, links to the front-end of the website will be forced to HTTP. By default, WordPress changes these links to HTTPS.
104	+ * When using Shared SSL, any anchor that links to the regular HTTPS version of the domain will be changed to use the Shared SSL Host.
105	+ * Added embed and param tags to the list of tags that are fixed by WordPress HTTPS. This is to fix flash movies.
106	+ = 1.7.5 =
107	+ * Bug fix - When using 'Latest Posts' as the front page, the front page would redirect to HTTP when viewed over HTTPS even if the 'Force SSL Exclusively' option was disabled.
108	+ * Prevented the 'Disable Automatic HTTPS' option from parsing URL's in the admin panel.
109	+ * General code cleanup and such.
110	+ = 1.7 =
111	+ * Bug fix - External URL's were not being forced to HTTPS after the last update.
112	+ * Added the functionality to correct relative URL's when using Shared SSL.
113	+ * General code cleanup and such.
114	+ = 1.6.5 =
115	+ * Added support for Shared SSL.
116	+ = 1.6.3 =
117	+ * Changed the redirection check to use `template_redirect` hook rather than `get_header`.
118	+ = 1.6.2 =
119	+ * Tag links were not being set back to HTTP when the 'Disable Automatic HTTPS' option was enabled.
120	+ = 1.6.1 =
121	+ * Bug fix - front page redirection was causing issues when a static page was selected for the posts page.
122	+ = 1.6 =
123	+ * Added the ability to force the front page to HTTPS.
124	+ * Multiple enhancements to core functionality of plugin. Mostly just changing code to integrate more smoothely with WordPress.
125	+ * Enhancements have been made to the plugin's settings page.
126	+ = 1.5.2 =
127	+ * Fixed a bug that would prevent stylesheets from being fixed if the rel attribute came after the href attribute. Bug could have also caused errors with other tags.
128	+ = 1.5.1 =
129	+ * Added input elements with the type of 'image' to be filtered for insecure content.
130	+ = 1.5 =
131	+ * Added the ability to force SSL on certain pages.
132	+ * Also added the option to exclusively force SSL on certain pages. Pages not forced to HTTPS are forced to HTTP.
133	+ * Plugin now filters the `bloginfo` and `bloginfo_url` functions for HTTPS URL's when the 'Disable Automatic HTTPS' option is enabled in WordPress 3.0+.
134	+ = 1.0.1 =
135	+ * Bug fix.
136	+ = 1.0 =
137	+ * Major modifications to plugin structure, efficiency, and documentation.
138	+ * Added the option to disable WordPress 3.0+ from changing all of your page, category and post links to HTTPS.
139	+ = 0.5.1 =
140	+ * Bug fix.
141	+ = 0.5 =
142	+ * Due to increasing concerns about plugin performance, the option to bypass the HTTPS check on external elements has been added.
143	+ = 0.4 =
144	+ * Plugin functions converted to OOP class.
145	+ * The plugin will now attempt to set the allow_url_fopen option to true with `ini_set` function if possible.
146	+ = 0.3 =
147	+ * Added the option to change external elements to HTTPS if the external server allows the elements to be accessed via HTTPS.
148	+ = 0.2 =
149	+ * Changed the way in which HTTPS was detected to be more reliable.
150	+ = 0.1 =
151	+ * Initial Release.
152	+
153	+ == Upgrade Notice ==
154	+ = 1.7 =
155	+ 1.6.5 created a bug in which external elements were no longer forced to HTTPS. Please update to fix this.
156	+ = 1.6.1 =
157	+ Version 1.6.1 fixes a bug with using a static page for the posts page.
158	+ = 1.0.1 =
159	+ Version 1.0.1 fixes a bug in 1.0 that made it to release. Apologies!
160	+ = 1.0 =
161	+ Version 1.0 gives you the ability to disable WordPress 3.0+ from changing all of your page, category and post links to HTTPS.
162	+ = 0.5.1 =
163	+ Fixes `PHP Warning: Invalid argument supplied for foreach()` error.
164	+ = 0.3 =
165	+ Version 0.3 gives you the option to change external elements to HTTPS if the external server allows the elements to be accessed via HTTPS.
166	+ = 0.2 =
167	+ Version 0.1 did not correctly detect HTTPS on IIS and possibly other servers. Please update to version 0.2 to fix this issue.

wordpress-https.php CHANGED Viewed

	@@ -4,7 +4,7 @@
4	Plugin URI: http://mvied.com/projects/wordpress-https/
5	Description: WordPress HTTPS is intended to be an all-in-one solution to using SSL on WordPress sites.
6	Author: Mike Ems
7	- Version: 1.9.1
8	Author URI: http://mvied.com/
9	*/
10
	@@ -18,7 +18,6 @@
18	* @return object
19	*
20	*/
21	-
22	if ( !class_exists('WordPressHTTPS') ) {
23	class WordPressHTTPS {
24
	@@ -27,7 +26,7 @@ if ( !class_exists('WordPressHTTPS') ) {
27	*
28	* @var int
29	*/
30	- var $plugin_version = '1.9.1';
31
32	/**
33	* Plugin URL
	@@ -55,14 +54,7 @@ if ( !class_exists('WordPressHTTPS') ) {
55	*
56	* @var boolean
57	*/
58	- var $shared_ssl = 0;
59	-
60	- /**
61	- * Shared SSL Admin
62	- *
63	- * @var boolean
64	- */
65	- var $shared_ssl_admin = 0;
66
67	/**
68	* Default options
	@@ -78,7 +70,8 @@ if ( !class_exists('WordPressHTTPS') ) {
78	'wordpress-https_frontpage'=> 0, // Force SSL on front page
79	'wordpress-https_sharedssl'=> 0, // Enable Shared SSL
80	'wordpress-https_sharedssl_admin' => 0, // Shared SSL for admin panel
81	- 'wordpress-https_sharedssl_host' => '' // Hostname for Shared SSL

82	);
83
84	/**
	@@ -112,29 +105,29 @@ if ( !class_exists('WordPressHTTPS') ) {
112	$this->https_url = $this->replace_http($this->http_url);
113
114	// Shared SSL
115	- if (get_option('wordpress-https_sharedssl') == 1 && get_option('wordpress-https_sharedssl_host') != '') {
116	// Turn on Shared SSL
117	- $this->shared_ssl = 1;
118	// Assign HTTPS URL to Shared SSL Host
119	$this->https_url = get_option('wordpress-https_sharedssl_host');
120	// Prevent WordPress from causing a redirect loop
121	remove_filter('template_redirect', 'redirect_canonical');
122	// Remove Shared SSL authentication cookies on logout
123	- add_action('clear_auth_cookie', array( &$this, 'clear_auth_cookie' ));
124	}
125
126	// Fix admin_url for Shared SSL login
127	- if ( $GLOBALS['pagenow'] == 'wp-login.php' && $this->shared_ssl ~~== 1~~ && $this->is_ssl() ) {
128	- add_filter( 'admin_url', array( &$this, 'replace_http_url' ) );
129	}
130
131	// Filter site_url in admin panel when using Shared SSL
132	- if ( is_admin() && $this->shared_ssl ~~== 1~~ && $this->is_ssl() ) {
133	- add_filter( 'site_url', array( &$this, 'replace_http_url' ) );
134	}
135
136	// Redirect login page if using Shared SSL. This is not pluggable due to the redirect methods used in wp-login.php
137	- if ( $GLOBALS['pagenow'] == 'wp-login.php' && $this->shared_ssl ~~== 1~~ && !$this->is_ssl() && get_option('wordpress-https_sharedssl_admin') == 1 ) {
138	$this->redirect('https');
139	}
140
	@@ -147,7 +140,7 @@ if ( !class_exists('WordPressHTTPS') ) {
147
148	// Load on plugins page
149	if ( $GLOBALS['pagenow'] == 'plugins.php' ) {
150	- add_filter( 'plugin_row_meta', array( &$this, 'plugin_links' ), 10, 2);
151	}
152
153	// Load on Settings page
	@@ -155,6 +148,10 @@ if ( !class_exists('WordPressHTTPS') ) {
155	wp_enqueue_script('jquery-form', $this->plugin_url . '/js/jquery.form.js', array('jquery'), '2.47', true);
156	wp_enqueue_script('wordpress-https', $this->plugin_url . '/js/admin.php', array('jquery'), $this->plugin_version, true);
157	wp_enqueue_style('wordpress-https', $this->plugin_url . '/css/admin.css', $this->plugin_version, true);




158	}
159
160	// Add 'Force SSL' checkbox to add/edit post pages
	@@ -255,7 +252,7 @@ if ( !class_exists('WordPressHTTPS') ) {
255	$cookie_path_plugins = rtrim(parse_url($this->https_url, PHP_URL_PATH), '/') . PLUGINS_COOKIE_PATH;
256	$cookie_path_admin = $cookie_path_site . 'wp-admin';
257
258	- if ( $this->shared_ssl ~~== 1~~ && $this->is_ssl() ) {
259	setcookie($auth_cookie_name, $auth_cookie, $expire, $cookie_path_plugins, $cookie_domain, $secure, true);
260	setcookie($auth_cookie_name, $auth_cookie, $expire, $cookie_path_admin, $cookie_domain, $secure, true);
261	setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, $cookie_path, $cookie_domain, false, true);
	@@ -331,7 +328,7 @@ if ( !class_exists('WordPressHTTPS') ) {
331	$redirect = ( strpos($_SERVER['REQUEST_URI'], '/options.php') && wp_get_referer() ) ? wp_get_referer() : $proto . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
332
333	// Rewrite URL to Shared SSL URL
334	- if ( $this->shared_ssl ~~== 1~~ && strpos($redirect, 'https://') !== false ) {
335	$redirect = $this->replace_http_url( $redirect );
336	}
337
	@@ -356,6 +353,8 @@ if ( !class_exists('WordPressHTTPS') ) {
356	preg_match_all('/\<(script\|link\|img\|input\|form\|embed\|param)[^>]+((http\|https):\/\/[\/-\w\.#?=\+&;]+)[^>]+>/im', $buffer, $matches);
357	}
358


359	for ($i = 0; $i<=sizeof($matches[0]); $i++) {
360	$html = $matches[0][$i];
361	$type = $matches[1][$i];
	@@ -364,27 +363,31 @@ if ( !class_exists('WordPressHTTPS') ) {
364
365	if ( $type == 'img' \|\| $type == 'script' \|\| $type == 'embed' \|\|
366	( $type == 'link' && ( strpos($html, 'stylesheet') !== false \|\| strpos($html, 'pingback') !== false ) ) \|\|
367	- ( $type == 'form' && strpos($html, 'loginform') !== false ) \|\|
368	- ( $type == 'form' && strpos($html, 'wp-pass.php') !== false ) \|\|
369	( $type == 'input' && strpos($html, 'image') !== false ) \|\|
370	( $type == 'param' && strpos($html, 'movie') !== false )
371	) {
372	if ( is_admin() && $type == 'img' ) {
373	- if ( strpos($url, $this->replace_http($this->http_url)) !== false && $this->shared_ssl ~~== 1~~ ) {
374	- $buffer = str_replace($html, $this->replace_http_url($html), $buffer);
375	}
376	} else {
377	if ( strpos($url, $this->http_url) !== false && get_option('wordpress-https_internalurls') == 1 ) {
378	- $buffer = str_replace($html, $this->replace_http_url($html), $buffer);
379	- } else if ( strpos($url, $this->replace_http($this->http_url)) !== false && $this->shared_ssl ~~== 1~~ ) {
380	- $buffer = str_replace($html, $this->replace_http_url($html), $buffer);
381	} else if ( $this->shared_ssl && get_option('wordpress-https_internalurls') == 1 && strpos($html, $this->http_url) !== false ) {
382	- $buffer = str_replace($html, $this->replace_http_url($html), $buffer);
383	} else if ( strpos($url, $this->https_url) === false && strpos($url, 'https://') === false && get_option('wordpress-https_externalurls') == 1 ) {
384	if ( get_option('wordpress-https_bypass') == 1 ) {
385	- $buffer = str_replace($html, $this->replace_http($html), $buffer);
386	- } else if ( @file_get_contents($this->replace_http($url)) !== false ) {
387	- $buffer = str_replace($html, $this->replace_http($html), $buffer);





388	}
389	}
390	}
	@@ -397,46 +400,47 @@ if ( !class_exists('WordPressHTTPS') ) {
397	$css = $matches[0][$i];
398	$url = $matches[1][$i];
399
400	- $buffer = str_replace($css, $this->replace_http_url($css), $buffer);
401	}
402
403	// Look for any relative paths that should be udpated to the Shared SSL path
404	- if ( $this->shared_ssl ~~== 1~~ ) {
405	preg_match_all('/\<(script\|link\|img\|input\|form\|embed\|param\|a)[^>]+[\'"](\/[\/-\w\.#?=\+&;]*)[^>]+>/im', $buffer, $matches);
406
407	for ($i = 0; $i<=sizeof($matches[0]); $i++) {
408	$html = $matches[0][$i];
409	$type = $matches[1][$i];
410	- $url= $matches[2][$i];
411	-
412	- $buffer = str_replace($html, str_replace($url, $this->https_url . $url, $html), $buffer);

413	}
414	}
415	}
416
417	- // Update anchor tags to appropriate URL's
418	- preg_match_all('/\<a[^>]+[\'"]((http\|https):\/\/[\/-\w\.#?=\+&;]+)[^>]+>/im', $buffer, $matches);
419
420	for ($i = 0; $i<=sizeof($matches[0]); $i++) {
421	$html = $matches[0][$i];
422	- $~~url~~ = $matches[1][$i];
423	- $~~scheme~~ = $matches[2][$i];

424
425	unset($force_ssl);
426
427	$url_path = parse_url($url, PHP_URL_PATH);
428	- if ($this->shared_ssl) {
429	$url_path = str_replace(parse_url($this->https_url, PHP_URL_PATH), '', $url_path);
430	- } else {
431	- $url_path = str_replace(parse_url(get_option('home'), PHP_URL_PATH), '', $url_path);
432	}

433
434	if ( preg_match("/page_id=([\d]+)/", parse_url($url, PHP_URL_QUERY), $postID) == 1 ) {
435	$post = $postID[1];
436	- } else if ($post = get_page_by_path($url_path)) {
437	$post = $post->ID;
438	- } else if ($url_path == '/') {
439	- if (get_option('show_on_front') == 'posts') {
440	$post = true;
441	$force_ssl = (( get_option('wordpress-https_frontpage') == 1 ) ? true : false);
442	} else {
	@@ -444,26 +448,27 @@ if ( !class_exists('WordPressHTTPS') ) {
444	}
445	}
446
447	- if ($post) {
448	$force_ssl = (( !isset($force_ssl) ) ? get_post_meta($post, 'force_ssl', true) : $force_ssl);
449
450	- if ($force_ssl) {
451	- $buffer = str_replace($html, $this->replace_http_url($html), $buffer);
452	- } else if (get_option('wordpress-https_exclusive_https') == 1) {
453	$buffer = str_replace($html, str_replace($this->https_url, $this->http_url, $html), $buffer);
454	}
455	}
456	}
457
458	- // Fix any ~~links~~ that contain the HTTPS version of the regular domain when using Shared SSL
459	if ( $this->shared_ssl && get_option('wordpress-https_internalurls') == 1 ) {
460	$regex_url = preg_quote($this->replace_http($this->http_url));
461	$regex_url = str_replace('/', '\/', $regex_url);
462	- preg_match_all('/\<a[^>]+(' . $regex_url . ')[^>]+>/im', $buffer, $matches);
463
464	for ($i = 0; $i<=sizeof($matches[0]); $i++) {
465	$html = $matches[0][$i];
466	- $~~url~~= $matches[1][$i];

467
468	$buffer = str_replace($html, str_replace($url, $this->https_url, $html), $buffer);
469	}
	@@ -480,9 +485,9 @@ if ( !class_exists('WordPressHTTPS') ) {
480	*/
481	function is_ssl() {
482	// Some extra checks for proxies and Shared SSL
483	- if ( isset($_SERVER['HTTP_X_FORWARDED_SERVER']) && !is_ssl() && strpos($this->https_url, $_SERVER['HTTP_X_URL_SCHEME'] . '://' . $_SERVER['HTTP_X_FORWARDED_SERVER']) !== false ) {
484	return true;
485	- } else if ( $this->shared_ssl ~~== 1~~ && !is_ssl() && strpos($this->https_url, $_SERVER['HTTP_HOST']) !== false ) {
486	return true;
487	}
488	return is_ssl();
	@@ -503,7 +508,7 @@ if ( !class_exists('WordPressHTTPS') ) {
503	$this->redirect('http');
504	}
505	} else if ( ( is_single() \|\| is_page() \|\| is_front_page() \|\| is_home() ) && $post->ID > 0 ) {
506	- $forceSSL = get_post_meta($post->ID, 'force_ssl');
507	if ( !$this->is_ssl() && $forceSSL ) {
508	$this->redirect('https');
509	} else if ( get_option('wordpress-https_exclusive_https') == 1 && !$forceSSL ) {
	@@ -528,9 +533,9 @@ if ( !class_exists('WordPressHTTPS') ) {
528	} else {
529	$url = false;
530	}
531	- if ($url) {
532	- $destination = $url['scheme'] . '://' . $url['host'] . (( $this->shared_ssl ~~== 1~~ ) ? $url['path'] : '') . $_SERVER['REQUEST_URI'];
533	- if (function_exists('wp_redirect')) {
534	wp_redirect($destination, 301);
535	} else {
536	// End all output buffering and redirect
	@@ -553,7 +558,7 @@ if ( !class_exists('WordPressHTTPS') ) {
553	wp_nonce_field(plugin_basename(__FILE__), 'wordpress-https');
554
555	$checked = false;
556	- if ($post->ID) {
557	$checked = get_post_meta($post->ID, 'force_ssl', true);
558	}
559	echo '<div class="misc-pub-section misc-pub-section-last" style="border-top: 1px solid #EEE;"><label>Force SSL: <input type="checkbox" value="1" name="force_ssl" id="force_ssl"'.(($checked) ? ' checked="checked"' : '').' /></label></div>';
	@@ -585,8 +590,8 @@ if ( !class_exists('WordPressHTTPS') ) {
585	}
586	}
587
588	- $forceSSL = (($_POST['force_ssl'] == 1) ? true : false);
589	- if ($forceSSL) {
590	update_post_meta($post_id, 'force_ssl', 1);
591	} else {
592	delete_post_meta($post_id, 'force_ssl');
	@@ -605,7 +610,7 @@ if ( !class_exists('WordPressHTTPS') ) {
605	* @return string $result
606	*/
607	function bloginfo($result = '', $show = '') {
608	- if ($show == 'stylesheet_url' \|\| $show == 'template_url' \|\| $show == 'wpurl' \|\| $show == 'home' \|\| $show == 'siteurl' \|\| $show == 'url') {
609	$result = $this->replace_https($result);
610	}
611	return $result;
	@@ -636,7 +641,7 @@ if ( !class_exists('WordPressHTTPS') ) {
636	$links[] = '<a href="' . site_url() . '/wp-admin/options-general.php?page=wordpress-https" title="WordPress HTTPS Settings">Settings</a>';
637	$links[] = '<a href="http://wordpress.org/extend/plugins/wordpress-https/faq/" title="Frequently Asked Questions">FAQ</a>';
638	$links[] = '<a href="http://wordpress.org/tags/wordpress-https#postform" title="Support">Support</a>';
639	- $links[] = '<a href="https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=~~6ZL95VTJ388HG~~" title="Support WordPress HTTPS development with a donation!">Donate</a>';
640	return $links;
641	}
642
	@@ -723,7 +728,7 @@ if ( !class_exists('WordPressHTTPS') ) {
723	$errors = array();
724
725	foreach ($this->options_default as $key => $default) {
726	- if (!array_key_exists($key, $_POST) && $default == 0) {
727	$_POST[$key] = 0;
728	update_option($key, $_POST[$key]);
729	} else {
	@@ -748,7 +753,7 @@ if ( !class_exists('WordPressHTTPS') ) {
748	} else if ( $key == 'wordpress-https_externalurls' && @ini_get('allow_url_fopen') != 1 ) {
749	$errors[] = '<strong>External HTTPS Elements</strong> - PHP configuration error: allow_url_fopen must be enabled.';
750	$_POST[$key] = 0;
751	- } else if ($key == 'wordpress-https_disable_autohttps' && version_compare(get_bloginfo('version'),'3.0','<')) {
752	$_POST[$key] = 0;
753	}
754
	@@ -757,7 +762,8 @@ if ( !class_exists('WordPressHTTPS') ) {
757	}
758
759	if ( array_key_exists('ajax', $_POST) ) {
760	- ~~ob_clean~~();

761	if ( sizeof( $errors ) > 0 ) {
762	echo "<div class=\"error below-h2 fade\" id=\"message\">\n\t<ul>\n";
763	foreach ( $errors as $error ) {
	@@ -848,7 +854,7 @@ if ( !class_exists('WordPressHTTPS') ) {
848	<p class="description">Warning: Bypassing the HTTPS check for external elements may cause elements to not load at all. Only enable this option if you know that all external elements can be loaded over HTTPS.</p>
849	</fieldset>
850
851	- <?php if (version_compare(get_bloginfo('version'),'3.0','>=')) { ?>
852	<fieldset>
853	<label for="wordpress-https_disable_autohttps"><input name="wordpress-https_disable_autohttps" type="checkbox" id="wordpress-https_disable_autohttps" value="1"<?php echo ((get_option('wordpress-https_disable_autohttps')) ? ' checked="checked"' : ''); ?> /> <strong>Disable Automatic HTTPS</strong></label>
854	<p>Prevents WordPress 3.0+ from making all links HTTPS when viewing a secure page.</p>
	@@ -859,7 +865,7 @@ if ( !class_exists('WordPressHTTPS') ) {
859	<fieldset>
860	<label for="wordpress-https_exclusive_https"><input name="wordpress-https_exclusive_https" type="checkbox" id="wordpress-https_exclusive_https" value="1"<?php echo ((get_option('wordpress-https_exclusive_https')) ? ' checked="checked"' : ''); ?> /> <strong>Force SSL Exclusively</strong></label>
861	<p>Exclusively force SSL on posts and pages with the `Force SSL` option checked. All others are redirected to HTTP.</p>
862	- <p class="description">WordPress HTTPS adds a 'Force SSL' checkbox to each post and page right above the publish button (<a href="<?php echo $this->plugin_url; ?>/screenshot-2.png" ~~target~~="~~_blank~~">screenshot</a>). When selected, the post or page will be forced to HTTPS. With this option enabled, all posts and pages without 'Force SSL' checked will be redirected to HTTP.</p>
863	</fieldset>
864
865	<fieldset>
	@@ -874,7 +880,7 @@ if ( !class_exists('WordPressHTTPS') ) {
874	<p class="description">Notice: FORCE_SSL_ADMIN and FORCE_SSL_LOGIN can not be set to true in your wp-config.php.</p>
875	</fieldset>
876
877	- <?php if (get_option('show_on_front') == 'posts') { ?>
878	<fieldset>
879	<label for="wordpress-https_frontpage"><input name="wordpress-https_frontpage" type="checkbox" id="wordpress-https_frontpage" value="1"<?php echo ((get_option('wordpress-https_frontpage')) ? ' checked="checked"' : ''); ?> /> <strong>HTTPS Front Page</strong></label>
880	<p>It appears you are using your latest posts for your home page. If you would like that page to have SSL enforced, enable this option.</p>
	@@ -900,7 +906,7 @@ if ( class_exists('WordPressHTTPS') ) {
900	}
901
902	// Use WordPress HTTPS wp_set_auth_cookie method for WordPress' wp_set_auth_cookie pluggable function if using Shared SSL
903	- if ( $wordpress_https->shared_ssl ~~== 1~~ && !function_exists('wp_set_auth_cookie') ) {
904	function wp_set_auth_cookie($user_id, $remember, $secure) {
905	global $wordpress_https;
906	return $wordpress_https->wp_set_auth_cookie($user_id, $remember, $secure);
	@@ -908,7 +914,7 @@ if ( $wordpress_https->shared_ssl == 1 && !function_exists('wp_set_auth_cookie')
908	}
909
910	// Use WordPress HTTPS auth_redirect method for WordPress' auth_redirect pluggable function if using Shared SSL
911	- if ( $wordpress_https->shared_ssl ~~== 1~~ && !function_exists('auth_redirect') ) {
912	function auth_redirect() {
913	global $wordpress_https;
914	return $wordpress_https->auth_redirect();


4	Plugin URI: http://mvied.com/projects/wordpress-https/
5	Description: WordPress HTTPS is intended to be an all-in-one solution to using SSL on WordPress sites.
6	Author: Mike Ems
7	+ Version: 1.9.2
8	Author URI: http://mvied.com/
9	*/
10

18	* @return object
19	*
20	*/

21	if ( !class_exists('WordPressHTTPS') ) {
22	class WordPressHTTPS {
23

26	*
27	* @var int
28	*/
29	+ var $plugin_version = '1.9.2';
30
31	/**
32	* Plugin URL

54	*
55	* @var boolean
56	*/
57	+ var $shared_ssl = false;







58
59	/**
60	* Default options

70	'wordpress-https_frontpage'=> 0, // Force SSL on front page
71	'wordpress-https_sharedssl'=> 0, // Enable Shared SSL
72	'wordpress-https_sharedssl_admin' => 0, // Shared SSL for admin panel
73	+ 'wordpress-https_sharedssl_host' => '', // Hostname for Shared SSL
74	+ 'wordpress-https_external_urls' => array() // External URL's that are okay to rewrite to HTTPS
75	);
76
77	/**

105	$this->https_url = $this->replace_http($this->http_url);
106
107	// Shared SSL
108	+ if ( get_option('wordpress-https_sharedssl') == 1 && get_option('wordpress-https_sharedssl_host') != '' ) {
109	// Turn on Shared SSL
110	+ $this->shared_ssl = true;
111	// Assign HTTPS URL to Shared SSL Host
112	$this->https_url = get_option('wordpress-https_sharedssl_host');
113	// Prevent WordPress from causing a redirect loop
114	remove_filter('template_redirect', 'redirect_canonical');
115	// Remove Shared SSL authentication cookies on logout
116	+ add_action('clear_auth_cookie', array(&$this, 'clear_auth_cookie'));
117	}
118
119	// Fix admin_url for Shared SSL login
120	+ if ( $GLOBALS['pagenow'] == 'wp-login.php' && $this->shared_ssl && $this->is_ssl() ) {
121	+ add_filter('admin_url', array(&$this, 'replace_http_url'));
122	}
123
124	// Filter site_url in admin panel when using Shared SSL
125	+ if ( is_admin() && $this->shared_ssl && $this->is_ssl() ) {
126	+ add_filter( 'site_url', array(&$this, 'replace_http_url'));
127	}
128
129	// Redirect login page if using Shared SSL. This is not pluggable due to the redirect methods used in wp-login.php
130	+ if ( $GLOBALS['pagenow'] == 'wp-login.php' && $this->shared_ssl && !$this->is_ssl() && get_option('wordpress-https_sharedssl_admin') == 1 ) {
131	$this->redirect('https');
132	}
133

140
141	// Load on plugins page
142	if ( $GLOBALS['pagenow'] == 'plugins.php' ) {
143	+ add_filter( 'plugin_row_meta', array(&$this, 'plugin_links'), 10, 2);
144	}
145
146	// Load on Settings page

148	wp_enqueue_script('jquery-form', $this->plugin_url . '/js/jquery.form.js', array('jquery'), '2.47', true);
149	wp_enqueue_script('wordpress-https', $this->plugin_url . '/js/admin.php', array('jquery'), $this->plugin_version, true);
150	wp_enqueue_style('wordpress-https', $this->plugin_url . '/css/admin.css', $this->plugin_version, true);
151	+
152	+ if ( function_exists('add_thickbox') ) {
153	+ add_thickbox();
154	+ }
155	}
156
157	// Add 'Force SSL' checkbox to add/edit post pages

252	$cookie_path_plugins = rtrim(parse_url($this->https_url, PHP_URL_PATH), '/') . PLUGINS_COOKIE_PATH;
253	$cookie_path_admin = $cookie_path_site . 'wp-admin';
254
255	+ if ( $this->shared_ssl && $this->is_ssl() ) {
256	setcookie($auth_cookie_name, $auth_cookie, $expire, $cookie_path_plugins, $cookie_domain, $secure, true);
257	setcookie($auth_cookie_name, $auth_cookie, $expire, $cookie_path_admin, $cookie_domain, $secure, true);
258	setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, $cookie_path, $cookie_domain, false, true);

328	$redirect = ( strpos($_SERVER['REQUEST_URI'], '/options.php') && wp_get_referer() ) ? wp_get_referer() : $proto . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
329
330	// Rewrite URL to Shared SSL URL
331	+ if ( $this->shared_ssl && strpos($redirect, 'https://') !== false ) {
332	$redirect = $this->replace_http_url( $redirect );
333	}
334

353	preg_match_all('/\<(script\|link\|img\|input\|form\|embed\|param)[^>]+((http\|https):\/\/[\/-\w\.#?=\+&;]+)[^>]+>/im', $buffer, $matches);
354	}
355
356	+ $external_urls = get_option('wordpress-https_external_urls');
357	+
358	for ($i = 0; $i<=sizeof($matches[0]); $i++) {
359	$html = $matches[0][$i];
360	$type = $matches[1][$i];

363
364	if ( $type == 'img' \|\| $type == 'script' \|\| $type == 'embed' \|\|
365	( $type == 'link' && ( strpos($html, 'stylesheet') !== false \|\| strpos($html, 'pingback') !== false ) ) \|\|
366	+ ( $type == 'form' && ( strpos($html, 'loginform') !== false \|\| strpos($html, 'wp-pass.php') !== false ) ) \|\|

367	( $type == 'input' && strpos($html, 'image') !== false ) \|\|
368	( $type == 'param' && strpos($html, 'movie') !== false )
369	) {
370	if ( is_admin() && $type == 'img' ) {
371	+ if ( strpos($url, $this->replace_http($this->http_url)) !== false && $this->shared_ssl ) {
372	+ $buffer = str_replace($html, str_replace($url, $this->replace_http_url($url), $html), $buffer);
373	}
374	} else {
375	if ( strpos($url, $this->http_url) !== false && get_option('wordpress-https_internalurls') == 1 ) {
376	+ $buffer = str_replace($html, str_replace($url, $this->replace_http_url($url), $html), $buffer);
377	+ } else if ( strpos($url, $this->replace_http($this->http_url)) !== false && $this->shared_ssl ) {
378	+ $buffer = str_replace($html, str_replace($url, $this->replace_http_url($url), $html), $buffer);
379	} else if ( $this->shared_ssl && get_option('wordpress-https_internalurls') == 1 && strpos($html, $this->http_url) !== false ) {
380	+ $buffer = str_replace($html, str_replace($url, $this->replace_http_url($url), $html), $buffer);
381	} else if ( strpos($url, $this->https_url) === false && strpos($url, 'https://') === false && get_option('wordpress-https_externalurls') == 1 ) {
382	if ( get_option('wordpress-https_bypass') == 1 ) {
383	+ $buffer = str_replace($html, str_replace($url, $this->replace_http($url), $html), $buffer);
384	+ } else if ( in_array($url, $external_urls) \|\| @file_get_contents($this->replace_http($url)) !== false ) {
385	+ $buffer = str_replace($html, str_replace($url, $this->replace_http($url), $html), $buffer);
386	+ // Cache this URL as available over HTTPS for future reference
387	+ if ( !in_array($url, $external_urls) ) {
388	+ $external_urls[] = $url;
389	+ update_option('wordpress-https_external_urls', $external_urls);
390	+ }
391	}
392	}
393	}

400	$css = $matches[0][$i];
401	$url = $matches[1][$i];
402
403	+ $buffer = str_replace($css, str_replace($url, $this->replace_http_url($url), $css), $buffer);
404	}
405
406	// Look for any relative paths that should be udpated to the Shared SSL path
407	+ if ( $this->shared_ssl ) {
408	preg_match_all('/\<(script\|link\|img\|input\|form\|embed\|param\|a)[^>]+[\'"](\/[\/-\w\.#?=\+&;]*)[^>]+>/im', $buffer, $matches);
409
410	for ($i = 0; $i<=sizeof($matches[0]); $i++) {
411	$html = $matches[0][$i];
412	$type = $matches[1][$i];
413	+ $url = $matches[2][$i];
414	+ if ( $type != 'input' \|\| ( $type == 'input' && strpos($html, 'image') !== false ) ) {
415	+ $buffer = str_replace($html, str_replace($url, $this->https_url . $url, $html), $buffer);
416	+ }
417	}
418	}
419	}
420
421	+ // Update anchor and form tags to appropriate URL's
422	+ preg_match_all('/\<(a\|form)[^>]+[\'"]((http\|https):\/\/[\/-\w\.#?=\+&;]+)[^>]+>/im', $buffer, $matches);
423
424	for ($i = 0; $i<=sizeof($matches[0]); $i++) {
425	$html = $matches[0][$i];
426	+ $type = $matches[1][$i];
427	+ $url = $matches[2][$i];
428	+ $scheme = $matches[3][$i];
429
430	unset($force_ssl);
431
432	$url_path = parse_url($url, PHP_URL_PATH);
433	+ if ( $this->shared_ssl ) {
434	$url_path = str_replace(parse_url($this->https_url, PHP_URL_PATH), '', $url_path);


435	}
436	+ $url_path = str_replace(parse_url(get_option('home'), PHP_URL_PATH), '', $url_path);
437
438	if ( preg_match("/page_id=([\d]+)/", parse_url($url, PHP_URL_QUERY), $postID) == 1 ) {
439	$post = $postID[1];
440	+ } else if ( $post = get_page_by_path($url_path) ) {
441	$post = $post->ID;
442	+ } else if ( $url_path == '/' ) {
443	+ if ( get_option('show_on_front') == 'posts' ) {
444	$post = true;
445	$force_ssl = (( get_option('wordpress-https_frontpage') == 1 ) ? true : false);
446	} else {

448	}
449	}
450
451	+ if ( $post ) {
452	$force_ssl = (( !isset($force_ssl) ) ? get_post_meta($post, 'force_ssl', true) : $force_ssl);
453
454	+ if ( $force_ssl ) {
455	+ $buffer = str_replace($html, str_replace($url, $this->replace_http_url($url), $html), $buffer);
456	+ } else if ( get_option('wordpress-https_exclusive_https') == 1 ) {
457	$buffer = str_replace($html, str_replace($this->https_url, $this->http_url, $html), $buffer);
458	}
459	}
460	}
461
462	+ // Fix any anchor or form tags that contain the HTTPS version of the regular domain when using Shared SSL
463	if ( $this->shared_ssl && get_option('wordpress-https_internalurls') == 1 ) {
464	$regex_url = preg_quote($this->replace_http($this->http_url));
465	$regex_url = str_replace('/', '\/', $regex_url);
466	+ preg_match_all('/\<(a\|form)[^>]+(' . $regex_url . ')[^>]+>/im', $buffer, $matches);
467
468	for ($i = 0; $i<=sizeof($matches[0]); $i++) {
469	$html = $matches[0][$i];
470	+ $type = $matches[1][$i];
471	+ $url = $matches[2][$i];
472
473	$buffer = str_replace($html, str_replace($url, $this->https_url, $html), $buffer);
474	}

485	*/
486	function is_ssl() {
487	// Some extra checks for proxies and Shared SSL
488	+ if ( isset($_SERVER['HTTP_X_URL_SCHEME']) && isset($_SERVER['HTTP_X_FORWARDED_SERVER']) && !is_ssl() && strpos($this->https_url, $_SERVER['HTTP_X_URL_SCHEME'] . '://' . $_SERVER['HTTP_X_FORWARDED_SERVER']) !== false ) {
489	return true;
490	+ } else if ( $this->shared_ssl && !is_ssl() && strpos($this->https_url, $_SERVER['HTTP_HOST']) !== false ) {
491	return true;
492	}
493	return is_ssl();

508	$this->redirect('http');
509	}
510	} else if ( ( is_single() \|\| is_page() \|\| is_front_page() \|\| is_home() ) && $post->ID > 0 ) {
511	+ $forceSSL = get_post_meta($post->ID, 'force_ssl', true);
512	if ( !$this->is_ssl() && $forceSSL ) {
513	$this->redirect('https');
514	} else if ( get_option('wordpress-https_exclusive_https') == 1 && !$forceSSL ) {

533	} else {
534	$url = false;
535	}
536	+ if ( $url ) {
537	+ $destination = $url['scheme'] . '://' . $url['host'] . (( $this->shared_ssl ) ? $url['path'] : '') . $_SERVER['REQUEST_URI'];
538	+ if ( function_exists('wp_redirect') ) {
539	wp_redirect($destination, 301);
540	} else {
541	// End all output buffering and redirect

558	wp_nonce_field(plugin_basename(__FILE__), 'wordpress-https');
559
560	$checked = false;
561	+ if ( $post->ID ) {
562	$checked = get_post_meta($post->ID, 'force_ssl', true);
563	}
564	echo '<div class="misc-pub-section misc-pub-section-last" style="border-top: 1px solid #EEE;"><label>Force SSL: <input type="checkbox" value="1" name="force_ssl" id="force_ssl"'.(($checked) ? ' checked="checked"' : '').' /></label></div>';

590	}
591	}
592
593	+ $forceSSL = (( $_POST['force_ssl'] == 1 ) ? true : false);
594	+ if ( $forceSSL ) {
595	update_post_meta($post_id, 'force_ssl', 1);
596	} else {
597	delete_post_meta($post_id, 'force_ssl');

610	* @return string $result
611	*/
612	function bloginfo($result = '', $show = '') {
613	+ if ( $show == 'stylesheet_url' \|\| $show == 'template_url' \|\| $show == 'wpurl' \|\| $show == 'home' \|\| $show == 'siteurl' \|\| $show == 'url' ) {
614	$result = $this->replace_https($result);
615	}
616	return $result;

641	$links[] = '<a href="' . site_url() . '/wp-admin/options-general.php?page=wordpress-https" title="WordPress HTTPS Settings">Settings</a>';
642	$links[] = '<a href="http://wordpress.org/extend/plugins/wordpress-https/faq/" title="Frequently Asked Questions">FAQ</a>';
643	$links[] = '<a href="http://wordpress.org/tags/wordpress-https#postform" title="Support">Support</a>';
644	+ $links[] = '<a href="https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=N9NFVADLVUR7A" title="Support WordPress HTTPS development with a donation!">Donate</a>';
645	return $links;
646	}
647

728	$errors = array();
729
730	foreach ($this->options_default as $key => $default) {
731	+ if ( !array_key_exists($key, $_POST) && $default == 0 ) {
732	$_POST[$key] = 0;
733	update_option($key, $_POST[$key]);
734	} else {

753	} else if ( $key == 'wordpress-https_externalurls' && @ini_get('allow_url_fopen') != 1 ) {
754	$errors[] = '<strong>External HTTPS Elements</strong> - PHP configuration error: allow_url_fopen must be enabled.';
755	$_POST[$key] = 0;
756	+ } else if ( $key == 'wordpress-https_disable_autohttps' && version_compare(get_bloginfo('version'), '3.0', '<') ) {
757	$_POST[$key] = 0;
758	}
759

762	}
763
764	if ( array_key_exists('ajax', $_POST) ) {
765	+ while(@ob_end_clean());
766	+ ob_start();
767	if ( sizeof( $errors ) > 0 ) {
768	echo "<div class=\"error below-h2 fade\" id=\"message\">\n\t<ul>\n";
769	foreach ( $errors as $error ) {

854	<p class="description">Warning: Bypassing the HTTPS check for external elements may cause elements to not load at all. Only enable this option if you know that all external elements can be loaded over HTTPS.</p>
855	</fieldset>
856
857	+ <?php if ( version_compare(get_bloginfo('version'), '3.0', '>=') ) { ?>
858	<fieldset>
859	<label for="wordpress-https_disable_autohttps"><input name="wordpress-https_disable_autohttps" type="checkbox" id="wordpress-https_disable_autohttps" value="1"<?php echo ((get_option('wordpress-https_disable_autohttps')) ? ' checked="checked"' : ''); ?> /> <strong>Disable Automatic HTTPS</strong></label>
860	<p>Prevents WordPress 3.0+ from making all links HTTPS when viewing a secure page.</p>

865	<fieldset>
866	<label for="wordpress-https_exclusive_https"><input name="wordpress-https_exclusive_https" type="checkbox" id="wordpress-https_exclusive_https" value="1"<?php echo ((get_option('wordpress-https_exclusive_https')) ? ' checked="checked"' : ''); ?> /> <strong>Force SSL Exclusively</strong></label>
867	<p>Exclusively force SSL on posts and pages with the `Force SSL` option checked. All others are redirected to HTTP.</p>
868	+ <p class="description">WordPress HTTPS adds a 'Force SSL' checkbox to each post and page right above the publish button (<a href="<?php echo $this->plugin_url; ?>/screenshot-2.png" class="thickbox">screenshot</a>). When selected, the post or page will be forced to HTTPS. With this option enabled, all posts and pages without 'Force SSL' checked will be redirected to HTTP.</p>
869	</fieldset>
870
871	<fieldset>

880	<p class="description">Notice: FORCE_SSL_ADMIN and FORCE_SSL_LOGIN can not be set to true in your wp-config.php.</p>
881	</fieldset>
882
883	+ <?php if ( get_option('show_on_front') == 'posts' ) { ?>
884	<fieldset>
885	<label for="wordpress-https_frontpage"><input name="wordpress-https_frontpage" type="checkbox" id="wordpress-https_frontpage" value="1"<?php echo ((get_option('wordpress-https_frontpage')) ? ' checked="checked"' : ''); ?> /> <strong>HTTPS Front Page</strong></label>
886	<p>It appears you are using your latest posts for your home page. If you would like that page to have SSL enforced, enable this option.</p>

906	}
907
908	// Use WordPress HTTPS wp_set_auth_cookie method for WordPress' wp_set_auth_cookie pluggable function if using Shared SSL
909	+ if ( $wordpress_https->shared_ssl && !function_exists('wp_set_auth_cookie') ) {
910	function wp_set_auth_cookie($user_id, $remember, $secure) {
911	global $wordpress_https;
912	return $wordpress_https->wp_set_auth_cookie($user_id, $remember, $secure);

914	}
915
916	// Use WordPress HTTPS auth_redirect method for WordPress' auth_redirect pluggable function if using Shared SSL
917	+ if ( $wordpress_https->shared_ssl && !function_exists('auth_redirect') ) {
918	function auth_redirect() {
919	global $wordpress_https;
920	return $wordpress_https->auth_redirect();