WordPress HTTPS (SSL) - Version 3.0

Version Description

  • The plugin has been completely re-written.
  • Redirect loops should no longer be an issue.
  • Bugs are likely to occur.
Download this release

Release Info

Developer Mvied
Plugin Icon wp plugin WordPress HTTPS (SSL)
Version 3.0
Comparing to
See all releases

Code changes from version 2.0.4 to 3.0

Files changed (43) hide show
  1. .htaccess +1 -0
  2. admin/css/admin.css +19 -0
  3. admin/css/images/admin-icon.png +0 -0
  4. admin/css/images/admin-icon32.png +0 -0
  5. admin/css/images/lock-icon.png +0 -0
  6. admin/css/settings.css +92 -0
  7. admin/js/metabox.php +33 -0
  8. admin/templates/metabox/ajax.php +23 -0
  9. admin/templates/metabox/post.php +28 -0
  10. admin/templates/metabox/settings.php +102 -0
  11. admin/templates/settings.php +23 -0
  12. css/admin.css +0 -161
  13. css/images/help.png +0 -0
  14. css/images/widget-title-red.png +0 -0
  15. css/images/widget-title.png +0 -0
  16. css/images/wpspin_light.gif +0 -0
  17. js/admin.php +0 -72
  18. js/jquery.form.js +0 -10
  19. js/jquery.tooltip.js +0 -19
  20. js/sidebar.php +0 -24
  21. js/updates.php +0 -26
  22. lib/WordPressHTTPS.php +299 -0
  23. lib/WordPressHTTPS/Logger.php +100 -0
  24. lib/WordPressHTTPS/Logger/Interface.php +36 -0
  25. lib/WordPressHTTPS/Module.php +56 -0
  26. lib/WordPressHTTPS/Module/Admin.php +91 -0
  27. lib/WordPressHTTPS/Module/Admin/Post.php +99 -0
  28. lib/WordPressHTTPS/Module/Admin/Settings.php +245 -0
  29. lib/WordPressHTTPS/Module/Filters.php +170 -0
  30. lib/WordPressHTTPS/Module/Hooks.php +223 -0
  31. lib/WordPressHTTPS/Module/Interface.php +20 -0
  32. lib/WordPressHTTPS/Module/Parser.php +379 -0
  33. lib/WordPressHTTPS/Plugin.php +429 -0
  34. lib/WordPressHTTPS/Url.php +532 -0
  35. lib/Zend/Loader.php +329 -0
  36. lib/Zend/Loader/Autoloader.php +589 -0
  37. lib/Zend/Loader/Autoloader/Interface.php +43 -0
  38. lib/Zend/Loader/Autoloader/Resource.php +472 -0
  39. readme.txt +8 -4
  40. screenshot-1.png +0 -0
  41. screenshot-2.png +0 -0
  42. uninstall.php +3 -0
  43. wordpress-https.php +29 -1387
.htaccess ADDED
@@ -0,0 +1 @@
 
1
+ Options -Indexes
admin/css/admin.css ADDED
@@ -0,0 +1,19 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ #adminmenu .menu-top.toplevel_page_wordpress-https.current .wp-menu-image,
2
+ #adminmenu .menu-top.toplevel_page_wordpress-https.wp-has-current-submenu .wp-menu-image,
3
+ #adminmenu .menu-top.toplevel_page_wordpress-https:hover .wp-menu-image,
4
+ #adminmenu .menu-top.toplevel_page_wordpress-https.focused .wp-menu-image {
5
+ /* background-position: -360px -1px; */
6
+ background-position: 0% 0%;
7
+ }
8
+ #adminmenu .menu-top.toplevel_page_wordpress-https .wp-menu-image img {
9
+ display: none;
10
+ }
11
+
12
+ #adminmenu .menu-top.toplevel_page_wordpress-https div.wp-menu-image {
13
+ /* background: url('../../../../../wp-admin/images/menu.png') no-repeat scroll -360px -33px; */
14
+ background: url('images/admin-icon.png') no-repeat 0% 100%;;
15
+ }
16
+ #side-sortables #wordpress-https .inside {
17
+ padding: 0;
18
+ margin: 0;
19
+ }
admin/css/images/admin-icon.png ADDED
Binary file
admin/css/images/admin-icon32.png ADDED
Binary file
admin/css/images/lock-icon.png ADDED
Binary file
admin/css/settings.css ADDED
@@ -0,0 +1,92 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ #icon-options-https {
2
+ background: url(images/admin-icon32.png) no-repeat;
3
+ }
4
+
5
+ .meta-box-sortables {
6
+ margin: 0 8px;
7
+ }
8
+
9
+ #poststuff .column-primary {
10
+ width: 60%;
11
+ padding: 0;
12
+ }
13
+ #poststuff .column-secondary {
14
+ width: 40%;
15
+ float: right;
16
+ padding: 0;
17
+ }
18
+
19
+ .wphttps-message-wrap {
20
+ position: fixed;
21
+ bottom: 50%;
22
+ left: 50%;
23
+ margin-left: -25%;
24
+ width: 50%;
25
+ z-index: 10;
26
+ text-align: center;
27
+ }
28
+
29
+ #message {
30
+ margin: 15px 0 0 0;
31
+ }
32
+ #message p {
33
+ line-height: 100%;
34
+ }
35
+
36
+ img.loading {
37
+ display: block;
38
+ position: absolute;
39
+ top: 7px;
40
+ right: 7px;
41
+ }
42
+
43
+ img.waiting {
44
+ display: none;
45
+ }
46
+ img#submit-waiting {
47
+ vertical-align: middle;
48
+ margin-left: 5px;
49
+ }
50
+
51
+ #wphttps-donate-link img {
52
+ display: block;
53
+ margin: 5px auto 13px auto;
54
+ }
55
+
56
+ #wordpress-https_settings input[type="text"] {
57
+ margin: -5px 0 0 0;
58
+ }
59
+ #wordpress-https_settings input[type="checkbox"] {
60
+ margin: 7px 0 0 0;
61
+ vertical-align: bottom;
62
+ }
63
+ #wordpress-https_settings table tr td,
64
+ #wordpress-https_settings table tr th {
65
+ line-height: 1em;
66
+ padding: 10px;
67
+ }
68
+ #wordpress-https_settings table tr td {
69
+ padding: 2px 0 0 0;
70
+ }
71
+ #wordpress-https_settings table tr td:first-child {
72
+ padding-top: 0;
73
+ }
74
+ #wordpress-https_settings table th {
75
+ width: 140px;
76
+ line-height: 32px;
77
+ padding: 0;
78
+ }
79
+ #wordpress-https_settings #settings-reset {
80
+ float: left;
81
+ margin-right: 10px;
82
+ }
83
+ #wordpress-https_settings #ssl_port_label {
84
+ display: inline-block;
85
+ padding-top: 10px;
86
+ }
87
+ #wordpress-https_settings #ssl_host {
88
+ width: 70%;
89
+ }
90
+ #exclusive_https_row label {
91
+ padding-top: 5px;
92
+ }
admin/js/metabox.php ADDED
@@ -0,0 +1,33 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ $include_paths = array(
4
+ get_include_path(),
5
+ realpath(dirname(__FILE__) . '/../../../../..'),
6
+ realpath(dirname(__FILE__) . '/../../lib')
7
+ );
8
+ set_include_path(implode(PATH_SEPARATOR, $include_paths));
9
+ require_once('wp-load.php');
10
+ require_once('WordPressHTTPS.php');
11
+
12
+ // Disable errors
13
+ error_reporting(0);
14
+
15
+ // Set headers
16
+ header("Status: 200");
17
+ header("HTTP/1.1 200 OK");
18
+ header('Content-Type: text/html');
19
+ header('Cache-Control: no-store, no-cache, must-revalidate');
20
+ header('Cache-Control: post-check=0, pre-check=0', FALSE);
21
+ header('Pragma: no-cache');
22
+ header("Vary: Accept-Encoding");
23
+
24
+ if ( ! wp_verify_nonce($_POST['nonce'], $_POST['id']) ) {
25
+ exit;
26
+ }
27
+
28
+ $content = WordPressHTTPS_Url::fromString( $_POST['url'] )->getContent();
29
+
30
+ if ( $content ) {
31
+ echo $content;
32
+ }
33
+ ?>
admin/templates/metabox/ajax.php ADDED
@@ -0,0 +1,23 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ $nonce = wp_create_nonce($metabox['id']);
3
+ ?><script type="text/javascript">
4
+ jQuery(document).ready(function($) {
5
+ var loading = $('<img alt="Loading..." src="<?php echo admin_url('/images/wpspin_light.gif'); ?>" class="loading" />');
6
+
7
+ $('#<?php echo $metabox['id']; ?> .handlediv').append( loading );
8
+ $('#<?php echo $metabox['id']; ?> .handlediv .loading').fadeIn('fast');
9
+ $.ajax({
10
+ type: 'post',
11
+ url: '<?php echo parse_url((( $this->getPlugin()->isSsl() ) ? $this->getPlugin()->makeUrlHttps($this->getPlugin()->getPluginUrl()) : $this->getPlugin()->getPluginUrl()), PHP_URL_PATH); ?>/admin/js/metabox.php',
12
+ data: {
13
+ id : '<?php echo $metabox['id']; ?>',
14
+ url : '<?php echo $metabox['args']['url']; ?>',
15
+ nonce : '<?php echo $nonce; ?>'
16
+ },
17
+ success: function(response) {
18
+ $('#<?php echo $metabox['id']; ?> .inside').html(response);
19
+ $('#<?php echo $metabox['id']; ?> .handlediv .loading').fadeIn(0).fadeOut('fast');
20
+ }
21
+ });
22
+ });
23
+ </script>
admin/templates/metabox/post.php ADDED
@@ -0,0 +1,28 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ global $post;
3
+
4
+ if ( $post->ID ) {
5
+ $force_ssl = get_post_meta($post->ID, 'force_ssl', true);
6
+ $force_ssl_children = get_post_meta($post->ID, 'force_ssl_children', true);
7
+ $postParent = $post;
8
+ while ( $postParent->post_parent ) {
9
+ $postParent = get_post( $postParent->post_parent );
10
+ if ( get_post_meta($postParent->ID, 'force_ssl_children', true) == 1 ) {
11
+ $parent_force_ssl_children = get_post($postParent->ID);
12
+ break;
13
+ }
14
+ }
15
+ }
16
+
17
+ wp_nonce_field($this->getPlugin()->getSlug(), $this->getPlugin()->getSlug());
18
+ ?>
19
+
20
+ <div class="misc-pub-section">
21
+ <?php if ( isset($parent_force_ssl_children) ) { ?>
22
+ <input type="hidden" value="<?php echo ( $force_ssl ? 1 : 0 ); ?>" name="force_ssl" />
23
+ <?php } ?>
24
+ <label<?php echo ( isset($parent_force_ssl_children) ? ' title="This post\'s parent page \'' . $parent_force_ssl_children->post_title . '\' has \'Secure child posts\' enabled."' : '' ); ?>><input type="checkbox" value="1" name="force_ssl" <?php echo ( $force_ssl ? ' checked="checked"' : '' ); ?><?php echo ( isset($parent_force_ssl_children) ? ' disabled="disabled="' : '' ); ?> /> Secure post</label>
25
+ </div>
26
+ <div class="misc-pub-section misc-pub-section-last">
27
+ <label><input type="checkbox" value="1" name="force_ssl_children" <?php echo ( $force_ssl_children ? ' checked="checked"' : '' ); ?> /> Secure child posts</label>
28
+ </div>
admin/templates/metabox/settings.php ADDED
@@ -0,0 +1,102 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ $count = 1; // Used to restrict str_replace count
3
+ $ssl_host = clone $this->getPlugin()->getHttpsUrl();
4
+ $ssl_host = $ssl_host->setPort('')->setScheme('')->toString();
5
+ $ssl_host = str_replace($this->getPlugin()->getHttpUrl()->getPath(), '', $ssl_host, $count);
6
+ $ssl_host = rtrim($ssl_host, '/');
7
+ ?>
8
+ <form name="form" id="<?php echo $this->getPlugin()->getSlug(); ?>" method="post">
9
+ <?php settings_fields($this->getPlugin()->getSlug()); ?>
10
+
11
+ <table class="form-table">
12
+ <tr valign="top" id="ssl_host_row">
13
+ <th scope="row">SSL Host</th>
14
+ <td>
15
+ <fieldset>
16
+ <label for="ssl_host" id="ssl_host_label">
17
+ <input name="ssl_host" type="text" id="ssl_host" class="regular-text code" value="<?php echo $ssl_host; ?>" />
18
+ </label>
19
+ <label for="ssl_port" id="ssl_port_label">Port
20
+ <input name="ssl_port" type="text" id="ssl_port" class="small-text" value="<?php echo $this->getPlugin()->getSetting('ssl_port'); ?>" />
21
+ </label>
22
+ </fieldset>
23
+ </td>
24
+ </tr>
25
+ <tr valign="top" id="exclusive_https_row">
26
+ <th scope="row">Force SSL Exclusively</th>
27
+ <td>
28
+ <fieldset>
29
+ <label for="exclusive_https">
30
+ <input type="hidden" name="exclusive_https" value="0" />
31
+ <input name="exclusive_https" type="checkbox" id="exclusive_https" value="1"<?php echo (($this->getPlugin()->getSetting('exclusive_https')) ? ' checked="checked"' : ''); ?> />
32
+ Posts and pages without <a href="<?php echo parse_url($this->getPlugin()->getPluginUrl(), PHP_URL_PATH); ?>/screenshot-2.png" class="thickbox">Force SSL</a> enabled will be redirected to HTTP.
33
+ </label>
34
+ </fieldset>
35
+ </td>
36
+ </tr>
37
+ <tr valign="top" id="ssl_admin_row">
38
+ <th scope="row">Force SSL Administration</th>
39
+ <td>
40
+ <fieldset>
41
+ <label for="ssl_admin">
42
+ <input type="hidden" name="ssl_admin" value="0" />
43
+ <input name="ssl_admin" type="checkbox" id="ssl_admin" value="1"<?php echo (($this->getPlugin()->getSetting('ssl_admin')) ? ' checked="checked"' : ''); ?><?php echo ((force_ssl_admin()) ? ' disabled="disabled" title="FORCE_SSL_ADMIN is true in wp-config.php"' : ''); ?> />
44
+ </label>
45
+ </fieldset>
46
+ </td>
47
+ </tr>
48
+ <tr valign="top" id="frontpage_row">
49
+ <th scope="row">Secure Front Page</th>
50
+ <td>
51
+ <fieldset>
52
+ <label for="frontpage">
53
+ <input type="hidden" name="frontpage" value="0" />
54
+ <input name="frontpage" type="checkbox" id="frontpage" value="1"<?php echo (($this->getPlugin()->getSetting('frontpage')) ? ' checked="checked"' : ''); ?> />
55
+ </label>
56
+ </fieldset>
57
+ </td>
58
+ </tr>
59
+ <tr valign="top" id="debug_row">
60
+ <th scope="row">Debug Mode</th>
61
+ <td>
62
+ <fieldset>
63
+ <label for="debug">
64
+ <input type="hidden" name="debug" value="0" />
65
+ <input name="debug" type="checkbox" id="debug" value="1"<?php echo (($this->getPlugin()->getSetting('debug')) ? ' checked="checked"' : ''); ?> />
66
+ Outputs debug information to the browser's console.
67
+ </label>
68
+ </fieldset>
69
+ </td>
70
+ </tr>
71
+ </table>
72
+
73
+ <input type="hidden" name="action" value="save" />
74
+ <input type="hidden" name="ssl_host_subdomain" value="<?php echo (($this->getPlugin()->getSetting('ssl_host_subdomain') != 1) ? 0 : 1); ?>" />
75
+ <input type="hidden" name="ssl_host_diff" value="<?php echo (($this->getPlugin()->getSetting('ssl_host_diff') != 1) ? 0 : 1); ?>" />
76
+
77
+ <p class="button-controls">
78
+ <input type="submit" name="Submit" value="Save Changes" class="button-primary" id="settings-save" />
79
+ <input type="submit" name="Reset" value="Reset" class="button-secondary" id="settings-reset" />
80
+ <img alt="Waiting..." src="<?php echo admin_url('/images/wpspin_light.gif'); ?>" class="waiting" id="submit-waiting" />
81
+ </p>
82
+ </form>
83
+ <script type="text/javascript">
84
+ jQuery(document).ready(function($) {
85
+ $('#<?php echo $this->getPlugin()->getSlug(); ?>').submit(function() {
86
+ $('#submit-waiting').show();
87
+ }).ajaxForm({
88
+ data: { ajax: '1'},
89
+ success: function(responseText, textStatus, XMLHttpRequest) {
90
+ $('#submit-waiting').hide();
91
+ $('#message-body').html(responseText).fadeOut(0).fadeIn().delay(5000).fadeOut();
92
+ }
93
+ });
94
+
95
+ $('#settings-reset').click(function(e, el) {
96
+ if ( ! confirm('Are you sure you want to reset all WordPress HTTPS settings?') ) {
97
+ e.preventDefault();
98
+ return false;
99
+ }
100
+ });
101
+ });
102
+ </script>
admin/templates/settings.php ADDED
@@ -0,0 +1,23 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ require_once('includes/template.php'); // WordPress Dashboard Functions
3
+ ?>
4
+
5
+ <div class="wphttps-message-wrap" id="message-wrap"><div id="message-body"></div></div>
6
+
7
+ <div class="wrap" id="wphttps-main">
8
+ <div id="icon-options-https" class="icon32"><br /></div>
9
+ <h2>HTTPS</h2>
10
+
11
+ <?php
12
+ wp_nonce_field('closedpostboxes', 'closedpostboxesnonce', false );
13
+ wp_nonce_field('meta-box-order', 'meta-box-order-nonce', false );
14
+ ?>
15
+ <div id="poststuff" class="columns metabox-holder">
16
+ <div class="postbox-container column-primary">
17
+ <?php do_meta_boxes('toplevel_page_' . $this->getPlugin()->getSlug(), 'main', $this); ?>
18
+ </div>
19
+ <div class="postbox-container column-secondary">
20
+ <?php do_meta_boxes('toplevel_page_' . $this->getPlugin()->getSlug(), 'side', $this); ?>
21
+ </div>
22
+ </div>
23
+ </div>
css/admin.css DELETED
@@ -1,161 +0,0 @@
1
- div#wphttps-main div#post-body {
2
- overflow: hidden;
3
- }
4
-
5
- form#wordpress-https {
6
- float: left;
7
- margin-top: 15px;
8
- }
9
- form#wordpress-https h3 {
10
- margin-bottom: .5em;
11
- }
12
- form#wordpress-https input[type="text"] {
13
- margin: -5px 0 0 0;
14
- }
15
- form#wordpress-https input[type="checkbox"] {
16
- margin: 0;
17
- }
18
- form#wordpress-https table tr td,
19
- form#wordpress-https table tr th {
20
- line-height: 1em;
21
- padding: 10px;
22
- }
23
- form#wordpress-https table tr td {
24
- padding: 10px 0 0 0;
25
- }
26
- form#wordpress-https #settings-reset {
27
- float: left;
28
- margin-right: 10px;
29
- }
30
-
31
- div#wphttps-sidebar {
32
- margin: 20px 0 0 -300px;
33
- clear: right;
34
- float: right;
35
- width: 300px;
36
- }
37
- div#wphttps-sidebar div.wphttps-widget {
38
- margin: 0 auto 20px auto;
39
- width: 285px;
40
- }
41
-
42
- div.wphttps-widget h3 {
43
- cursor: auto !important;
44
- }
45
-
46
- div.wphttps-widget-content {
47
- background: #F1F1F1;
48
- padding: 5px 20px;
49
- border-bottom-left-radius: 8px;
50
- border-bottom-right-radius: 8px;
51
- -moz-border-radius-bottomleft: 8px;
52
- -moz-border-radius-bottomright: 8px;
53
- border: 1px solid #DDD;
54
- border-top: 0;
55
- }
56
- div.wphttps-widget h3 {
57
- font-size: 13px;
58
- height: 19px;
59
- margin: 0;
60
- overflow: hidden;
61
- padding: 5px 12px;
62
- white-space: nowrap;
63
- background: url(images/widget-title.png) repeat-x;
64
- border: 1px solid #636363;
65
- border-bottom: 0;
66
- border-top-left-radius: 8px;
67
- border-top-right-radius: 8px;
68
- -moz-border-radius-topleft:8px;
69
- -moz-border-radius-topright:8px;
70
- color: #FFF;
71
- text-shadow: 0 -1px 0 #3F3F3F;
72
- }
73
-
74
- div.wphttps-widget#wphttps-warnings h3 {
75
- background: url(images/widget-title-red.png) repeat-x;
76
- border-color: #7B4A4A;
77
- text-shadow: 0 -1px 0 #4E2F2F;
78
- }
79
- div.wphttps-widget#wphttps-warnings div.wphttps-widget-content {
80
- border-color: #E5D4D4;
81
- background-color: #F4EDED;
82
- color: #3F2626;
83
- word-wrap: break-word;
84
- }
85
-
86
- div.wphttps-widget#wphttps-warnings .warning-help {
87
- background: url(images/help.png) no-repeat 50% 50%;
88
- }
89
-
90
- div.wphttps-widget#wphttps-updates img#updates-loading {
91
- display: block;
92
- margin: 1em auto;
93
- }
94
-
95
- div.wphttps-widget#wphttps-donate a#wphttps-donate-link {
96
- display: block;
97
- margin: 0 auto 10px auto;
98
- width: 74px;
99
- height: 21px;
100
- }
101
-
102
- .wphttps-icon {
103
- display: inline-block;
104
- height: 16px;
105
- width: 16px;
106
- overflow: hidden;
107
- text-indent: -1000em;
108
- vertical-align: top;
109
- padding: 0 3px;
110
- cursor: pointer;
111
- }
112
-
113
- div.wphttps-message-wrap {
114
- position: fixed;
115
- bottom: 50%;
116
- left: 50%;
117
- margin-left: -25%;
118
- width: 50%;
119
- z-index: 10;
120
- text-align: center;
121
- }
122
-
123
- div#message {
124
- margin: 15px 0 0 0;
125
- }
126
- div#message p {
127
- line-height: 100%;
128
- }
129
-
130
- .wphttps-warning {
131
- display: none;
132
- }
133
-
134
- div#wphttps-main img.waiting {
135
- display: none;
136
- }
137
- div#wphttps-main img#submit-waiting {
138
- vertical-align: middle;
139
- margin-left: 5px;
140
- }
141
-
142
- #wphttps-tooltip {
143
- position: absolute;
144
- z-index: 3000;
145
- border: 1px solid #DDD;
146
- background-color: #FFF;
147
- padding: 5px;
148
- font-size: 13px;
149
- max-width: 350px;
150
- }
151
- .wphttps-tooltip-body {
152
- display: none;
153
- }
154
-
155
- /* Post Edit Page */
156
- .branch-3-2 .misc-pub-section-last {
157
- border-bottom-width: 1px;
158
- }
159
- .misc-pub-section-wphttps {
160
- border-bottom-width: 0;
161
- }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
css/images/help.png DELETED
Binary file
css/images/widget-title-red.png DELETED
Binary file
css/images/widget-title.png DELETED
Binary file
css/images/wpspin_light.gif DELETED
Binary file
js/admin.php DELETED
@@ -1,72 +0,0 @@
1
- <?php
2
- /** Loads the WordPress Environment */
3
- require('../../../../wp-blog-header.php');
4
-
5
- // Disable errors
6
- error_reporting(0);
7
-
8
- // Set headers
9
- header("Status: 200");
10
- header("HTTP/1.1 200 OK");
11
- header('Content-Type: application/javascript');
12
- header('Cache-Control: no-store, no-cache, must-revalidate');
13
- header('Cache-Control: post-check=0, pre-check=0', FALSE);
14
- header('Pragma: no-cache');
15
- header("Vary: Accept-Encoding");
16
-
17
- ?>
18
- jQuery(document).ready(function($) {
19
- $('#message-body').fadeOut();
20
-
21
- $('#wordpress-https').submit(function() {
22
- $('#submit-waiting').show();
23
- });
24
-
25
- var options = {
26
- data: { ajax: '1'},
27
- success: function(responseText, textStatus, XMLHttpRequest) {
28
- $('#submit-waiting').hide();
29
- $('#message-body').html(responseText);
30
- $('#message-body').fadeIn().animate({opacity: 1.0}, 5000).fadeOut();
31
- }
32
- };
33
-
34
- $('#wordpress-https').ajaxForm(options);
35
-
36
- $('#settings-reset').click(function(e, el) {
37
- if ( confirm('Are you sure you want to reset all WordPress HTTPS settings?') ) {
38
- $(this).parents('form').submit();
39
- } else {
40
- e.preventDefault();
41
- return false;
42
- }
43
- });
44
-
45
- $('#wphttps-updates .wphttps-widget-content').load('<?php echo parse_url($wordpress_https->plugin_url, PHP_URL_PATH); ?>/js/updates.php');
46
-
47
- $.ajax({
48
- url: '<?php echo parse_url($wordpress_https->plugin_url, PHP_URL_PATH); ?>/js/sidebar.php',
49
- success: function(response) {
50
- $('#wphttps-sidebar').append(response);
51
- }
52
- });
53
-
54
- function resize() {
55
- $('#wphttps-main').width( $('#wphttps-main').parent().width() - ($('#wphttps-sidebar').width() + 15));
56
- }
57
-
58
- $(window).resize(function() {
59
- resize();
60
- });
61
- resize();
62
-
63
- $('#wphttps-warnings .warning-help').tooltip({
64
- id: 'wphttps-tooltip',
65
- delay: 0,
66
- showURL: false,
67
- positionLeft: true,
68
- bodyHandler: function() {
69
- return $($(this).attr("href")).html();
70
- }
71
- });
72
- });
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
js/jquery.form.js DELETED
@@ -1,10 +0,0 @@
1
- /*!
2
- jQuery Form Plugin
3
- version: 2.47 (04-SEP-2010)
4
- @requires jQuery v1.3.2 or later
5
-
6
- Examples and documentation at: http://malsup.com/jquery/form/
7
- Dual licensed under the MIT and GPL licenses:
8
- http://www.opensource.org/licenses/mit-license.php
9
- http://www.gnu.org/licenses/gpl.html
10
- */;(function($){$.fn.ajaxSubmit=function(options){if(!this.length){log('ajaxSubmit: skipping submit process - no element selected');return this;}if(typeof options=='function'){options={success:options};}var url=$.trim(this.attr('action'));if(url){url=(url.match(/^([^#]+)/)||[])[1];}url=url||window.location.href||'';options=$.extend(true,{url:url,type:this.attr('method')||'GET',iframeSrc:/^https/i.test(window.location.href||'')?'javascript:false':'about:blank'},options);var veto={};this.trigger('form-pre-serialize',[this,options,veto]);if(veto.veto){log('ajaxSubmit: submit vetoed via form-pre-serialize trigger');return this;}if(options.beforeSerialize&&options.beforeSerialize(this,options)===false){log('ajaxSubmit: submit aborted via beforeSerialize callback');return this;}var n,v,a=this.formToArray(options.semantic);if(options.data){options.extraData=options.data;for(n in options.data){if(options.data[n]instanceof Array){for(var k in options.data[n]){a.push({name:n,value:options.data[n][k]});}}else{v=options.data[n];v=$.isFunction(v)?v():v;a.push({name:n,value:v});}}}if(options.beforeSubmit&&options.beforeSubmit(a,this,options)===false){log('ajaxSubmit: submit aborted via beforeSubmit callback');return this;}this.trigger('form-submit-validate',[a,this,options,veto]);if(veto.veto){log('ajaxSubmit: submit vetoed via form-submit-validate trigger');return this;}var q=$.param(a);if(options.type.toUpperCase()=='GET'){options.url+=(options.url.indexOf('?')>=0?'&':'?')+q;options.data=null;}else{options.data=q;}var $form=this,callbacks=[];if(options.resetForm){callbacks.push(function(){$form.resetForm();});}if(options.clearForm){callbacks.push(function(){$form.clearForm();});}if(!options.dataType&&options.target){var oldSuccess=options.success||function(){};callbacks.push(function(data){var fn=options.replaceTarget?'replaceWith':'html';$(options.target)[fn](data).each(oldSuccess,arguments);});}else if(options.success){callbacks.push(options.success);}options.success=function(data,status,xhr){var context=options.context||options;for(var i=0,max=callbacks.length;i<max;i++){callbacks[i].apply(context,[data,status,xhr||$form,$form]);}};var fileInputs=$('input:file',this).length>0;var mp='multipart/form-data';var multipart=($form.attr('enctype')==mp||$form.attr('encoding')==mp);if(options.iframe!==false&&(fileInputs||options.iframe||multipart)){if(options.closeKeepAlive){$.get(options.closeKeepAlive,fileUpload);}else{fileUpload();}}else{$.ajax(options);}this.trigger('form-submit-notify',[this,options]);return this;function fileUpload(){var form=$form[0];if($(':input[name=submit],:input[id=submit]',form).length){alert('Error: Form elements must not have name or id of "submit".');return;}var s=$.extend(true,{},$.ajaxSettings,options);s.context=s.context||s;var id='jqFormIO'+(new Date().getTime()),fn='_'+id;window[fn]=function(){var f=$io.data('form-plugin-onload');if(f){f();window[fn]=undefined;try{delete window[fn];}catch(e){}}}var $io=$('<iframe id="'+id+'" name="'+id+'" src="'+s.iframeSrc+'" onload="window[\'_\'+this.id]()" />');var io=$io[0];$io.css({position:'absolute',top:'-1000px',left:'-1000px'});var xhr={aborted:0,responseText:null,responseXML:null,status:0,statusText:'n/a',getAllResponseHeaders:function(){},getResponseHeader:function(){},setRequestHeader:function(){},abort:function(){this.aborted=1;$io.attr('src',s.iframeSrc);}};var g=s.global;if(g&&!$.active++){$.event.trigger("ajaxStart");}if(g){$.event.trigger("ajaxSend",[xhr,s]);}if(s.beforeSend&&s.beforeSend.call(s.context,xhr,s)===false){if(s.global){$.active--;}return;}if(xhr.aborted){return;}var cbInvoked=false;var timedOut=0;var sub=form.clk;if(sub){var n=sub.name;if(n&&!sub.disabled){s.extraData=s.extraData||{};s.extraData[n]=sub.value;if(sub.type=="image"){s.extraData[n+'.x']=form.clk_x;s.extraData[n+'.y']=form.clk_y;}}}function doSubmit(){var t=$form.attr('target'),a=$form.attr('action');form.setAttribute('target',id);if(form.getAttribute('method')!='POST'){form.setAttribute('method','POST');}if(form.getAttribute('action')!=s.url){form.setAttribute('action',s.url);}if(!s.skipEncodingOverride){$form.attr({encoding:'multipart/form-data',enctype:'multipart/form-data'});}if(s.timeout){setTimeout(function(){timedOut=true;cb();},s.timeout);}var extraInputs=[];try{if(s.extraData){for(var n in s.extraData){extraInputs.push($('<input type="hidden" name="'+n+'" value="'+s.extraData[n]+'" />').appendTo(form)[0]);}}$io.appendTo('body');$io.data('form-plugin-onload',cb);form.submit();}finally{form.setAttribute('action',a);if(t){form.setAttribute('target',t);}else{$form.removeAttr('target');}$(extraInputs).remove();}}if(s.forceSync){doSubmit();}else{setTimeout(doSubmit,10);}var data,doc,domCheckCount=50;function cb(){if(cbInvoked){return;}$io.removeData('form-plugin-onload');var ok=true;try{if(timedOut){throw'timeout';}doc=io.contentWindow?io.contentWindow.document:io.contentDocument?io.contentDocument:io.document;var isXml=s.dataType=='xml'||doc.XMLDocument||$.isXMLDoc(doc);log('isXml='+isXml);if(!isXml&&window.opera&&(doc.body==null||doc.body.innerHTML=='')){if(--domCheckCount){log('requeing onLoad callback, DOM not available');setTimeout(cb,250);return;}}cbInvoked=true;xhr.responseText=doc.documentElement?doc.documentElement.innerHTML:null;xhr.responseXML=doc.XMLDocument?doc.XMLDocument:doc;xhr.getResponseHeader=function(header){var headers={'content-type':s.dataType};return headers[header];};var scr=/(json|script)/.test(s.dataType);if(scr||s.textarea){var ta=doc.getElementsByTagName('textarea')[0];if(ta){xhr.responseText=ta.value;}else if(scr){var pre=doc.getElementsByTagName('pre')[0];if(pre){xhr.responseText=pre.innerHTML;}}}else if(s.dataType=='xml'&&!xhr.responseXML&&xhr.responseText!=null){xhr.responseXML=toXml(xhr.responseText);}data=$.httpData(xhr,s.dataType);}catch(e){log('error caught:',e);ok=false;xhr.error=e;$.handleError(s,xhr,'error',e);}if(ok){s.success.call(s.context,data,'success',xhr);if(g){$.event.trigger("ajaxSuccess",[xhr,s]);}}if(g){$.event.trigger("ajaxComplete",[xhr,s]);}if(g&&!--$.active){$.event.trigger("ajaxStop");}if(s.complete){s.complete.call(s.context,xhr,ok?'success':'error');}setTimeout(function(){$io.removeData('form-plugin-onload');$io.remove();xhr.responseXML=null;},100);}function toXml(s,doc){if(window.ActiveXObject){doc=new ActiveXObject('Microsoft.XMLDOM');doc.async='false';doc.loadXML(s);}else{doc=(new DOMParser()).parseFromString(s,'text/xml');}return(doc&&doc.documentElement&&doc.documentElement.tagName!='parsererror')?doc:null;}}};$.fn.ajaxForm=function(options){if(this.length===0){var o={s:this.selector,c:this.context};if(!$.isReady&&o.s){log('DOM not ready, queuing ajaxForm');$(function(){$(o.s,o.c).ajaxForm(options);});return this;}log('terminating; zero elements found by selector'+($.isReady?'':' (DOM not ready)'));return this;}return this.ajaxFormUnbind().bind('submit.form-plugin',function(e){if(!e.isDefaultPrevented()){e.preventDefault();$(this).ajaxSubmit(options);}}).bind('click.form-plugin',function(e){var target=e.target;var $el=$(target);if(!($el.is(":submit,input:image"))){var t=$el.closest(':submit');if(t.length==0){return;}target=t[0];}var form=this;form.clk=target;if(target.type=='image'){if(e.offsetX!=undefined){form.clk_x=e.offsetX;form.clk_y=e.offsetY;}else if(typeof $.fn.offset=='function'){var offset=$el.offset();form.clk_x=e.pageX-offset.left;form.clk_y=e.pageY-offset.top;}else{form.clk_x=e.pageX-target.offsetLeft;form.clk_y=e.pageY-target.offsetTop;}}setTimeout(function(){form.clk=form.clk_x=form.clk_y=null;},100);});};$.fn.ajaxFormUnbind=function(){return this.unbind('submit.form-plugin click.form-plugin');};$.fn.formToArray=function(semantic){var a=[];if(this.length===0){return a;}var form=this[0];var els=semantic?form.getElementsByTagName('*'):form.elements;if(!els){return a;}var i,j,n,v,el;for(i=0,max=els.length;i<max;i++){el=els[i];n=el.name;if(!n){continue;}if(semantic&&form.clk&&el.type=="image"){if(!el.disabled&&form.clk==el){a.push({name:n,value:$(el).val()});a.push({name:n+'.x',value:form.clk_x},{name:n+'.y',value:form.clk_y});}continue;}v=$.fieldValue(el,true);if(v&&v.constructor==Array){for(j=0,jmax=v.length;j<jmax;j++){a.push({name:n,value:v[j]});}}else if(v!==null&&typeof v!='undefined'){a.push({name:n,value:v});}}if(!semantic&&form.clk){var $input=$(form.clk),input=$input[0];n=input.name;if(n&&!input.disabled&&input.type=='image'){a.push({name:n,value:$input.val()});a.push({name:n+'.x',value:form.clk_x},{name:n+'.y',value:form.clk_y});}}return a;};$.fn.formSerialize=function(semantic){return $.param(this.formToArray(semantic));};$.fn.fieldSerialize=function(successful){var a=[];this.each(function(){var n=this.name;if(!n){return;}var v=$.fieldValue(this,successful);if(v&&v.constructor==Array){for(var i=0,max=v.length;i<max;i++){a.push({name:n,value:v[i]});}}else if(v!==null&&typeof v!='undefined'){a.push({name:this.name,value:v});}});return $.param(a);};$.fn.fieldValue=function(successful){for(var val=[],i=0,max=this.length;i<max;i++){var el=this[i];var v=$.fieldValue(el,successful);if(v===null||typeof v=='undefined'||(v.constructor==Array&&!v.length)){continue;}v.constructor==Array?$.merge(val,v):val.push(v);}return val;};$.fieldValue=function(el,successful){var n=el.name,t=el.type,tag=el.tagName.toLowerCase();if(successful===undefined){successful=true;}if(successful&&(!n||el.disabled||t=='reset'||t=='button'||(t=='checkbox'||t=='radio')&&!el.checked||(t=='submit'||t=='image')&&el.form&&el.form.clk!=el||tag=='select'&&el.selectedIndex==-1)){return null;}if(tag=='select'){var index=el.selectedIndex;if(index<0){return null;}var a=[],ops=el.options;var one=(t=='select-one');var max=(one?index+1:ops.length);for(var i=(one?index:0);i<max;i++){var op=ops[i];if(op.selected){var v=op.value;if(!v){v=(op.attributes&&op.attributes['value']&&!(op.attributes['value'].specified))?op.text:op.value;}if(one){return v;}a.push(v);}}return a;}return $(el).val();};$.fn.clearForm=function(){return this.each(function(){$('input,select,textarea',this).clearFields();});};$.fn.clearFields=$.fn.clearInputs=function(){return this.each(function(){var t=this.type,tag=this.tagName.toLowerCase();if(t=='text'||t=='password'||tag=='textarea'){this.value='';}else if(t=='checkbox'||t=='radio'){this.checked=false;}else if(tag=='select'){this.selectedIndex=-1;}});};$.fn.resetForm=function(){return this.each(function(){if(typeof this.reset=='function'||(typeof this.reset=='object'&&!this.reset.nodeType)){this.reset();}});};$.fn.enable=function(b){if(b===undefined){b=true;}return this.each(function(){this.disabled=!b;});};$.fn.selected=function(select){if(select===undefined){select=true;}return this.each(function(){var t=this.type;if(t=='checkbox'||t=='radio'){this.checked=select;}else if(this.tagName.toLowerCase()=='option'){var $sel=$(this).parent('select');if(select&&$sel[0]&&$sel[0].type=='select-one'){$sel.find('option').selected(false);}this.selected=select;}});};function log(){if($.fn.ajaxSubmit.debug){var msg='[jquery.form] '+Array.prototype.join.call(arguments,'');if(window.console&&window.console.log){window.console.log(msg);}else if(window.opera&&window.opera.postError){window.opera.postError(msg);}}};})(jQuery);
 
 
 
 
 
 
 
 
 
 
js/jquery.tooltip.js DELETED
@@ -1,19 +0,0 @@
1
- /*
2
- * jQuery Tooltip plugin 1.3
3
- *
4
- * http://bassistance.de/jquery-plugins/jquery-plugin-tooltip/
5
- * http://docs.jquery.com/Plugins/Tooltip
6
- *
7
- * Copyright (c) 2006 - 2008 J�rn Zaefferer
8
- *
9
- * $Id: jquery.tooltip.js 5741 2008-06-21 15:22:16Z joern.zaefferer $
10
- *
11
- * Dual licensed under the MIT and GPL licenses:
12
- * http://www.opensource.org/licenses/mit-license.php
13
- * http://www.gnu.org/licenses/gpl.html
14
- */;(function($){var helper={},current,title,tID,IE=$.browser.msie&&/MSIE\s(5\.5|6\.)/.test(navigator.userAgent),track=false;$.tooltip={blocked:false,defaults:{delay:200,fade:false,showURL:true,extraClass:"",top:15,left:15,id:"tooltip"},block:function(){$.tooltip.blocked=!$.tooltip.blocked;}};$.fn.extend({tooltip:function(settings){settings=$.extend({},$.tooltip.defaults,settings);createHelper(settings);return this.each(function(){$.data(this,"tooltip",settings);this.tOpacity=helper.parent.css("opacity");this.tooltipText=this.title;$(this).removeAttr("title");this.alt="";}).mouseover(save).mouseout(hide).click(hide);},fixPNG:IE?function(){return this.each(function(){var image=$(this).css('backgroundImage');if(image.match(/^url\(["']?(.*\.png)["']?\)$/i)){image=RegExp.$1;$(this).css({'backgroundImage':'none','filter':"progid:DXImageTransform.Microsoft.AlphaImageLoader(enabled=true, sizingMethod=crop, src='"+image+"')"}).each(function(){var position=$(this).css('position');if(position!='absolute'&&position!='relative')$(this).css('position','relative');});}});}:function(){return this;},unfixPNG:IE?function(){return this.each(function(){$(this).css({'filter':'',backgroundImage:''});});}:function(){return this;},hideWhenEmpty:function(){return this.each(function(){$(this)[$(this).html()?"show":"hide"]();});},url:function(){return this.attr('href')||this.attr('src');}});function createHelper(settings){if(helper.parent)return;helper.parent=$('<div id="'+settings.id+'"><h3></h3><div class="body"></div><div class="url"></div></div>').appendTo(document.body).hide();if($.fn.bgiframe)helper.parent.bgiframe();helper.title=$('h3',helper.parent);helper.body=$('div.body',helper.parent);helper.url=$('div.url',helper.parent);}function settings(element){return $.data(element,"tooltip");}function handle(event){if(settings(this).delay)tID=setTimeout(show,settings(this).delay);else
15
- show();track=!!settings(this).track;$(document.body).bind('mousemove',update);update(event);}function save(){if($.tooltip.blocked||this==current||(!this.tooltipText&&!settings(this).bodyHandler))return;current=this;title=this.tooltipText;if(settings(this).bodyHandler){helper.title.hide();var bodyContent=settings(this).bodyHandler.call(this);if(bodyContent.nodeType||bodyContent.jquery){helper.body.empty().append(bodyContent)}else{helper.body.html(bodyContent);}helper.body.show();}else if(settings(this).showBody){var parts=title.split(settings(this).showBody);helper.title.html(parts.shift()).show();helper.body.empty();for(var i=0,part;(part=parts[i]);i++){if(i>0)helper.body.append("<br/>");helper.body.append(part);}helper.body.hideWhenEmpty();}else{helper.title.html(title).show();helper.body.hide();}if(settings(this).showURL&&$(this).url())helper.url.html($(this).url().replace('http://','')).show();else
16
- helper.url.hide();helper.parent.addClass(settings(this).extraClass);if(settings(this).fixPNG)helper.parent.fixPNG();handle.apply(this,arguments);}function show(){tID=null;if((!IE||!$.fn.bgiframe)&&settings(current).fade){if(helper.parent.is(":animated"))helper.parent.stop().show().fadeTo(settings(current).fade,current.tOpacity);else
17
- helper.parent.is(':visible')?helper.parent.fadeTo(settings(current).fade,current.tOpacity):helper.parent.fadeIn(settings(current).fade);}else{helper.parent.show();}update();}function update(event){if($.tooltip.blocked)return;if(event&&event.target.tagName=="OPTION"){return;}if(!track&&helper.parent.is(":visible")){$(document.body).unbind('mousemove',update)}if(current==null){$(document.body).unbind('mousemove',update);return;}helper.parent.removeClass("viewport-right").removeClass("viewport-bottom");var left=helper.parent[0].offsetLeft;var top=helper.parent[0].offsetTop;if(event){left=event.pageX+settings(current).left;top=event.pageY+settings(current).top;var right='auto';if(settings(current).positionLeft){right=$(window).width()-left;left='auto';}helper.parent.css({left:left,right:right,top:top});}var v=viewport(),h=helper.parent[0];if(v.x+v.cx<h.offsetLeft+h.offsetWidth){left-=h.offsetWidth+20+settings(current).left;helper.parent.css({left:left+'px'}).addClass("viewport-right");}if(v.y+v.cy<h.offsetTop+h.offsetHeight){top-=h.offsetHeight+20+settings(current).top;helper.parent.css({top:top+'px'}).addClass("viewport-bottom");}}function viewport(){return{x:$(window).scrollLeft(),y:$(window).scrollTop(),cx:$(window).width(),cy:$(window).height()};}function hide(event){if($.tooltip.blocked)return;if(tID)clearTimeout(tID);current=null;var tsettings=settings(this);function complete(){helper.parent.removeClass(tsettings.extraClass).hide().css("opacity","");}if((!IE||!$.fn.bgiframe)&&tsettings.fade){if(helper.parent.is(':animated'))helper.parent.stop().fadeTo(tsettings.fade,0,complete);else
18
- helper.parent.stop().fadeOut(tsettings.fade,complete);}else
19
- complete();if(settings(this).fixPNG)helper.parent.unfixPNG();}})(jQuery);
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
js/sidebar.php DELETED
@@ -1,24 +0,0 @@
1
- <?php
2
-
3
- require_once('../wordpress-https.php');
4
-
5
- // Disable errors
6
- error_reporting(0);
7
-
8
- // Set headers
9
- header("Status: 200");
10
- header("HTTP/1.1 200 OK");
11
- header('Content-Type: text/html');
12
- header('Cache-Control: no-store, no-cache, must-revalidate');
13
- header('Cache-Control: post-check=0, pre-check=0', FALSE);
14
- header('Pragma: no-cache');
15
- header("Vary: Accept-Encoding");
16
-
17
- $url = 'http://mvied.com/wphttps-sidebar.html';
18
-
19
- $content = WordPressHTTPS::get_file_contents($url);
20
-
21
- if ($content) {
22
- echo $content;
23
- }
24
- ?>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
js/updates.php DELETED
@@ -1,26 +0,0 @@
1
- <?php
2
-
3
- require_once('../wordpress-https.php');
4
-
5
- // Disable errors
6
- error_reporting(0);
7
-
8
- // Set headers
9
- header("Status: 200");
10
- header("HTTP/1.1 200 OK");
11
- header('Content-Type: text/html');
12
- header('Cache-Control: no-store, no-cache, must-revalidate');
13
- header('Cache-Control: post-check=0, pre-check=0', FALSE);
14
- header('Pragma: no-cache');
15
- header("Vary: Accept-Encoding");
16
-
17
- $url = 'http://mvied.com/wphttps-updates.html';
18
-
19
- $content = WordPressHTTPS::get_file_contents($url);
20
-
21
- if ($content) {
22
- echo $content;
23
- } else {
24
- echo "<p class=\"error\">Unable to retrieve updates.</p>";
25
- }
26
- ?>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
lib/WordPressHTTPS.php ADDED
@@ -0,0 +1,299 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ /**
3
+ * WordPressHTTPS Class for the WordPress plugin WordPress HTTPS
4
+ *
5
+ * @author Mike Ems
6
+ * @package WordPressHTTPS
7
+ *
8
+ */
9
+ class WordPressHTTPS extends WordPressHTTPS_Plugin {
10
+
11
+ /**
12
+ * HTTP URL
13
+ *
14
+ * @var WordPressHTTPS_Url
15
+ */
16
+ protected $_http_url;
17
+
18
+ /**
19
+ * HTTPS URL
20
+ *
21
+ * @var WordPressHTTPS_Url
22
+ */
23
+ protected $_https_url;
24
+
25
+ /**
26
+ * Plugin Settings
27
+ *
28
+ * setting_name => default_value
29
+ *
30
+ * @var array
31
+ */
32
+ protected $_settings = array(
33
+ 'ssl_host' => '', // Hostname for SSL Host
34
+ 'ssl_port' => '', // Port number for SSL Host
35
+ 'secure_external_urls' => array(), // Secure external URL's
36
+ 'unsecure_external_urls' => array(), // Unsecure external URL's
37
+ 'ssl_host_diff' => 0, // Is SSL Host different than WordPress host
38
+ 'ssl_host_subdomain' => 0, // Is SSL Host a subdomain of WordPress host
39
+ 'exclusive_https' => 0, // Exclusively force SSL on posts and pages with the `Force SSL` option checked.
40
+ 'frontpage' => 0, // Force SSL on front page
41
+ 'ssl_admin' => 0, // Force SSL Over Administration Panel (The same as FORCE_SSL_ADMIN)
42
+ 'debug' => 0, // Debug Mode
43
+ );
44
+
45
+ /**
46
+ * Set HTTP Url
47
+ *
48
+ * @param string $http_url
49
+ * @return object $this
50
+ */
51
+ public function setHttpUrl( $http_url ) {
52
+ $this->_http_url = $http_url;
53
+ return $this;
54
+ }
55
+
56
+ /**
57
+ * Get HTTP Url
58
+ *
59
+ * @param none
60
+ * @return string
61
+ */
62
+ public function getHttpUrl() {
63
+ return $this->_http_url;
64
+ }
65
+
66
+ /**
67
+ * Set HTTPS Url
68
+ *
69
+ * @param string $https_url
70
+ * @return object $this
71
+ */
72
+ public function setHttpsUrl( $https_url ) {
73
+ $this->_https_url = $https_url;
74
+ return $this;
75
+ }
76
+
77
+ /**
78
+ * Get HTTPS Url
79
+ *
80
+ * @param none
81
+ * @return string
82
+ */
83
+ public function getHttpsUrl() {
84
+ return $this->_https_url;
85
+ }
86
+
87
+ /**
88
+ * Initialize
89
+ *
90
+ * @param none
91
+ * @return void
92
+ */
93
+ public function init() {
94
+ // HTTP URL
95
+ $this->setHttpUrl(WordPressHTTPS_Url::fromString(home_url('/', 'http')));
96
+ // HTTPS URL
97
+ $this->setHttpsUrl(WordPressHTTPS_Url::fromString(home_url('/', 'https')));
98
+
99
+ // If using a different host for SSL
100
+ if ( $this->getSetting('ssl_host') && $this->getSetting('ssl_host') != $this->getHttpsUrl()->toString() ) {
101
+ // Assign HTTPS URL to SSL Host
102
+ $this->setSetting('ssl_host_diff', 1);
103
+ $this->setHttpsUrl(WordPressHTTPS_Url::fromString( $this->getSetting('ssl_host') ));
104
+ } else {
105
+ $this->setSetting('ssl_host_diff', 0);
106
+ }
107
+
108
+ // Add SSL Port to HTTPS URL
109
+ $this->getHttpsUrl()->setPort($this->getSetting('ssl_port'));
110
+
111
+ $this->getLogger()->log('Version: ' . $this->getVersion());
112
+ $this->getLogger()->log('HTTP URL: ' . $this->getHttpUrl());
113
+ $this->getLogger()->log('HTTPS URL: ' . $this->getHttpsUrl());
114
+ $this->getLogger()->log('SSL: ' . ( $this->isSsl() ? 'Yes' : 'No' ));
115
+ $this->getLogger()->log('Diff Host: ' . ( $this->getSetting('ssl_host_diff') ? 'Yes' : 'No' ));
116
+ $this->getLogger()->log('Subdomain: ' . ( $this->getSetting('ssl_host_subdomain') ? 'Yes' : 'No' ));
117
+ $this->getLogger()->log('Proxy: ' . ( isset($_COOKIE['wp_proxy']) && $_COOKIE['wp_proxy'] == 1 ? 'Yes' : 'No') );
118
+ $this->getLogger()->log('Secure External URLs: [ ' . implode(', ', (array)$this->getSetting('secure_external_urls')) . ' ]');
119
+ $this->getLogger()->log('Unsecure External URLs: [ ' . implode(', ', (array)$this->getSetting('unsecure_external_urls')) . ' ]');
120
+
121
+ // Redirect login page. This is not pluggable due to the redirect methods used in wp-login.php
122
+ if ( ( $GLOBALS['pagenow'] == 'wp-login.php' ) ) {
123
+ setcookie(constant('TEST_COOKIE'), 'WP Cookie check', 0);
124
+ if ( $this->getSetting('ssl_admin') && ! $this->isSsl() ) {
125
+ $this->redirect('https');
126
+ }
127
+ }
128
+
129
+ parent::init();
130
+ }
131
+
132
+ /**
133
+ * Install
134
+ *
135
+ * @param none
136
+ * @return void
137
+ */
138
+ public function install() {
139
+ // Add WordPress HTTPS settings to WordPress options
140
+ foreach ( $this->getSettings() as $option => $value ) {
141
+ if ( get_option($option) === false ) {
142
+ add_option($option, $value);
143
+ }
144
+ }
145
+
146
+ // Checks to see if the SSL Host is a subdomain
147
+ $http_domain = $this->getHttpUrl()->getBaseHost();
148
+ $https_domain = $this->getHttpsUrl()->getBaseHost();
149
+
150
+ if ( $this->getHttpsUrl()->setScheme('http') != $this->getHttpUrl() && $http_domain == $https_domain ) {
151
+ $this->setSetting('ssl_host_subdomain', 1);
152
+ }
153
+ }
154
+ /**
155
+ * Is Local URL
156
+ *
157
+ * Determines if URL is local or external
158
+ *
159
+ * @param string $url
160
+ * @return boolean
161
+ */
162
+ public function isUrlLocal($url) {
163
+ $string = $url;
164
+ $url = WordPressHTTPS_Url::fromString($string);
165
+
166
+ if ( $this->getHttpUrl()->getHost() != $url->getHost() && $this->getHttpsUrl()->getHost() != $url->getHost() ) {
167
+ return false;
168
+ } else {
169
+ return true;
170
+ }
171
+ }
172
+
173
+ /**
174
+ * Replaces HTTP Host with HTTPS Host
175
+ *
176
+ * @param string $string
177
+ * @return string $string
178
+ */
179
+ public function makeUrlHttps( $string ) {
180
+ $url = WordPressHTTPS_Url::fromString( $string ); // URL to replace HTTP URL
181
+ if ( $url && $this->isUrlLocal($url) ) {
182
+ $url->setScheme('https');
183
+ $url->setHost($this->getHttpsUrl()->getHost());
184
+ $url->setPort($this->getHttpsUrl()->getPort());
185
+
186
+ $path = $url->getPath();
187
+ if ( $this->getSetting('ssl_host_diff') ) {
188
+ $path = str_replace(rtrim($this->getHttpsUrl()->getPath(), '/'), '', $path);
189
+ $path = str_replace(rtrim($this->getHttpUrl()->getPath(), '/'), '', $path);
190
+ $path = rtrim($this->getHttpsUrl()->getPath(), '/') . '/' . ltrim($path, '/');
191
+ $url->setPath($path);
192
+ }
193
+ return $url;
194
+ } else {
195
+ return $string;
196
+ }
197
+ }
198
+
199
+ /**
200
+ * Replaces HTTPS Host with HTTP Host
201
+ *
202
+ * @param string $string
203
+ * @return string $string
204
+ */
205
+ public function makeUrlHttp( $string ) {
206
+ $url = WordPressHTTPS_Url::fromString( $string ); // URL to replace HTTP URL
207
+ if ( $url && $this->isUrlLocal($url) ) {
208
+ $url->setScheme('http');
209
+ $url->setHost($this->getHttpUrl()->getHost());
210
+ $url->setPort($this->getHttpUrl()->getPort());
211
+
212
+ $path = $url->getPath();
213
+ if ( $this->getSetting('ssl_host_diff') ) {
214
+ $path = str_replace(rtrim($this->getHttpsUrl()->getPath(), '/'), '', $path);
215
+ $path = str_replace(rtrim($this->getHttpUrl()->getPath(), '/'), '', $path);
216
+ $path = rtrim($this->getHttpUrl()->getPath(), '/') . '/' . ltrim($path, '/');
217
+ $url->setPath($path);
218
+ }
219
+ return $url;
220
+ } else {
221
+ return $string;
222
+ }
223
+ }
224
+
225
+ /**
226
+ * Checks if the current page is SSL
227
+ *
228
+ * @param none
229
+ * @return bool
230
+ */
231
+ public function isSsl() {
232
+ // Some extra checks for proxies and Shared SSL
233
+ if ( isset($_COOKIE['wp_proxy']) && $_COOKIE['wp_proxy'] == true ) {
234
+ return true;
235
+ } else if ( is_ssl() && strpos($_SERVER['HTTP_HOST'], $this->getHttpsUrl()->getHost()) === false && $_SERVER['SERVER_ADDR'] != $_SERVER['HTTP_HOST'] ) {
236
+ return false;
237
+ } else if ( isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) == 'https' ) {
238
+ return true;
239
+ } else if ( $this->getSetting('ssl_host_diff') && !is_ssl() && isset($_SERVER['HTTP_X_FORWARDED_SERVER']) && $this->getHttpsUrl()->getHost() == $_SERVER['HTTP_X_FORWARDED_SERVER'] ) {
240
+ return true;
241
+ } else if ( $this->getSetting('ssl_host_diff') && !is_ssl() && $this->getHttpsUrl()->getHost() == $_SERVER['HTTP_HOST'] && ( $this->getHttpsUrl()->getPort() <= 0 || $_SERVER['SERVER_PORT'] == $this->getHttpsUrl()->getPort() ) && strpos($_SERVER['REQUEST_URI'], $this->getHttpsUrl()->getPath()) !== false ) {
242
+ return true;
243
+ }
244
+ return is_ssl();
245
+ }
246
+
247
+ /**
248
+ * Redirects page to HTTP or HTTPS accordingly
249
+ *
250
+ * @param string $scheme Either http or https
251
+ * @return void
252
+ */
253
+ public function redirect( $scheme = 'https' ) {
254
+ if ( !$this->isSsl() && $scheme == 'https' ) {
255
+ $url = clone $this->getHttpsUrl();
256
+ $url->setScheme($scheme);
257
+ } else if ( $this->isSsl() && $scheme == 'http' ) {
258
+ $url = clone $this->getHttpUrl();
259
+ $url->setScheme($scheme);
260
+ } else {
261
+ $url = false;
262
+ }
263
+
264
+ if ( $url ) {
265
+ $path = $_SERVER['REQUEST_URI'];
266
+ $path = '/'. ltrim(str_replace($this->getHttpsUrl()->getPath(), '', $path), '/');
267
+ $path = '/'. ltrim(str_replace($this->getHttpUrl()->getPath(), '', $path), '/');
268
+ $url->setPath(rtrim($url->getPath(), '/') . $path);
269
+
270
+ // Use a cookie to detect redirect loops
271
+ $redirect_count = ( isset($_COOKIE['redirect_count']) && is_numeric($_COOKIE['redirect_count']) ? (int)$_COOKIE['redirect_count']+1 : 1 );
272
+ setcookie('redirect_count', $redirect_count, 0, '/', '.' . $url->getBaseHost());
273
+
274
+ // If redirect count is 3 or higher, prevent redirect and log the redirect loop
275
+ if ( $redirect_count >= 3 ) {
276
+ setcookie('redirect_count', null, -time(), '/', '.' . $url->getBaseHost());
277
+ $this->getLogger()->log('[ERROR] Redirect Loop!');
278
+ // If no redirect loop, continue with redirect...
279
+ } else {
280
+ // Redirect
281
+ if ( function_exists('wp_redirect') ) {
282
+ wp_redirect($url, 301);
283
+ } else {
284
+ // End all output buffering and redirect
285
+ while(@ob_end_clean());
286
+
287
+ // If redirecting to an admin page
288
+ if ( strpos($url->getPath(), 'wp-admin') !== false || strpos($url->getPath(), 'wp-login') !== false ) {
289
+ $url = WordPressHTTPS_Url::fromString($this->getModule('Hooks')->wp_redirect_admin($url));
290
+ }
291
+
292
+ header("Location: " . $url);
293
+ }
294
+ exit();
295
+ }
296
+ }
297
+ }
298
+
299
+ }
lib/WordPressHTTPS/Logger.php ADDED
@@ -0,0 +1,100 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ /**
3
+ * Logger Class for the WordPress plugin WordPress HTTPS.
4
+ *
5
+ * @author Mike Ems
6
+ * @package WordPressHTTPS
7
+ *
8
+ */
9
+
10
+ class WordPressHTTPS_Logger implements WordPressHTTPS_Logger_Interface {
11
+
12
+ /**
13
+ * Instance
14
+ *
15
+ * @var WordPressHTTPS_Logger
16
+ */
17
+ private static $_instance;
18
+
19
+ /**
20
+ * Log Entries
21
+ *
22
+ * @var array
23
+ */
24
+ protected $_log = array();
25
+
26
+ /**
27
+ * Get singleton instance
28
+ *
29
+ * @param none
30
+ * @return WordPressHTTPS_Logger
31
+ */
32
+ public static function getInstance() {
33
+ if ( ! isset(self::$_instance) ) {
34
+ self::$_instance = new self;
35
+ }
36
+ return self::$_instance;
37
+ }
38
+
39
+ /**
40
+ * Get Log
41
+ *
42
+ * @param none
43
+ * @return array
44
+ */
45
+ public function getLog() {
46
+ return $this->_log;
47
+ }
48
+
49
+ /**
50
+ * Adds a string to an array of log entries
51
+ *
52
+ * @param none
53
+ * @return $this
54
+ */
55
+ public function log( $string ) {
56
+ $this->_log[] = $string;
57
+ return $this;
58
+ }
59
+
60
+ /**
61
+ * Console Log
62
+ *
63
+ * Output contents of the log to the browser's console.
64
+ *
65
+ * @param none
66
+ * @return string $code
67
+ */
68
+ public function consoleLog() {
69
+ $code = "<script type=\"text/javascript\">\n\tif ( typeof console === 'object' ) {\n";
70
+ $log = $this->getLog();
71
+ array_unshift($log, '[BEGIN WordPress HTTPS Debug Log]');
72
+ array_push($log, '[END WordPress HTTPS Debug Log]');
73
+ foreach( $log as $log_entry ) {
74
+ if ( is_array($log_entry) ) {
75
+ $log_entry = json_encode($log_entry);
76
+ } else {
77
+ $log_entry = "'" . addslashes($log_entry) . "'";
78
+ }
79
+ $code .= "\t\tconsole.log(" . $log_entry . ");\n";
80
+ }
81
+ $code .= "\t}\n</script>\n";
82
+ return $code;
83
+ }
84
+
85
+ /**
86
+ * File Log
87
+ *
88
+ * Writes the contens of the log to a file
89
+ *
90
+ * @param sring $filename
91
+ * @return int | false
92
+ */
93
+ public function fileLog( $filename = '' ) {
94
+ if ( $filename == '' ) {
95
+ $filename = 'debug.log.txt';
96
+ }
97
+ return file_put_contents($filename, implode("\r\n", $this->getLog()), FILE_APPEND);
98
+ }
99
+
100
+ }
lib/WordPressHTTPS/Logger/Interface.php ADDED
@@ -0,0 +1,36 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ /**
3
+ * Logger Interface
4
+ *
5
+ * @author Mike Ems
6
+ * @package WordPressHTTPS
7
+ *
8
+ */
9
+
10
+ interface WordPressHTTPS_Logger_Interface {
11
+
12
+ /**
13
+ * Get singleton instance
14
+ *
15
+ * @param none
16
+ * @return object
17
+ */
18
+ public static function getInstance();
19
+
20
+ /**
21
+ * Get Log
22
+ *
23
+ * @param none
24
+ * @return array
25
+ */
26
+ public function getLog();
27
+
28
+ /**
29
+ * Adds a string to an array of log entries
30
+ *
31
+ * @param string $string
32
+ * @return $this
33
+ */
34
+ public function log( $string );
35
+
36
+ }
lib/WordPressHTTPS/Module.php ADDED
@@ -0,0 +1,56 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ /**
3
+ * Module Class for the WordPress plugin WordPress HTTPS.
4
+ *
5
+ * Each Module in the project will extend this base Module class. This class provides some
6
+ * special getter and setters. If a method or property is being accessed and does not exist on
7
+ * the current module, the module passes the request up to the Plugin class. The Plugin class
8
+ * has special getter and setters that check each module for a method or property if the plugin
9
+ * does not have that method or property. In essence, these getters and setters allow the developer
10
+ * to access any method or property defined anywhere in the project from any other module auto-magically.
11
+ * Modules can be treated as an independent plugins. Think of them as sub-plugins.
12
+ *
13
+ * If you need to unload a module, just place something like this:
14
+ * $wordpress_https->unloadModule('Hooks');
15
+ * In wordpress-https.php, immediately after:
16
+ * $wordpress_https->loadModules();
17
+ *
18
+ * @author Mike Ems
19
+ * @package WordPressHTTPS
20
+ *
21
+ */
22
+ class WordPressHTTPS_Module {
23
+
24
+ /**
25
+ * Plugin object that this module extends
26
+ *
27
+ * @var WordPressHTTPS
28
+ */
29
+ protected $_plugin;
30
+
31
+ /**
32
+ * Set Plugin
33
+ *
34
+ * @param WordPressHTTPS_Plugin $plugin
35
+ * @return object $this
36
+ */
37
+ public function setPlugin( WordPressHTTPS_Plugin $plugin ) {
38
+ $this->_plugin = $plugin;
39
+ return $this;
40
+ }
41
+
42
+ /**
43
+ * Get Plugin
44
+ *
45
+ * @param none
46
+ * @return WordPressHTTPS_Plugin
47
+ */
48
+ public function getPlugin() {
49
+ if ( ! isset($this->_plugin) ) {
50
+ die('Module ' . __CLASS__ . ' missing Plugin dependency.');
51
+ }
52
+
53
+ return $this->_plugin;
54
+ }
55
+
56
+ }
lib/WordPressHTTPS/Module/Admin.php ADDED
@@ -0,0 +1,91 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ /**
3
+ * Admin Module
4
+ *
5
+ * This module creates the admin panel
6
+ *
7
+ * @author Mike Ems
8
+ * @package WordPressHTTPS
9
+ *
10
+ */
11
+
12
+ class WordPressHTTPS_Module_Admin extends WordPressHTTPS_Module implements WordPressHTTPS_Module_Interface {
13
+
14
+ /**
15
+ * Initialize Module
16
+ *
17
+ * @param none
18
+ * @return void
19
+ */
20
+ public function init() {
21
+ // Add admin menus
22
+ add_action('admin_menu', array(&$this, 'menu'));
23
+
24
+ // Load on plugins page
25
+ if ( $GLOBALS['pagenow'] == 'plugins.php' ) {
26
+ add_filter( 'plugin_row_meta', array(&$this, 'plugin_links'), 10, 2);
27
+ }
28
+
29
+ // Add global admin scripts
30
+ add_action('admin_enqueue_scripts', array(&$this, 'admin_enqueue_scripts'));
31
+
32
+ }
33
+
34
+ /**
35
+ * Adds javascript and stylesheets to admin panel
36
+ * WordPress Hook - admin_enqueue_scripts
37
+ *
38
+ * @param none
39
+ * @return void
40
+ */
41
+ public function admin_enqueue_scripts() {
42
+ wp_enqueue_style($this->getPlugin()->getSlug() . '-admin-global', $this->getPlugin()->getPluginUrl() . '/admin/css/admin.css', $this->getPlugin()->getVersion(), true);
43
+ }
44
+
45
+ /**
46
+ * Admin panel menu option
47
+ * WordPress Hook - admin_menu
48
+ *
49
+ * @param none
50
+ * @return void
51
+ */
52
+ public function menu() {
53
+ add_menu_page('HTTPS', 'HTTPS', 'manage_options', $this->getPlugin()->getSlug(), array($this->getPlugin()->getModule('Admin\Settings'), 'dispatch'), '', 88);
54
+ //remove_submenu_page( $this->getPlugin()->getSlug(), $this->getPlugin()->getSlug() );
55
+ //add_submenu_page($this->getPlugin()->getSlug() . '-menu', 'Updates', 'Updates', 'manage_options', $this->getPlugin()->getSlug() . '-updates', array(&$this, 'dispatch'));
56
+ }
57
+
58
+ /**
59
+ * Renders a meta box
60
+ *
61
+ * @param string $module
62
+ * @param array $metabox
63
+ * @return void
64
+ */
65
+ public function meta_box_render( $module, $metabox = array() ) {
66
+ if ( isset($metabox['args']['metabox']) ) {
67
+ include('admin/templates/metabox/' . $metabox['args']['metabox'] . '.php');
68
+ }
69
+ }
70
+
71
+ /**
72
+ * Plugin links on Manage Plugins page in admin panel
73
+ * WordPress Hook - plugin_row_meta
74
+ *
75
+ * @param array $links
76
+ * @param string $file
77
+ * @return array $links
78
+ */
79
+ public function plugin_links($links, $file) {
80
+ if ( strpos($file, $this->getPlugin()->getSlug()) === false ) {
81
+ return $links;
82
+ }
83
+
84
+ $links[] = '<a href="' . site_url() . '/wp-admin/admin.php?page=wordpress-https" title="WordPress HTTPS Settings">Settings</a>';
85
+ $links[] = '<a href="http://wordpress.org/extend/plugins/wordpress-https/faq/" title="Frequently Asked Questions">FAQ</a>';
86
+ $links[] = '<a href="http://wordpress.org/tags/wordpress-https#postform" title="Support">Support</a>';
87
+ $links[] = '<a href="https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=N9NFVADLVUR7A" title="Support WordPress HTTPS development with a donation!">Donate</a>';
88
+ return $links;
89
+ }
90
+
91
+ }
lib/WordPressHTTPS/Module/Admin/Post.php ADDED
@@ -0,0 +1,99 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ /**
3
+ * Admin Post Module
4
+ *
5
+ * Adds settings to the edit post screen.
6
+ *
7
+ * @author Mike Ems
8
+ * @package WordPressHTTPS
9
+ *
10
+ */
11
+
12
+ class WordPressHTTPS_Module_Admin_Post extends WordPressHTTPS_Module implements WordPressHTTPS_Module_Interface {
13
+
14
+ /**
15
+ * Initialize Module
16
+ *
17
+ * @param none
18
+ * @return void
19
+ */
20
+ public function init() {
21
+ // Save custom post data
22
+ add_action('save_post', array(&$this, 'post_save'));
23
+ // Add Force SSL checkbox to edit post screen
24
+ add_action('add_meta_boxes', array(&$this, 'add_meta_box_post'));
25
+ }
26
+
27
+ /**
28
+ * Adds HTTPS Settings meta box to post edit screen.
29
+ * WordPress Hook - add_meta_boxes
30
+ *
31
+ * @param none
32
+ * @return void
33
+ */
34
+ public function add_meta_box_post() {
35
+ add_meta_box(
36
+ $this->getPlugin()->getSlug(),
37
+ __( 'HTTPS', $this->getPlugin()->getSlug() ),
38
+ array($this->getPlugin()->getModule('Admin'), 'meta_box_render'),
39
+ 'post',
40
+ 'side',
41
+ 'high',
42
+ array( 'metabox' => 'post' )
43
+ );
44
+ add_meta_box(
45
+ $this->getPlugin()->getSlug(),
46
+ __( 'HTTPS', $this->getPlugin()->getSlug() ),
47
+ array($this->getPlugin()->getModule('Admin'), 'meta_box_render'),
48
+ 'page',
49
+ 'side',
50
+ 'high',
51
+ array( 'metabox' => 'post' )
52
+ );
53
+ }
54
+
55
+ /**
56
+ * Save Force SSL option to post or page
57
+ *
58
+ * @param int $post_id
59
+ * @return int $post_id
60
+ */
61
+ public function post_save( $post_id ) {
62
+ if ( array_key_exists($this->getPlugin()->getSlug(), $_POST) ) {
63
+ if ( ! wp_verify_nonce($_POST[$this->getPlugin()->getSlug()], $this->getPlugin()->getSlug()) ) {
64
+ return $post_id;
65
+ }
66
+
67
+ if ( defined('DOING_AUTOSAVE') && DOING_AUTOSAVE ) {
68
+ return $post_id;
69
+ }
70
+
71
+ if ( @$_POST['post_type'] == 'page' ) {
72
+ if ( !current_user_can('edit_page', $post_id) ) {
73
+ return $post_id;
74
+ }
75
+ } else {
76
+ if ( !current_user_can('edit_post', $post_id) ) {
77
+ return $post_id;
78
+ }
79
+ }
80
+
81
+ $force_ssl = ( @$_POST['force_ssl'] == 1 ? true : false);
82
+ if ( $force_ssl ) {
83
+ update_post_meta($post_id, 'force_ssl', 1);
84
+ } else {
85
+ delete_post_meta($post_id, 'force_ssl');
86
+ }
87
+
88
+ $force_ssl_children = ( @$_POST['force_ssl_children'] == 1 ? true : false);
89
+ if ( $force_ssl_children ) {
90
+ update_post_meta($post_id, 'force_ssl_children', 1);
91
+ } else {
92
+ delete_post_meta($post_id, 'force_ssl_children');
93
+ }
94
+ }
95
+
96
+ return $post_id;
97
+ }
98
+
99
+ }
lib/WordPressHTTPS/Module/Admin/Settings.php ADDED
@@ -0,0 +1,245 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ /**
3
+ * Admin Settings Module
4
+ *
5
+ * Adds the settings page.
6
+ *
7
+ * @author Mike Ems
8
+ * @package WordPressHTTPS
9
+ *
10
+ */
11
+
12
+ class WordPressHTTPS_Module_Admin_Settings extends WordPressHTTPS_Module implements WordPressHTTPS_Module_Interface {
13
+
14
+ /**
15
+ * Initialize Module
16
+ *
17
+ * @param none
18
+ * @return void
19
+ */
20
+ public function init() {
21
+ if ( is_admin() && isset($_GET['page']) && strpos($_GET['page'], $this->getPlugin()->getSlug()) !== false ) {
22
+ if ( $_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['action']) && $_POST['action'] == 'save' ) {
23
+ add_action('plugins_loaded', array(&$this, 'save'), 1);
24
+ }
25
+
26
+ add_action('toplevel_page_' . $this->getPlugin()->getSlug(), array(&$this, 'add_meta_boxes'));
27
+
28
+ // Add scripts
29
+ add_action('admin_enqueue_scripts', array(&$this, 'enqueue_scripts'));
30
+ }
31
+
32
+ }
33
+
34
+ /**
35
+ * Add meta boxes to WordPress HTTPS Settings page.
36
+ *
37
+ * @param none
38
+ * @return void
39
+ */
40
+ public function add_meta_boxes() {
41
+ add_meta_box(
42
+ $this->getPlugin()->getSlug() . '_settings',
43
+ __( 'General Settings', $this->getPlugin()->getSlug() ),
44
+ array($this->getPlugin()->getModule('Admin'), 'meta_box_render'),
45
+ 'toplevel_page_' . $this->getPlugin()->getSlug(),
46
+ 'main',
47
+ 'core',
48
+ array( 'metabox' => 'settings' )
49
+ );
50
+ add_meta_box(
51
+ $this->getPlugin()->getSlug() . '_updates',
52
+ __( 'Developer Updates', $this->getPlugin()->getSlug() ),
53
+ array($this->getPlugin()->getModule('Admin'), 'meta_box_render'),
54
+ 'toplevel_page_' . $this->getPlugin()->getSlug(),
55
+ 'side',
56
+ 'core',
57
+ array( 'metabox' => 'ajax', 'url' => 'http://wordpresshttps.com/client/updates.php' )
58
+ );
59
+ add_meta_box(
60
+ $this->getPlugin()->getSlug() . '_rate',
61
+ __( 'Feedback', $this->getPlugin()->getSlug() ),
62
+ array($this->getPlugin()->getModule('Admin'), 'meta_box_render'),
63
+ 'toplevel_page_' . $this->getPlugin()->getSlug(),
64
+ 'side',
65
+ 'core',
66
+ array( 'metabox' => 'ajax', 'url' => 'http://wordpresshttps.com/client/rate.php' )
67
+ );
68
+ add_meta_box(
69
+ $this->getPlugin()->getSlug() . '_donate',
70
+ __( 'Donate', $this->getPlugin()->getSlug() ),
71
+ array($this->getPlugin()->getModule('Admin'), 'meta_box_render'),
72
+ 'toplevel_page_' . $this->getPlugin()->getSlug(),
73
+ 'side',
74
+ 'core',
75
+ array( 'metabox' => 'ajax', 'url' => 'http://wordpresshttps.com/client/donate.php' )
76
+ );
77
+ add_meta_box(
78
+ $this->getPlugin()->getSlug() . '_support',
79
+ __( 'Support', $this->getPlugin()->getSlug() ),
80
+ array($this->getPlugin()->getModule('Admin'), 'meta_box_render'),
81
+ 'toplevel_page_' . $this->getPlugin()->getSlug(),
82
+ 'side',
83
+ 'core',
84
+ array( 'metabox' => 'ajax', 'url' => 'http://wordpresshttps.com/client/support.php' )
85
+ );
86
+ add_meta_box(
87
+ $this->getPlugin()->getSlug() . '_donate2',
88
+ __( 'Loading...', $this->getPlugin()->getSlug() ),
89
+ array($this->getPlugin()->getModule('Admin'), 'meta_box_render'),
90
+ 'toplevel_page_' . $this->getPlugin()->getSlug(),
91
+ 'main',
92
+ 'core',
93
+ array( 'metabox' => 'ajax', 'url' => 'http://wordpresshttps.com/client/donate2.php' )
94
+ );
95
+ }
96
+
97
+ /**
98
+ * Dispatch request for settings page
99
+ *
100
+ * @param none
101
+ * @return void
102
+ */
103
+ public function dispatch() {
104
+ if ( !current_user_can('manage_options') ) {
105
+ wp_die( __('You do not have sufficient permissions to access this page.') );
106
+ }
107
+
108
+ self::render();
109
+ }
110
+
111
+ /**
112
+ * Adds javascript and stylesheets to settings page in the admin panel.
113
+ * WordPress Hook - enqueue_scripts
114
+ *
115
+ * @param none
116
+ * @return void
117
+ */
118
+ public function enqueue_scripts() {
119
+ wp_enqueue_style($this->getPlugin()->getSlug() . '-admin-page', $this->getPlugin()->getPluginUrl() . '/admin/css/settings.css', $this->getPlugin()->getVersion(), true);
120
+ wp_enqueue_script('jquery-form');
121
+ wp_enqueue_script('post');
122
+
123
+ if ( function_exists('add_thickbox') ) {
124
+ add_thickbox();
125
+ }
126
+ }
127
+
128
+ /**
129
+ * Render settings page
130
+ *
131
+ * @param none
132
+ * @return void
133
+ */
134
+ public function render() {
135
+ require_once('admin/templates/settings.php');
136
+ }
137
+
138
+ /**
139
+ * Save Settings
140
+ *
141
+ * @param array $settings
142
+ * @return void
143
+ */
144
+ public function save() {
145
+ $errors = array();
146
+ $reload = false;
147
+ $logout = false;
148
+ if ( @$_POST['Reset'] ) {
149
+ foreach ($this->getPlugin()->getSettings() as $key => $default) {
150
+ $this->getPlugin()->setSetting($key, $default);
151
+ }
152
+ $reload = true;
153
+ } else {
154
+ foreach ($this->getPlugin()->getSettings() as $key => $default) {
155
+ if ( !array_key_exists($key, $_POST) && $default == 0 ) {
156
+ $_POST[$key] = 0;
157
+ $this->getPlugin()->setSetting($key, $_POST[$key]);
158
+ } else if ( array_key_exists($key, $_POST) ) {
159
+ if ( $key == 'ssl_host' ) {
160
+ if ( $_POST[$key] != '' ) {
161
+ $_POST[$key] = strtolower($_POST[$key]);
162
+ // Add Scheme
163
+ if ( strpos($_POST[$key], 'http://') === false && strpos($_POST[$key], 'https://') === false ) {
164
+ $_POST[$key] = 'https://' . $_POST[$key];
165
+ }
166
+ $ssl_host = WordPressHTTPS_Url::fromString($_POST[$key]);
167
+
168
+ // Add Port
169
+ $port = ((isset($_POST['ssl_port']) && is_int($_POST['ssl_port']) ) ? $_POST['ssl_port'] : $ssl_host->port);
170
+ $port = (($port != 80 && $port != 443) ? $port : null);
171
+ $ssl_host->setPort($port);
172
+
173
+ // Add Path
174
+ if ( strpos($ssl_host->getPath(), $this->getPlugin()->getHttpUrl()->getPath()) !== true ) {
175
+ $path = '/'. ltrim(str_replace(rtrim($this->getPlugin()->getHttpUrl()->getPath(), '/'), '', $ssl_host->getPath()), '/');
176
+ $ssl_host->setPath(rtrim($path, '/') . $this->getPlugin()->getHttpUrl()->getPath());
177
+ }
178
+
179
+ if ( $ssl_host->toString() != $this->getPlugin()->getHttpsUrl()->toString() ) {
180
+ // Ensure that the WordPress installation is accessible at this host
181
+ if ( $ssl_host->isValid() ) {
182
+ // If secure domain has changed and currently on SSL, logout user
183
+ if ( $this->getPlugin()->isSsl() ) {
184
+ $logout = true;
185
+ }
186
+ $_POST[$key] = $ssl_host->setPort('');
187
+ } else {
188
+ $errors[] = '<strong>SSL Host</strong> - Invalid WordPress installation at ' . $ssl_host;
189
+ $_POST[$key] = get_option($key);
190
+ }
191
+ } else {
192
+ $_POST[$key] = $this->getPlugin()->getHttpsUrl();
193
+ }
194
+ } else {
195
+ $_POST[$key] = get_option($key);
196
+ }
197
+ } else if ( $key == 'ssl_admin' ) {
198
+ if ( force_ssl_admin() || force_ssl_login() ) {
199
+ $errors[] = '<strong>SSL Admin</strong> - FORCE_SSL_ADMIN and FORCE_SSL_LOGIN can not be set to true in your wp-config.php.';
200
+ $_POST[$key] = 0;
201
+ // If forcing SSL Admin and currently not SSL, logout user
202
+ } else if ( $_POST[$key] == 1 && !$this->getPlugin()->isSsl() ) {
203
+ $logout = true;
204
+ }
205
+ } else if ( $key == 'ssl_host_subdomain' ) {
206
+ // Checks to see if the SSL Host is a subdomain
207
+ $http_domain = $this->getPlugin()->getHttpUrl()->getBaseHost();
208
+ $https_domain = $this->getPlugin()->getHttpsUrl()->getBaseHost();
209
+
210
+ if ( $ssl_host->setScheme('http') != $this->getPlugin()->getHttpUrl() && $http_domain == $https_domain ) {
211
+ $_POST[$key] = 1;
212
+ } else {
213
+ $_POST[$key] = 0;
214
+ }
215
+ }
216
+
217
+ $this->getPlugin()->setSetting($key, $_POST[$key]);
218
+ }
219
+ }
220
+ }
221
+
222
+ if ( $logout ) {
223
+ wp_logout();
224
+ }
225
+
226
+ if ( array_key_exists('ajax', $_POST) ) {
227
+ error_reporting(0);
228
+ while(@ob_end_clean());
229
+ if ( sizeof( $errors ) > 0 ) {
230
+ echo "<div class=\"error below-h2 fade wphttps-message\" id=\"message\">\n\t<ul>\n";
231
+ foreach ( $errors as $error ) {
232
+ echo "\t\t<li><p>".$error."</p></li>\n";
233
+ }
234
+ echo "\t</ul>\n</div>\n";
235
+ } else {
236
+ echo "<div class=\"updated below-h2 fade wphttps-message\" id=\"message\"><p>Settings saved.</p></div>\n";
237
+ if ( $logout || $reload ) {
238
+ echo "<script type=\"text/javascript\">window.location.reload();</script>";
239
+ }
240
+ }
241
+ exit();
242
+ }
243
+ }
244
+
245
+ }
lib/WordPressHTTPS/Module/Filters.php ADDED
@@ -0,0 +1,170 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ /**
3
+ * Filters Module
4
+ *
5
+ * @author Mike Ems
6
+ * @package WordPressHTTPS
7
+ *
8
+ */
9
+ class WordPressHTTPS_Module_Filters extends WordPressHTTPS_Module implements WordPressHTTPS_Module_Interface {
10
+
11
+ /**
12
+ * Initialize
13
+ *
14
+ * @param none
15
+ * @return void
16
+ */
17
+ public function init() {
18
+ // Prevent WordPress' canonical redirect when using a different SSL Host
19
+ if ( $this->getPlugin()->getSetting('ssl_host_diff') && $this->getPlugin()->isSsl() ) {
20
+ remove_filter('template_redirect', 'redirect_canonical');
21
+ }
22
+
23
+ // Add SSL Host to allowed redirect hosts
24
+ add_filter('allowed_redirect_hosts' , array(&$this, 'allowed_redirect_hosts'), 10, 1);
25
+
26
+ // Filter get_avatar
27
+ add_filter('get_avatar', array(&$this, 'get_avatar'), 10, 5);
28
+
29
+ // Filter admin_url
30
+ add_filter('admin_url', array(&$this, 'admin_url'), 10, 3);
31
+
32
+ // Filter force_ssl
33
+ add_filter('force_ssl', array(&$this, 'secure_child_post'), 10, 2);
34
+ add_filter('force_ssl', array(&$this, 'secure_post'), 9, 2);
35
+
36
+ // Filter site_url in admin panel
37
+ if ( $this->getPlugin()->isSsl() ) {
38
+ add_filter('site_url', array($this->getPlugin(), 'makeUrlHttps'), 10);
39
+ add_filter('template_directory_uri', array($this->getPlugin(), 'makeUrlHttps'), 10);
40
+ add_filter('stylesheet_directory_uri', array($this->getPlugin(), 'makeUrlHttps'), 10);
41
+ }
42
+
43
+ // Filter HTTPS from links in WP 3.0+
44
+ if ( version_compare(get_bloginfo('version'), '3.0', '>') && !is_admin() && $this->getPlugin()->getHttpUrl()->getScheme() != 'https' ) {
45
+ $filters = array('page_link', 'post_link', 'category_link', 'get_archives_link', 'tag_link', 'search_link');
46
+ foreach( $filters as $filter ) {
47
+ add_filter($filter, array($this->getPlugin(), 'makeUrlHttp'), 10);
48
+ }
49
+
50
+ add_filter('bloginfo', array(&$this, 'bloginfo'), 10, 2);
51
+ add_filter('bloginfo_url', array(&$this, 'bloginfo'), 10, 2);
52
+
53
+ // If the whole site is not HTTPS, set links to the front-end to HTTP from within the admin panel
54
+ } else if ( is_admin() && $this->getPlugin()->isSsl() && $this->getPlugin()->getHttpUrl()->getScheme() != 'https' ) {
55
+ $filters = array('page_link', 'post_link', 'category_link', 'get_archives_link', 'tag_link', 'search_link');
56
+ foreach( $filters as $filter ) {
57
+ add_filter($filter, array($this->getPlugin(), 'makeUrlHttp'), 10);
58
+ }
59
+ }
60
+
61
+ // Change all page and post links to HTTPS in the admin panel when using different SSL Host
62
+ if ( $this->getPlugin()->getSetting('ssl_host_diff') && $this->getPlugin()->getSetting('ssl_host_subdomain') == 0 && is_admin() && $this->getPlugin()->isSsl() ) {
63
+ add_filter('page_link', array($this->getPlugin(), 'makeUrlHttps'), 10);
64
+ add_filter('post_link', array($this->getPlugin(), 'makeUrlHttps'), 10);
65
+ }
66
+ }
67
+
68
+ /**
69
+ * Admin URL
70
+ * WordPress Filter - admin_url
71
+ *
72
+ * @param string $url
73
+ * @param string $path
74
+ * @param string $scheme
75
+ * @return string $url
76
+ */
77
+ public function admin_url( $url, $path, $scheme ) {
78
+ if ( ( $scheme == 'https' || $this->getPlugin()->getSetting('ssl_admin') || ( ( is_admin() || $GLOBALS['pagenow'] == 'wp-login.php' ) && $this->getPlugin()->isSsl() ) ) && ( ! is_multisite() || ( is_multisite() && $url_parts['host'] == $this->getPlugin()->getHttpsUrl()->getHost() ) ) ) {
79
+ $url = $this->getPlugin()->makeUrlHttps($url);
80
+ }
81
+
82
+ return $url;
83
+ }
84
+
85
+ /**
86
+ * Allowed Redirect Hosts
87
+ * WordPress Filter - aloowed_redirect_hosts
88
+ *
89
+ * @param array $content
90
+ * @return array $content
91
+ */
92
+ public function allowed_redirect_hosts( $content ) {
93
+ $content[] = $this->getPlugin()->getHttpsUrl()->getHost();
94
+ return $content;
95
+ }
96
+
97
+ /**
98
+ * Blog Info
99
+ * WordPress Filter - get_bloginfo, bloginfo
100
+ *
101
+ * @param string $result
102
+ * @param string $show
103
+ * @return string $result
104
+ */
105
+ public function bloginfo( $result = '', $show = '' ) {
106
+ if ( $show == 'stylesheet_url' || $show == 'template_url' || $show == 'wpurl' || $show == 'home' || $show == 'siteurl' || $show == 'Url' ) {
107
+ $result = $this->getPlugin()->makeUrlHttp($result);
108
+ }
109
+ return $result;
110
+ }
111
+
112
+ /**
113
+ * Get Avatar
114
+ * WordPress Filter - get_avatar
115
+ *
116
+ * @param string $avatar
117
+ * @param string $id_or_email
118
+ * @param int $size
119
+ * @param string $alt
120
+ * @return string $avatar
121
+ */
122
+ public function get_avatar( $avatar, $id_or_email, $size, $default, $alt ) {
123
+ if ( $this->getPlugin()->isSsl() ) {
124
+ // Set host to https://secure.gravatar.com
125
+ if ( $avatar = preg_replace('/\d\.gravatar\.com/', 'secure.gravatar.com', $avatar) ) {
126
+ $avatar = str_replace('http', 'https', str_replace('https', 'http', $avatar));
127
+ }
128
+ }
129
+
130
+ return $avatar;
131
+ }
132
+
133
+ /**
134
+ * Secure Post
135
+ * WordPress HTTPS Filter - force_ssl
136
+ *
137
+ * @param boolean $force_ssl
138
+ * @param int $post_id
139
+ * @return boolean $force_ssl
140
+ */
141
+ public function secure_post( $force_ssl, $post_id ) {
142
+ if ( is_numeric($post_id) ) {
143
+ $force_ssl = (( get_post_meta($post_id, 'force_ssl', true) == 1 ) ? true : $force_ssl);
144
+ }
145
+ return $force_ssl;
146
+ }
147
+
148
+ /**
149
+ * Secure Child Post
150
+ * WordPress HTTPS Filter - force_ssl
151
+ *
152
+ * @param boolean $force_ssl
153
+ * @param int $post_id
154
+ * @return boolean $force_ssl
155
+ */
156
+ public function secure_child_post( $force_ssl, $post_id ) {
157
+ if ( is_numeric($post_id) ) {
158
+ $postParent = get_post($post_id);
159
+ while ( $postParent->post_parent ) {
160
+ $postParent = get_post( $postParent->post_parent );
161
+ if ( get_post_meta($postParent->ID, 'force_ssl_children', true) == 1 ) {
162
+ $force_ssl = true;
163
+ break;
164
+ }
165
+ }
166
+ }
167
+ return $force_ssl;
168
+ }
169
+
170
+ }
lib/WordPressHTTPS/Module/Hooks.php ADDED
@@ -0,0 +1,223 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ /**
3
+ * Hooks Module
4
+ *
5
+ * @author Mike Ems
6
+ * @package WordPressHTTPS
7
+ *
8
+ */
9
+
10
+ class WordPressHTTPS_Module_Hooks extends WordPressHTTPS_Module implements WordPressHTTPS_Module_Interface {
11
+
12
+ /**
13
+ * Initialize
14
+ *
15
+ * @param none
16
+ * @return void
17
+ */
18
+ public function init() {
19
+ if ( $this->getPlugin()->getSetting('ssl_host_diff') ) {
20
+ // Remove SSL Host authentication cookies on logout
21
+ add_action('clear_auth_cookie', array(&$this, 'clear_cookies'));
22
+
23
+ // Set authentication cookie
24
+ if ( $this->getPlugin()->isSsl() ) {
25
+ add_action('set_auth_cookie', array(&$this, 'set_cookie'), 10, 5);
26
+ add_action('set_logged_in_cookie', array(&$this, 'set_cookie'), 10, 5);
27
+ }
28
+
29
+ // Filter redirects in admin panel
30
+ if ( is_admin() && $this->getPlugin()->isSsl() ) {
31
+ add_action('wp_redirect', array(&$this, 'wp_redirect_admin'), 10, 1);
32
+ }
33
+ }
34
+
35
+ /*
36
+ * Run proxy check
37
+ */
38
+ if ( ! $this->getPlugin()->isSsl() && ! isset($_COOKIE['wp_proxy']) ) {
39
+ add_action('init', array(&$this, 'proxy_check'), 1);
40
+ add_action('admin_init', array(&$this, 'proxy_check'), 1);
41
+ add_action('login_head', array(&$this, 'proxy_check'), 1);
42
+ }
43
+
44
+ // Check if the page needs to be redirected
45
+ add_action('template_redirect', array(&$this, 'redirect_check'));
46
+ }
47
+
48
+ /**
49
+ * Proxy Check
50
+ *
51
+ * If the server is on a proxy and not correctly reporting HTTPS, this
52
+ * JavaScript makes sure that the correct redirect takes place.
53
+ *
54
+ * @param none
55
+ * @return void
56
+ */
57
+ public function proxy_check() {
58
+ $cookie_expiration = gmdate('D, d-M-Y H:i:s T', strtotime('now + 10 years'));
59
+ echo '<!-- WordPress HTTPS Proxy Check -->' . "\n";
60
+ echo '<script type="text/javascript">function getCookie(a){var b=document.cookie;var c=a+"=";var d=b.indexOf("; "+c);if(d==-1){d=b.indexOf(c);if(d!=0)return null}else{d+=2;var e=document.cookie.indexOf(";",d);if(e==-1){e=b.length}}return unescape(b.substring(d+c.length,e))}if(getCookie("wp_proxy")!=true){if(window.location.protocol=="https:"){document.cookie="wp_proxy=1; path=/; expires=' . $cookie_expiration . '"}else if(getCookie("wp_proxy")==null){document.cookie="wp_proxy=0; path=/; expires=' . $cookie_expiration . '"}if(getCookie("wp_proxy")!=null){window.location.reload()}else{document.write("You must enable cookies.")}}</script>' . "\n";
61
+ echo '<noscript>Your browser does not support JavaScript.</noscript>' . "\n";
62
+ exit();
63
+ }
64
+
65
+ /**
66
+ * Redirect Check
67
+ *
68
+ * Checks if the current page needs to be redirected
69
+ *
70
+ * @param none
71
+ * @return void
72
+ */
73
+ public function redirect_check() {
74
+ global $post;
75
+
76
+ if ( ! (is_single() || is_page() || is_front_page() || is_home()) ) {
77
+ return false;
78
+ }
79
+
80
+ if ( $post->ID > 0 ) {
81
+ $force_ssl = apply_filters('force_ssl', $force_ssl, $post->ID );
82
+ }
83
+
84
+ // Secure Front Page
85
+ if ( is_front_page() ) {
86
+ if ( $this->getPlugin()->getSetting('frontpage') && ! $this->getPlugin()->isSsl() ) {
87
+ $force_ssl = true;
88
+ } else if ( ! $this->getPlugin()->getSetting('frontpage') && $this->getPlugin()->isSsl() && ( ! $this->getPlugin()->getSetting('ssl_host_diff') || ( $this->getPlugin()->getSetting('ssl_host_diff') && $this->getPlugin()->getSetting('ssl_admin') && ! is_user_logged_in() ) ) ) {
89
+ $force_ssl = false;
90
+ }
91
+ }
92
+
93
+ // Exclusive HTTPS
94
+ if ( $this->getPlugin()->getSetting('exclusive_https') && $this->getPlugin()->isSsl() && ! isset($force_ssl) ) {
95
+ $force_ssl = false;
96
+ }
97
+
98
+ // Force SSL Admin
99
+ if ( is_admin() && $this->getPlugin()->getSetting('ssl_admin') && ! $this->getPlugin()->isSsl() ) {
100
+ $force_ssl = true;
101
+ }
102
+
103
+ if ( ! $this->getPlugin()->isSsl() && isset($force_ssl) && $force_ssl ) {
104
+ $scheme = 'https';
105
+ } else if ( $this->getPlugin()->isSsl() && isset($force_ssl) && ! $force_ssl ) {
106
+ $scheme = 'http';
107
+ }
108
+
109
+
110
+ if ( isset($scheme) ) {
111
+ $this->getPlugin()->redirect($scheme);
112
+ }
113
+ }
114
+
115
+ /**
116
+ * WP Redirect Admin
117
+ * WordPress Filter - wp_redirect_admin
118
+ *
119
+ * @param string $url
120
+ * @return string $url
121
+ */
122
+ public function wp_redirect_admin( $url ) {
123
+ $url = $this->getPlugin()->makeUrlHttps($url);
124
+
125
+ // Fix redirect_to
126
+ preg_match('/redirect_to=([^&]+)/i', $url, $redirect);
127
+ $redirect_url = @$redirect[1];
128
+ $url = str_replace($redirect_url, urlencode($this->getPlugin()->makeUrlHttps(urldecode($redirect_url))), $url);
129
+ return $url;
130
+ }
131
+
132
+ /**
133
+ * Set Cookie
134
+ * WordPress Hook - set_auth_cookie, set_logged_in_cookie
135
+ *
136
+ * @param string $cookie
137
+ * @param string $expire
138
+ * @param int $expiration
139
+ * @param int $user_id
140
+ * @param string $scheme
141
+ * @return void
142
+ */
143
+ public function set_cookie($cookie, $expire, $expiration, $user_id, $scheme) {
144
+ if( $scheme == 'logged_in' ) {
145
+ $cookie_name = LOGGED_IN_COOKIE;
146
+ } elseif ( $secure || ( $this->getPlugin()->isSsl() && $this->getPlugin()->getSetting('ssl_host_diff') ) ) {
147
+ $cookie_name = SECURE_AUTH_COOKIE;
148
+ $scheme = 'secure_auth';
149
+ } else {
150
+ $cookie_name = AUTH_COOKIE;
151
+ $scheme = 'auth';
152
+ }
153
+
154
+ //$cookie_domain = COOKIE_DOMAIN;
155
+ $cookie_path = COOKIEPATH;
156
+ $cookie_path_site = SITECOOKIEPATH;
157
+ $cookie_path_plugins = PLUGINS_COOKIE_PATH;
158
+ $cookie_path_admin = ADMIN_COOKIE_PATH;
159
+
160
+ if ( $this->getPlugin()->getSetting('ssl_host_diff') && $this->getPlugin()->isSsl() ) {
161
+ // If SSL Host is a subdomain, make cookie domain a wildcard
162
+ if ( $this->getPlugin()->getSetting('ssl_host_subdomain') ) {
163
+ $cookie_domain = '.' . $this->getPlugin()->getHttpsUrl()->getBaseHost();
164
+ // Otherwise, cookie domain set for different SSL Host
165
+ } else {
166
+ $cookie_domain = $this->getPlugin()->getHttpsUrl()->getHost();
167
+ }
168
+
169
+ $cookie_path = str_replace($this->getPlugin()->getHttpsUrl()->getPath(), '', $cookie_path);
170
+ $cookie_path = str_replace($this->getPlugin()->getHttpUrl()->getPath(), '', $cookie_path);
171
+ $cookie_path = rtrim($this->getPlugin()->getHttpsUrl()->getPath(), '/') . '/' . $cookie_path;
172
+
173
+ $cookie_path_site = str_replace($this->getPlugin()->getHttpsUrl()->getPath(), '', $cookie_path_site);
174
+ $cookie_path_site = str_replace($this->getPlugin()->getHttpUrl()->getPath(), '', $cookie_path_site);
175
+ $cookie_path_site = rtrim($this->getPlugin()->getHttpsUrl()->getPath(), '/') . '/' . $cookie_path_site;
176
+
177
+ $cookie_path_plugins = str_replace($this->getPlugin()->getHttpsUrl()->getPath(), '', $cookie_path_plugins);
178
+ $cookie_path_plugins = str_replace($this->getPlugin()->getHttpUrl()->getPath(), '', $cookie_path_plugins);
179
+ $cookie_path_plugins = rtrim($this->getPlugin()->getHttpsUrl()->getPath(), '/') . '/' . $cookie_path_plugins;
180
+
181
+ $cookie_path_admin = $cookie_path_site . 'wp-admin';
182
+ }
183
+
184
+ // Cookie paths defined to accomodate different SSL Host
185
+ if ( $scheme == 'logged_in' ) {
186
+ setcookie($cookie_name, $cookie, $expire, $cookie_path, $cookie_domain, $secure, true);
187
+ if ( $cookie_path != $cookie_path_site ) {
188
+ setcookie($cookie_name, $cookie, $expire, $cookie_path_site, $cookie_domain, $secure, true);
189
+ }
190
+ } else {
191
+ setcookie($cookie_name, $cookie, $expire, $cookie_path_plugins, $cookie_domain, false, true);
192
+ setcookie($cookie_name, $cookie, $expire, $cookie_path_admin, $cookie_domain, false, true);
193
+ }
194
+ }
195
+
196
+ /**
197
+ * Clear Cookies
198
+ * WordPress Hook - clear_auth_cookie
199
+ *
200
+ * @param none
201
+ * @return void
202
+ */
203
+ public function clear_cookies() {
204
+ $cookie_domain = '.' . $this->getPlugin()->getHttpsUrl()->getBaseHost();
205
+ $cookie_path = rtrim(parse_url($this->getPlugin()->getHttpsUrl(), PHP_URL_PATH), '/') . COOKIEPATH;
206
+ $cookie_path_site = rtrim(parse_url($this->getPlugin()->getHttpsUrl(), PHP_URL_PATH), '/') . SITECOOKIEPATH;
207
+ $cookie_path_plugins = rtrim(parse_url($this->getPlugin()->getHttpsUrl(), PHP_URL_PATH), '/') . PLUGINS_COOKIE_PATH;
208
+ $cookie_path_admin = $cookie_path_site . 'wp-admin';
209
+
210
+ if ( $this->getPlugin()->getSetting('ssl_host_subdomain') ) {
211
+ setcookie(LOGGED_IN_COOKIE, ' ', time() - 31536000, $cookie_path, $cookie_domain);
212
+ setcookie(LOGGED_IN_COOKIE, ' ', time() - 31536000, $cookie_path_site, $cookie_domain);
213
+ }
214
+
215
+ setcookie(AUTH_COOKIE, ' ', time() - 31536000, $cookie_path_admin);
216
+ setcookie(AUTH_COOKIE, ' ', time() - 31536000, $cookie_path_plugins);
217
+ setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, $cookie_path_admin);
218
+ setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, $cookie_path_plugins);
219
+ setcookie(LOGGED_IN_COOKIE, ' ', time() - 31536000, $cookie_path);
220
+ setcookie(LOGGED_IN_COOKIE, ' ', time() - 31536000, $cookie_path_site);
221
+ }
222
+
223
+ }
lib/WordPressHTTPS/Module/Interface.php ADDED
@@ -0,0 +1,20 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ /**
3
+ * Module Interface
4
+ *
5
+ * @author Mike Ems
6
+ * @package WordPressHTTPS
7
+ *
8
+ */
9
+
10
+ interface WordPressHTTPS_Module_Interface {
11
+
12
+ /**
13
+ * Initializes the module
14
+ *
15
+ * @param none
16
+ * @return void
17
+ */
18
+ public function init();
19
+
20
+ }
lib/WordPressHTTPS/Module/Parser.php ADDED
@@ -0,0 +1,379 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ /**
3
+ * HTML Parser Module
4
+ *
5
+ * @author Mike Ems
6
+ * @package WordPressHTTPS
7
+ *
8
+ */
9
+
10
+ class WordPressHTTPS_Module_Parser extends WordPressHTTPS_Module implements WordPressHTTPS_Module_Interface {
11
+
12
+ /**
13
+ * HTML
14
+ *
15
+ * @var string
16
+ */
17
+ protected $_html;
18
+
19
+ /**
20
+ * Extensions
21
+ *
22
+ * Array of file extensions to be loaded securely.
23
+ *
24
+ * @var array
25
+ */
26
+ protected $_extensions = array('jpg', 'jpeg', 'png', 'gif', 'css', 'js');
27
+
28
+ /**
29
+ * Add Secure External URL
30
+ *
31
+ * @param string $value
32
+ * @return $this
33
+ */
34
+ public function addSecureExternalUrl( $value ) {
35
+ if ( $value == '' ) {
36
+ return $this;
37
+ }
38
+
39
+ $secure_external_urls = (array) $this->getPlugin()->getSetting('secure_external_urls');
40
+ array_push($secure_external_urls, (string) $value);
41
+ $this->getPlugin()->setSetting('secure_external_urls', $secure_external_urls);
42
+
43
+ return $this;
44
+ }
45
+
46
+ /**
47
+ * Add Unsecure External URL
48
+ *
49
+ * @param string $value
50
+ * @return $this
51
+ */
52
+ public function addUnsecureExternalUrl( $value ) {
53
+ if ( $value == '' ) {
54
+ return $this;
55
+ }
56
+
57
+ $unsecure_external_urls = (array) $this->getPlugin()->getSetting('unsecure_external_urls');
58
+ array_push($unsecure_external_urls, (string) $value);
59
+ $this->getPlugin()->setSetting('unsecure_external_urls', $unsecure_external_urls);
60
+
61
+ return $this;
62
+ }
63
+
64
+ /**
65
+ * Initialize
66
+ *
67
+ * @param none
68
+ * @return void
69
+ */
70
+ public function init() {
71
+ // Start output buffering
72
+ add_action('init', array(&$this, 'startOutputBuffering'));
73
+ }
74
+
75
+ /**
76
+ * Parse HTML
77
+ *
78
+ * Parses the output buffer to fix HTML output
79
+ *
80
+ * @param string $buffer
81
+ * @return string $this->_html
82
+ */
83
+ public function parseHtml( $buffer ) {
84
+ $this->_html = $buffer;
85
+
86
+ $this->fixLinksAndForms();
87
+ $this->fixExtensions();
88
+ $this->fixElements();
89
+ $this->fixCssElements();
90
+ $this->fixRelativeElements();
91
+
92
+ // Output logger contents to browsers console if in Debug Mode
93
+ if ( $this->getPlugin()->getSetting('debug') == true ) {
94
+ $this->consoleLog();
95
+ }
96
+
97
+ return $this->_html;
98
+ }
99
+
100
+ /**
101
+ * Start output buffering
102
+ *
103
+ * @param none
104
+ * @return void
105
+ */
106
+ public function startOutputBuffering() {
107
+ ob_start(array(&$this, 'parseHtml'));
108
+ }
109
+
110
+ /**
111
+ * Secure element
112
+ *
113
+ * @param string $url
114
+ * @param string $type
115
+ * @return void
116
+ */
117
+ public function secureElement( $url, $type = '' ) {
118
+ $updated = false;
119
+ $url = WordPressHTTPS_Url::fromString($url);
120
+ // If local
121
+ if ( $this->getPlugin()->isUrlLocal($url) ) {
122
+ $updated = $this->getPlugin()->makeUrlHttps($url);
123
+ $this->_html = str_replace($url, $updated, $this->_html);
124
+ // If external and not HTTPS
125
+ } else if ( $url->getPath() != 'https' ) {
126
+ if ( @in_array($url->toString(), $this->getPlugin()->getSetting('secure_external_urls')) == false && @in_array($url->toString(), $this->getPlugin()->getSetting('unsecure_external_urls')) == false ) {
127
+ $test_url = clone $url;
128
+ $test_url->setScheme('https');
129
+ if ( $test_url->isValid() ) {
130
+ // Cache this URL as available over HTTPS for future reference
131
+ $this->addSecureExternalUrl($url->toString());
132
+ } else {
133
+ // If not available over HTTPS, mark as an unsecure external URL
134
+ $this->addUnsecureExternalUrl($url->toString());
135
+ }
136
+ }
137
+
138
+ if ( in_array($url, $this->getPlugin()->getSetting('secure_external_urls')) ) {
139
+ $updated = clone $url;
140
+ $updated->setScheme('https');
141
+ $this->_html = str_replace($url, $updated, $this->_html);
142
+ }
143
+ }
144
+
145
+ // Add log entry if this change hasn't been logged
146
+ if ( $updated && $url != $updated ) {
147
+ $log = '[FIXED] Element: ' . ( $type != '' ? '<' . $type . '> ' : '' ) . $url . ' => ' . $updated;
148
+ } else if ( $updated == false && $url->getScheme() == 'http' ) {
149
+ $log = '[WARNING] Unsecure Element: <' . $type . '> - ' . $url;
150
+ }
151
+ if ( isset($log) && ! in_array($log, $this->getPlugin()->getLogger()->getLog()) ) {
152
+ $this->getPlugin()->getLogger()->log($log);
153
+ }
154
+ }
155
+
156
+ /**
157
+ * Fix Elements
158
+ *
159
+ * Fixes schemes on DOM elements.
160
+ *
161
+ * @param none
162
+ * @return void
163
+ */
164
+ public function fixElements() {
165
+ // Fix any occurrence of the HTTPS version of the regular domain when using different SSL Host
166
+ if ( $this->getPlugin()->getSetting('ssl_host_diff') ) {
167
+ $url = clone $this->getPlugin()->getHttpUrl();
168
+ $url->setScheme('https');
169
+
170
+ $count = substr_count($this->_html, $url);
171
+ if ( $count > 0 ) {
172
+ $this->getPlugin()->getLogger()->log('[FIXED] Updated ' . $count . ' Occurrences of URL: ' . $url . ' => ' . $this->getPlugin()->makeUrlHttp($url));
173
+ $this->_html = str_replace($url, $this->getPlugin()->makeUrlHttp($url), $this->_html);
174
+ }
175
+ }
176
+
177
+ if ( $this->getPlugin()->isSsl() ) {
178
+ if ( is_admin() ) {
179
+ preg_match_all('/\<(script|link|img)[^>]+[\'"]((http):\/\/[^\'"]+)[\'"][^>]*>/im', $this->_html, $matches);
180
+ } else {
181
+ preg_match_all('/\<(script|link|img|input|embed|param)[^>]+[\'"]((http):\/\/[^\'"]+)[\'"][^>]*>/im', $this->_html, $matches);
182
+ }
183
+ for ($i = 0; $i < sizeof($matches[0]); $i++) {
184
+ $html = $matches[0][$i];
185
+ $type = $matches[1][$i];
186
+ $url = $matches[2][$i];
187
+ $scheme = $matches[3][$i];
188
+ $updated = false;
189
+
190
+ if ( $type == 'img' || $type == 'script' || $type == 'embed' ||
191
+ ( $type == 'link' && ( strpos($html, 'stylesheet') !== false || strpos($html, 'pingback') !== false ) ) ||
192
+ ( $type == 'form' && strpos($html, 'wp-pass.php') !== false ) ||
193
+ ( $type == 'form' && strpos($html, 'commentform') !== false ) ||
194
+ ( $type == 'input' && strpos($html, 'image') !== false ) ||
195
+ ( $type == 'param' && strpos($html, 'movie') !== false )
196
+ ) {
197
+ // In admin panel, only fix image tags
198
+ if ( is_admin() ) {
199
+ if ( $type == 'img' ) {
200
+ $this->secureElement($url, $type);
201
+ }
202
+ } else {
203
+ $this->secureElement($url, $type);
204
+ }
205
+ }
206
+ }
207
+ }
208
+ }
209
+
210
+ /**
211
+ * Fix CSS background images or imports.
212
+ *
213
+ * @param none
214
+ * @return void
215
+ */
216
+ public function fixCssElements() {
217
+ preg_match_all('/(import|background)[:]?[^u]*url\([\'"]?(http:\/\/[^)]+)[\'"]?\)/im', $this->_html, $matches);
218
+ for ($i = 0; $i < sizeof($matches[0]); $i++) {
219
+ $css = $matches[0][$i];
220
+ $url = $matches[2][$i];
221
+ $this->secureElement($url, 'style');
222
+ }
223
+ }
224
+
225
+ /**
226
+ * Fix elements that are being referenced relatively.
227
+ *
228
+ * @param none
229
+ * @return void
230
+ */
231
+ public function fixRelativeElements() {
232
+ if ( $this->getPlugin()->getHttpUrl()->getPath() != $this->getPlugin()->getHttpsUrl()->getPath() ) {
233
+ preg_match_all('/\<(script|link|img|input|form|embed|param)[^>]+(src|href|action|data|movie|image|value)=[\'"](\/[^\'"]*)[\'"][^>]*>/im', $this->_html, $matches);
234
+
235
+ for ($i = 0; $i < sizeof($matches[0]); $i++) {
236
+ $html = $matches[0][$i];
237
+ $type = $matches[1][$i];
238
+ $attr = $matches[2][$i];
239
+ $url_path = $matches[3][$i];
240
+ if (
241
+ $type != 'input' ||
242
+ ( $type == 'input' && $attr == 'image' ) ||
243
+ ( $type == 'input' && strpos($html, '_wp_http_referer') !== false )
244
+ ) {
245
+ $updated = clone $this->getPlugin()->getHttpsUrl();
246
+ $updated->setPath($url_path);
247
+ $this->_html = str_replace($html, str_replace($url_path, $updated, $html), $this->_html);
248
+ $this->getPlugin()->getLogger()->log('[FIXED] Element: <' . $type . '> - ' . $url_path . ' => ' . $updated);
249
+ }
250
+ }
251
+ }
252
+ }
253
+
254
+ /**
255
+ * Fix Extensions
256
+ *
257
+ * Fixes schemes on DOM elements with extensions specified in $this->_extensions
258
+ *
259
+ * @param none
260
+ * @return void
261
+ */
262
+ public function fixExtensions() {
263
+ if ( $this->getPlugin()->isSsl() ) {
264
+ @preg_match_all('/(http|https):\/\/[^\'"]+[\'"]+/i', $this->_html, $matches);
265
+ for ($i = 0; $i < sizeof($matches[0]); $i++) {
266
+ $url = rtrim($matches[0][$i], '\'"');
267
+ $filename = basename($url);
268
+ $scheme = $matches[1][$i];
269
+
270
+ foreach( $this->_extensions as $extension ) {
271
+ if ( $extension == 'js' ) {
272
+ $type = 'script';
273
+ } else if ( $extension == 'css' ) {
274
+ $type = 'style';
275
+ } else if ( in_array($extension, array('jpg', 'jpeg', 'png', 'gif')) ) {
276
+ $type = 'img';
277
+ } else {
278
+ $type = '';
279
+ }
280
+ if ( strpos($filename, '.' . $extension) !== false ) {
281
+ $this->secureElement($url, $type);
282
+ }
283
+ }
284
+ }
285
+ }
286
+ }
287
+
288
+ /**
289
+ * Fix links and forms
290
+ *
291
+ * @param none
292
+ * @return void
293
+ */
294
+ public function fixLinksAndForms() {
295
+ // Update anchor and form tags to appropriate URL's
296
+ preg_match_all('/\<(a|form)[^>]+[\'"]((http|https):\/\/[^\'"]+)[\'"][^>]*>/im', $this->_html, $matches);
297
+
298
+ for ($i = 0; $i < sizeof($matches[0]); $i++) {
299
+ $html = $matches[0][$i];
300
+ $type = $matches[1][$i];
301
+ $url = $matches[2][$i];
302
+ $scheme = $matches[3][$i];
303
+ $updated = false;
304
+
305
+ unset($force_ssl);
306
+
307
+ $url_parts = parse_url($url);
308
+ if ( $this->getPlugin()->getHttpsUrl()->getPath() != '/' ) {
309
+ if ( $this->getPlugin()->getSetting('ssl_host_diff') ) {
310
+ $url_parts['path'] = str_replace($this->getPlugin()->getHttpsUrl()->getPath(), '', $url_parts['path']);
311
+ }
312
+ $url_parts['path'] = str_replace($this->getPlugin()->getHttpUrl()->getPath(), '', $url_parts['path']);
313
+ }
314
+
315
+ if ( $this->getPlugin()->isUrlLocal($url) && preg_match("/page_id=([\d]+)/", parse_url($url, PHP_URL_QUERY), $postID) ) {
316
+ $post = $postID[1];
317
+ } else if ( $this->getPlugin()->isUrlLocal($url) && $url_parts['path'] == '' ) {
318
+ if ( get_option('show_on_front') == 'posts' ) {
319
+ $post = true;
320
+ } else {
321
+ $post = get_option('page_on_front');
322
+ }
323
+ if ( $this->getPlugin()->getSetting('frontpage') ) {
324
+ $force_ssl = true;
325
+ }
326
+ } else if ( $this->getPlugin()->isUrlLocal($url) && ($post = get_page_by_path($url_parts['path'])) ) {
327
+ $post = $post->ID;
328
+ //TODO When logged in to HTTP and visiting an HTTPS page, admin links will always be forced to HTTPS, even if the user is not logged in via HTTPS. I need to find a way to detect this.
329
+ } else if ( ( strpos($url_parts['path'], 'wp-admin') !== false || strpos($url_parts['path'], 'wp-login') !== false ) && ( $this->getPlugin()->isSsl() || $this->getPlugin()->getSetting('ssl_admin') ) ) {
330
+ if ( !is_multisite() || ( is_multisite() && $url_parts['host'] == $this->getPlugin()->getHttpsUrl()->getHost() ) ) {
331
+ $post = true;
332
+ $force_ssl = true;
333
+ } else if ( is_multisite() ) {
334
+ if ( $blog_id = get_blog_details( array( 'domain' => $url_parts['host'] )) ) {
335
+ if ( $this->getPlugin()->getSetting('ssl_admin', $blog_id) && $scheme != 'https' && ( ! $this->getPlugin()->getSetting('ssl_host_diff', $blog_id) || ( $this->getPlugin()->getSetting('ssl_host_diff', $blog_id) && is_user_logged_in() ) ) ) {
336
+ $this->_html = str_replace($url, str_replace('http', 'https', $url), $this->_html);
337
+ }
338
+ }
339
+ }
340
+ }
341
+
342
+ if ( isset($post) ) {
343
+ // Always change links to HTTPS when logged in via different SSL Host
344
+ if ( $type == 'a' && ! $this->getPlugin()->getSetting('ssl_host_subdomain') && $this->getPlugin()->getSetting('ssl_host_diff') && $this->getPlugin()->getSetting('ssl_admin') && is_user_logged_in() ) {
345
+ $force_ssl = true;
346
+ } else if ( (int) $post > 0 ) {
347
+ $force_ssl = apply_filters('force_ssl', $force_ssl, $post );
348
+ }
349
+
350
+ if ( $force_ssl == true ) {
351
+ $updated = $this->getPlugin()->makeUrlHttps($url);
352
+ $this->_html = str_replace($html, str_replace($url, $updated, $html), $this->_html);
353
+ } else if ( $this->getPlugin()->getSetting('exclusive_https') ) {
354
+ $updated = $this->getPlugin()->makeUrlHttp($url);
355
+ $this->_html = str_replace($html, str_replace($url, $updated, $html), $this->_html);
356
+ }
357
+ }
358
+
359
+ // Add log entry if this change hasn't been logged
360
+ if ( $updated && $url != $updated ) {
361
+ $log = '[FIXED] Element: <' . $type . '> - ' . $url . ' => ' . $updated;
362
+ if ( ! in_array($log, $this->getPlugin()->getLogger()->getLog()) ) {
363
+ $this->getPlugin()->getLogger()->log($log);
364
+ }
365
+ }
366
+ }
367
+ }
368
+
369
+ /**
370
+ * Output contents of the log to the browser's console.
371
+ *
372
+ * @param none
373
+ * @return void
374
+ */
375
+ public function consoleLog() {
376
+ $this->_html = str_replace('</body>', $this->getPlugin()->getLogger()->consoleLog() . "\n\n</body>", $this->_html);
377
+ }
378
+
379
+ }
lib/WordPressHTTPS/Plugin.php ADDED
@@ -0,0 +1,429 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ /**
3
+ * Plugin Class for the WordPress plugin WordPress HTTPS
4
+ *
5
+ * This is a re-usable base class for a WordPress plugin.
6
+ *
7
+ * @author Mike Ems
8
+ * @package WordPressHTTPS
9
+ *
10
+ */
11
+ class WordPressHTTPS_Plugin {
12
+
13
+ /**
14
+ * Base directory
15
+ *
16
+ * @var string
17
+ */
18
+ protected $_directory;
19
+
20
+ /**
21
+ * Module directory
22
+ *
23
+ * @var string
24
+ */
25
+ protected $_module_directory;
26
+
27
+ /**
28
+ * Loaded Modules
29
+ *
30
+ * @var array
31
+ */
32
+ protected $_modules = array();
33
+
34
+ /**
35
+ * Logger
36
+ *
37
+ * @var WordPressHTTPS_Logger
38
+ */
39
+ protected $_logger;
40
+
41
+ /**
42
+ * Plugin URL
43
+ *
44
+ * @var string
45
+ */
46
+ protected $_plugin_url;
47
+
48
+ /**
49
+ * Plugin Settings
50
+ *
51
+ * @var array
52
+ */
53
+ protected $_settings = array();
54
+
55
+ /**
56
+ * Plugin Slug
57
+ *
58
+ * Used as a unqiue identifier for the plugin.
59
+ *
60
+ * @var string
61
+ */
62
+ protected $_slug;
63
+
64
+ /**
65
+ * Plugin Version
66
+ *
67
+ * @var string
68
+ */
69
+ protected $_version;
70
+
71
+ /**
72
+ * Set Directory
73
+ *
74
+ * @param string $directory
75
+ * @return object $this
76
+ */
77
+ public function setDirectory( $directory ) {
78
+ $this->_directory = $directory;
79
+ return $this;
80
+ }
81
+
82
+ /**
83
+ * Get Directory
84
+ *
85
+ * @param none
86
+ * @return string
87
+ */
88
+ public function getDirectory() {
89
+ return $this->_directory;
90
+ }
91
+
92
+ /**
93
+ * Set Module Directory
94
+ *
95
+ * @param string $module_directory
96
+ * @return object $this
97
+ */
98
+ public function setModuleDirectory( $module_directory ) {
99
+ $this->_module_directory = $module_directory;
100
+ return $this;
101
+ }
102
+
103
+ /**
104
+ * Get Module Directory
105
+ *
106
+ * @param none
107
+ * @return string
108
+ */
109
+ public function getModuleDirectory() {
110
+ return $this->_module_directory;
111
+ }
112
+
113
+ /**
114
+ * Get Available Modules
115
+ *
116
+ * @param none
117
+ * @return array $modules
118
+ */
119
+ public function getAvailableModules() {
120
+ $modules = array();
121
+ if ( is_dir($this->getModuleDirectory()) && $module_directory = opendir($this->getModuleDirectory()) ) {
122
+ while ( false !== ($entry = readdir($module_directory)) ) {
123
+ if ( $entry != '.' && $entry != '..' ) {
124
+ $module = str_replace('.php', '', $entry);
125
+ if ( $module != 'Interface' ) {
126
+ $modules[] = $module;
127
+ if ( is_dir($this->getModuleDirectory() . $module) && $sub_module_directory = opendir($this->getModuleDirectory() . $module) ) {
128
+ while ( false !== ($entry = readdir($sub_module_directory)) ) {
129
+ if ( $entry != '.' && $entry != '..' ) {
130
+ $sub_module = str_replace('.php', '', $entry);
131
+ $modules[] = $module . '\\' . $sub_module;
132
+ }
133
+ }
134
+ }
135
+ }
136
+ }
137
+ }
138
+ }
139
+ return $modules;
140
+ }
141
+
142
+ /**
143
+ * Get Module
144
+ *
145
+ * @param string $module
146
+ * @return object
147
+ */
148
+ public function getModule( $module ) {
149
+ $module = 'Module\\' . $module;
150
+ if ( isset($module) ) {
151
+ if ( isset($this->_modules[$module]) ) {
152
+ return $this->_modules[$module];
153
+ }
154
+ }
155
+
156
+ die('Module not found: \'' . $module . '\'.');
157
+ }
158
+
159
+ /**
160
+ * Get Modules
161
+ *
162
+ * Returns an array of all loaded modules
163
+ *
164
+ * @param none
165
+ * @return array $modules
166
+ */
167
+ public function getModules() {
168
+ $modules = array();
169
+ if ( isset($this->_modules) ) {
170
+ $modules = $this->_modules;
171
+ }
172
+ return $modules;
173
+ }
174
+
175
+ /**
176
+ * Set Module
177
+ *
178
+ * @param string $module
179
+ * @param object $object
180
+ * @return $this
181
+ */
182
+ public function setModule( $module, $object ) {
183
+ $this->_modules[$module] = $object;
184
+ return $this;
185
+ }
186
+
187
+ /**
188
+ * Set Logger
189
+ *
190
+ * @param object $logger
191
+ * @return object $this
192
+ */
193
+ public function setLogger( WordPressHTTPS_Logger_Interface $logger ) {
194
+ $this->_logger = $logger;
195
+ return $this;
196
+ }
197
+
198
+ /**
199
+ * Get Logger
200
+ *
201
+ * @param none
202
+ * @return object
203
+ */
204
+ public function getLogger() {
205
+ if ( ! isset($this->_logger) ) {
206
+ die(__CLASS__ . ' missing Logger dependency.');
207
+ }
208
+
209
+ return $this->_logger->getInstance();
210
+ }
211
+
212
+ /**
213
+ * Set Plugin Url
214
+ *
215
+ * @param string $plugin_url
216
+ * @return object $this
217
+ */
218
+ public function setPluginUrl( $plugin_url ) {
219
+ $this->_plugin_url = $plugin_url;
220
+ return $this;
221
+ }
222
+
223
+ /**
224
+ * Get Plugin Url
225
+ *
226
+ * @param none
227
+ * @return string
228
+ */
229
+ public function getPluginUrl() {
230
+ return $this->_plugin_url;
231
+ }
232
+
233
+ /**
234
+ * Get Plugin Setting
235
+ *
236
+ * @param string $setting
237
+ * @param int $setting_blog_id
238
+ * @return mixed
239
+ */
240
+ public function getSetting( $setting, $setting_blog_id = 0 ) {
241
+ global $blog_id;
242
+
243
+ if ( $setting_blog_id > 0 ) {
244
+ $blog_id = $setting_blog_id;
245
+ }
246
+
247
+ $setting = $this->getSlug() . '_' . $setting;
248
+ if ( function_exists('get_blog_option') ) {
249
+ $setting = get_blog_option($blog_id, $setting);
250
+ } else {
251
+ $setting = get_option($setting);
252
+ }
253
+ switch( $setting ) {
254
+ case "1":
255
+ $setting = true;
256
+ break;
257
+ case "0":
258
+ $setting = false;
259
+ break;
260
+ }
261
+ return $setting;
262
+ }
263
+
264
+ /**
265
+ * Get Plugin Settings
266
+ *
267
+ * @param none
268
+ * @return array
269
+ */
270
+ public function getSettings() {
271
+ return $this->_settings;
272
+ }
273
+
274
+ /**
275
+ * Set Plugin Setting
276
+ *
277
+ * @param string $setting
278
+ * @param mixed $value
279
+ * @return $this
280
+ */
281
+ public function setSetting( $setting, $value ) {
282
+ $setting = $this->getSlug() . '_' . $setting;
283
+ update_option($setting, $value);
284
+ return $this;
285
+ }
286
+
287
+ /**
288
+ * Set Slug
289
+ *
290
+ * @param string $slug
291
+ * @return object $this
292
+ */
293
+ public function setSlug( $slug ) {
294
+ $this->_slug = $slug;
295
+ return $this;
296
+ }
297
+
298
+ /**
299
+ * Get Slug
300
+ *
301
+ * @param none
302
+ * @return string
303
+ */
304
+ public function getSlug() {
305
+ return $this->_slug;
306
+ }
307
+
308
+ /**
309
+ * Set Version
310
+ *
311
+ * @param string $version
312
+ * @return object $this
313
+ */
314
+ public function setVersion( $version ) {
315
+ $this->_version = $version;
316
+ return $this;
317
+ }
318
+
319
+ /**
320
+ * Get Version
321
+ *
322
+ * @param none
323
+ * @return string
324
+ */
325
+ public function getVersion() {
326
+ return $this->_version;
327
+ }
328
+
329
+ /**
330
+ * Init
331
+ *
332
+ * Initializes all of the modules.
333
+ *
334
+ * @param none
335
+ * @return $this
336
+ */
337
+ public function init() {
338
+ $modules = $this->getModules();
339
+ foreach( $modules as $module ) {
340
+ $module->init();
341
+ }
342
+ return $this;
343
+ }
344
+
345
+ /**
346
+ * Is Module Loaded?
347
+ *
348
+ * @param string $module
349
+ * @return boolean
350
+ */
351
+ public function isModuleLoaded( $module ) {
352
+ if ( is_object($this->getModule($module)) ) {
353
+ return true;
354
+ } else {
355
+ return false;
356
+ }
357
+ }
358
+
359
+ /**
360
+ * Load Module
361
+ *
362
+ * @param string $module
363
+ * @return $this
364
+ */
365
+ public function loadModule( $module ) {
366
+ if ( strpos(get_class($this), '_') !== false ) {
367
+ $base_class = substr(get_class($this), 0, strpos(get_class($this), '_'));
368
+ } else {
369
+ $base_class = get_class($this);
370
+ }
371
+ $module_full = 'Module\\' . $module;
372
+
373
+ $class = $base_class . '_' . str_replace('\\', '_', $module_full);
374
+ if ( ! isset($this->_modules[$class]) || ! is_object($this->_modules[$class]) || get_class($this->_modules[$class]) != $class ) {
375
+ try {
376
+ $object = new $class;
377
+ $this->setModule($module_full, $object);
378
+ $this->getModule($module)->setPlugin($this);
379
+ } catch ( Exception $e ) {
380
+ die('Unable to load module: \'' . $module . '\'. ' . $e->getMessage());
381
+ }
382
+ }
383
+
384
+ return $this;
385
+ }
386
+
387
+ /**
388
+ * Load Modules
389
+ *
390
+ * Load specified modules. If no modules are specified, all modules are loaded.
391
+ *
392
+ * @param array $modules
393
+ * @return $this
394
+ */
395
+ public function loadModules( $modules = array() ) {
396
+ if ( sizeof($modules) == 0 ) {
397
+ $modules = $this->getAvailableModules();
398
+ }
399
+
400
+ foreach( $modules as $module ) {
401
+ $this->loadModule( $module );
402
+ }
403
+ return $this;
404
+ }
405
+
406
+ /**
407
+ * Unload Module
408
+ *
409
+ * @param string $module
410
+ * @return $this
411
+ */
412
+ public function unloadModule( $module ) {
413
+ if ( strpos(get_class($this), '_') !== false ) {
414
+ $base_class = substr(get_class($this), 0, strpos(get_class($this), '_'));
415
+ } else {
416
+ $base_class = get_class($this);
417
+ }
418
+ $module = 'Module\\' . $module;
419
+
420
+ $modules = $this->getModules();
421
+
422
+ unset($modules[$module]);
423
+
424
+ $this->_modules = $modules;
425
+
426
+ return $this;
427
+ }
428
+
429
+ }
lib/WordPressHTTPS/Url.php ADDED
@@ -0,0 +1,532 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ /**
3
+ * URL Class for the WordPress plugin WordPress HTTPS
4
+ *
5
+ * This class and it's properties are heavily based on parse_url()
6
+ *
7
+ * @author Mike Ems
8
+ * @package WordPressHTTPS
9
+ *
10
+ */
11
+ class WordPressHTTPS_Url {
12
+
13
+ /**
14
+ * The scheme of a network host; for example, http or https
15
+ *
16
+ * @var string
17
+ */
18
+ protected $_scheme;
19
+
20
+ /**
21
+ * The domain name of a network host, or an IPv4 address as a set of four decimal digit groups separated by literal periods; for example, www.php.net or babelfish.altavista.com
22
+ *
23
+ * @var string
24
+ */
25
+ protected $_host;
26
+
27
+ /**
28
+ * The base domain of a network host; for example, php.net or altavista.com
29
+ *
30
+ * @var string
31
+ */
32
+ protected $_base_host;
33
+
34
+ /**
35
+ * The port being accessed. In the URL http://www.some_host.com:443/, 443 is the port component.
36
+ *
37
+ * @var int
38
+ */
39
+ protected $_port;
40
+
41
+ /**
42
+ * The username being passed for authentication. In the URL ftp://some_user:some_password@ftp.host.com/, some_user would be the user component.
43
+ *
44
+ * @var string
45
+ */
46
+ protected $_user;
47
+
48
+ /**
49
+ * The password being passed for authentication. In the above example, some_password would be the pass component.
50
+ *
51
+ * @var string
52
+ */
53
+ protected $_pass;
54
+
55
+ /**
56
+ * The path component contains the location to the requested resource on the given host. In the URL http://www.foo.com/test/test.php, /test/test.php is the path component.
57
+ *
58
+ * @var string
59
+ */
60
+ protected $_path;
61
+
62
+ /**
63
+ * The filename, if available, is the specified resource being requested. In the URL http://www.foo.com/test/test.jpg, test.jpg is the filename.
64
+ *
65
+ * @var string
66
+ */
67
+ protected $_filename;
68
+
69
+ /**
70
+ * The file extension of the filename, if available. In the URL http://www.foo.com/test/test.jpg, .jpg is the file extension.
71
+ *
72
+ * @var string
73
+ */
74
+ protected $_extension;
75
+
76
+ /**
77
+ * The query string for the request. In the URL http://www.foo.com/?page=bar, page=bar is the query component.
78
+ *
79
+ * @var string
80
+ */
81
+ protected $_query;
82
+
83
+ /**
84
+ * The fragment string for the request. In the URL http://www.foo.com/?page=bar#test, #test is the fragment component.
85
+ *
86
+ * @var string
87
+ */
88
+ protected $_fragment;
89
+
90
+ /**
91
+ * The response body of the request.
92
+ *
93
+ * @var string
94
+ */
95
+ protected $_content;
96
+
97
+ /**
98
+ * Set Scheme
99
+ *
100
+ * @param string $scheme
101
+ * @return object $this
102
+ */
103
+ public function setScheme( $scheme ) {
104
+ $this->_scheme = $scheme;
105
+ return $this;
106
+ }
107
+
108
+ /**
109
+ * Get Scheme
110
+ *
111
+ * @param none
112
+ * @return string
113
+ */
114
+ public function getScheme() {
115
+ return $this->_scheme;
116
+ }
117
+
118
+ /**
119
+ * Set Host
120
+ *
121
+ * @param string $host
122
+ * @return object $this
123
+ */
124
+ public function setHost( $host ) {
125
+ $this->_host = $host;
126
+ return $this;
127
+ }
128
+
129
+ /**
130
+ * Get Host
131
+ *
132
+ * @param none
133
+ * @return string
134
+ */
135
+ public function getHost() {
136
+ return $this->_host;
137
+ }
138
+
139
+ /**
140
+ * Set Base Host
141
+ *
142
+ * @param string $base_host
143
+ * @return object $this
144
+ */
145
+ public function setBaseHost( $base_host ) {
146
+ $this->_base_host = $base_host;
147
+ return $this;
148
+ }
149
+
150
+ /**
151
+ * Gets the base host of the URL
152
+ *
153
+ * @param none
154
+ * @return string
155
+ */
156
+ public function getBaseHost() {
157
+ $return_url = clone $this;
158
+ $test_url = clone $this;
159
+ $host_parts = explode('.', $test_url->getHost());
160
+ for ( $i = 0; $i <= sizeof($host_parts); $i++ ) {
161
+ if ( $test_url->setHost( str_replace($host_parts[$i] . '.', '', $test_url->getHost()) )->isValid() ) {
162
+ $return_url = clone $test_url;
163
+ } else {
164
+ break;
165
+ }
166
+ }
167
+ return $return_url->getHost();
168
+ }
169
+
170
+ /**
171
+ * Set Port
172
+ *
173
+ * @param string $port
174
+ * @return object $this
175
+ */
176
+ public function setPort( $port ) {
177
+ $this->_port = $port;
178
+ return $this;
179
+ }
180
+
181
+ /**
182
+ * Get Port
183
+ *
184
+ * @param none
185
+ * @return string
186
+ */
187
+ public function getPort() {
188
+ return $this->_port;
189
+ }
190
+
191
+ /**
192
+ * Set User
193
+ *
194
+ * @param string $user
195
+ * @return object $this
196
+ */
197
+ public function setUser( $user ) {
198
+ $this->_user = $user;
199
+ return $this;
200
+ }
201
+
202
+ /**
203
+ * Get User
204
+ *
205
+ * @param none
206
+ * @return string
207
+ */
208
+ public function getUser() {
209
+ return $this->_user;
210
+ }
211
+
212
+ /**
213
+ * Set Pass
214
+ *
215
+ * @param string $pass
216
+ * @return object $this
217
+ */
218
+ public function setPass( $pass ) {
219
+ $this->_pass = $pass;
220
+ return $this;
221
+ }
222
+
223
+ /**
224
+ * Get Pass
225
+ *
226
+ * @param none
227
+ * @return string
228
+ */
229
+ public function getPass() {
230
+ return $this->_pass;
231
+ }
232
+
233
+ /**
234
+ * Set Path
235
+ *
236
+ * Ensures the path begins with a forward slash
237
+ *
238
+ * @param none
239
+ * @return string
240
+ */
241
+ public function setPath( $path ) {
242
+ $this->_path = ltrim($path, '/');
243
+ $this->_path = '/' . $this->_path;
244
+ $filename = basename($this->_path);
245
+ $pathinfo = pathinfo($filename);
246
+ if ( $pathinfo && isset($pathinfo['extension']) ) {
247
+ $this->setExtension($pathinfo['extension']);
248
+ $this->setFilename($filename);
249
+ }
250
+
251
+ return $this;
252
+ }
253
+
254
+ /**
255
+ * Get Path
256
+ *
257
+ * Ensures the path begins with a forward slash
258
+ *
259
+ * @param none
260
+ * @return string
261
+ */
262
+ public function getPath() {
263
+ return $this->_path;
264
+ }
265
+
266
+ /**
267
+ * Set Filename
268
+ *
269
+ * @param string $filename
270
+ * @return object $this
271
+ */
272
+ public function setFilename( $filename ) {
273
+ $this->_filename = $filename;
274
+ return $this;
275
+ }
276
+
277
+ /**
278
+ * Get Filename
279
+ *
280
+ * @param none
281
+ * @return string
282
+ */
283
+ public function getFilename() {
284
+ return $this->_filename;
285
+ }
286
+
287
+ /**
288
+ * Set Extension
289
+ *
290
+ * @param string $extension
291
+ * @return object $this
292
+ */
293
+ public function setExtension( $extension ) {
294
+ $this->_extension = $extension;
295
+ return $this;
296
+ }
297
+
298
+ /**
299
+ * Get Extension
300
+ *
301
+ * @param none
302
+ * @return string
303
+ */
304
+ public function getExtension() {
305
+ return $this->_extension;
306
+ }
307
+
308
+ /**
309
+ * Set Query
310
+ *
311
+ * @param string $query
312
+ * @return object $this
313
+ */
314
+ public function setQuery( $query ) {
315
+ $this->_query = $query;
316
+ return $this;
317
+ }
318
+
319
+ /**
320
+ * Get Query
321
+ *
322
+ * @param none
323
+ * @return string
324
+ */
325
+ public function getQuery() {
326
+ return $this->_query;
327
+ }
328
+
329
+ /**
330
+ * Set Fragment
331
+ *
332
+ * @param string $fragment
333
+ * @return object $this
334
+ */
335
+ public function setFragment( $fragment ) {
336
+ $this->_fragment = $fragment;
337
+ return $this;
338
+ }
339
+
340
+ /**
341
+ * Get Fragment
342
+ *
343
+ * @param none
344
+ * @return string
345
+ */
346
+ public function getFragment() {
347
+ return $this->_fragment;
348
+ }
349
+
350
+ /**
351
+ * Set Content
352
+ *
353
+ * @param string $content
354
+ * @return object $this
355
+ */
356
+ public function setContent( $content ) {
357
+ $this->_content = $content;
358
+ return $this;
359
+ }
360
+
361
+ /**
362
+ * Get the contents of the URL
363
+ *
364
+ * @param boolean $verify_ssl
365
+ * @return boolean
366
+ */
367
+ public function getContent( $verify_ssl = false ) {
368
+ if ( $this->_content ) {
369
+ return $this->_content;
370
+ }
371
+
372
+ if ( function_exists('curl_init') ) {
373
+ $ch = curl_init();
374
+
375
+ curl_setopt($ch, CURLOPT_URL, $this->toString());
376
+ curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER["HTTP_USER_AGENT"]);
377
+ curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, $verify_ssl);
378
+ curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
379
+ curl_setopt($ch, CURLOPT_FAILONERROR, true);
380
+ @curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
381
+ curl_setopt($ch, CURLOPT_HEADER, false);
382
+ curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
383
+
384
+ $content = curl_exec($ch);
385
+ $info = curl_getinfo($ch);
386
+ curl_close($ch);
387
+
388
+ if ( !$info['http_code'] || ( $info['http_code'] == 0 || $info['http_code'] == 404 ) ) {
389
+ return false;
390
+ } else {
391
+ return $content;
392
+ }
393
+ } else if ( @ini_get('allow_url_fopen') ) {
394
+ if ( ($content = @file_get_contents($url)) !== false ) {
395
+ return $content;
396
+ }
397
+ }
398
+ return false;
399
+ }
400
+
401
+ /**
402
+ * Validates the existence of the URL with cURL or file_get_contents()
403
+ *
404
+ * @param boolean $verify_ssl
405
+ * @return boolean
406
+ */
407
+ public function isValid( $verify_ssl = false ) {
408
+ if ( function_exists('curl_init') ) {
409
+ $ch = curl_init();
410
+
411
+ curl_setopt($ch, CURLOPT_URL, $this->toString());
412
+ curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER["HTTP_USER_AGENT"]);
413
+ curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, $verify_ssl);
414
+ curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
415
+ curl_setopt($ch, CURLOPT_FAILONERROR, true);
416
+ @curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
417
+ curl_setopt($ch, CURLOPT_HEADER, false);
418
+ curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
419
+
420
+ $content = curl_exec($ch);
421
+ $info = curl_getinfo($ch);
422
+ curl_close($ch);
423
+
424
+ if ( !$info['http_code'] || ( $info['http_code'] == 0 || $info['http_code'] == 404 ) ) {
425
+ return false;
426
+ } else {
427
+ return true;
428
+ }
429
+ } else if ( @ini_get('allow_url_fopen') ) {
430
+ if ( @file_get_contents($url) !== false ) {
431
+ return true;
432
+ }
433
+ }
434
+ return false;
435
+ }
436
+
437
+ /**
438
+ * Factory object from an array provided by the parse_url function
439
+ *
440
+ * Example of usage from within the plugin or modules:
441
+ * WordPressHTTPS::factory('Url')->fromArray( parse_url( site_url() ) );
442
+ *
443
+ * @param array $array
444
+ * @return $url WordPressHTTPS_Url
445
+ */
446
+ public static function fromArray( $array = array() ) {
447
+ if ( sizeof($array) <= 1 ) {
448
+ return false;
449
+ }
450
+
451
+ $url = new WordPressHTTPS_Url;
452
+ foreach( $array as $key => $value ) {
453
+ $property = '_' . $key;
454
+ $camelCase = create_function('$c', 'return strtoupper($c[1]);');
455
+ $method = 'set' . preg_replace_callback('/_([a-z])/', $camelCase, $property);
456
+ if ( method_exists($url, $method) ) {
457
+ call_user_func(array($url, $method), $value);
458
+ }
459
+ }
460
+
461
+ return $url;
462
+ }
463
+
464
+ /**
465
+ * Factory object from a string that contains a URL
466
+ *
467
+ * @param string $string
468
+ * @return $url WordPressHTTPS_Url
469
+ */
470
+ public static function fromString( $string ) {
471
+ $url = new WordPressHTTPS_Url;
472
+
473
+ @preg_match_all('/((http|https):\/\/[^\'"]+)[\'"]?/i', $string, $url_parts);
474
+ if ( isset($url_parts[1][0]) ) {
475
+ if ( $url_parts = parse_url( $url_parts[1][0] ) ) {
476
+ foreach( $url_parts as $key => $value ) {
477
+ $property = '_' . $key;
478
+ $camelCase = create_function('$c', 'return strtoupper($c[1]);');
479
+ $method = 'set' . preg_replace_callback('/_([a-z])/', $camelCase, $property);
480
+ if ( method_exists($url, $method) ) {
481
+ call_user_func(array($url, $method), $value);
482
+ }
483
+ }
484
+
485
+ return $url;
486
+ }
487
+ } else {
488
+ return false;
489
+ }
490
+
491
+ return $url;
492
+ }
493
+
494
+ /**
495
+ * Returns an array of all URL properties
496
+ *
497
+ * @param none
498
+ * @return array parse_url
499
+ */
500
+ public function toArray() {
501
+ return parse_url( $this->toString() );
502
+ }
503
+
504
+ /**
505
+ * Formats the current URL object to a string
506
+ *
507
+ * @param none
508
+ * @return string
509
+ */
510
+ public function toString() {
511
+ $string = ( $this->getScheme() ? $this->getScheme() . '://' : '' ) .
512
+ ( $this->getUser() ? $this->getUser() . ( $this->getPass() ? ':' . $this->getPass() : '' ) . '@' : '' ) .
513
+ $this->getHost() .
514
+ ( $this->getPort() ? ':' . $this->getPort() : '' ) .
515
+ $this->getPath() .
516
+ ( $this->getQuery() ? '?' . $this->getQuery() : '' ) .
517
+ ( $this->getFragment() ? '#' . $this->getFragment() : '' );
518
+
519
+ return $string;
520
+ }
521
+
522
+ /**
523
+ * Magic __toString method that is called when the object is casted to a string
524
+ *
525
+ * @param none
526
+ * @return string
527
+ */
528
+ public function __toString() {
529
+ return $this->toString();
530
+ }
531
+
532
+ }
lib/Zend/Loader.php ADDED
@@ -0,0 +1,329 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ /**
3
+ * Zend Framework
4
+ *
5
+ * LICENSE
6
+ *
7
+ * This source file is subject to the new BSD license that is bundled
8
+ * with this package in the file LICENSE.txt.
9
+ * It is also available through the world-wide-web at this URL:
10
+ * http://framework.zend.com/license/new-bsd
11
+ * If you did not receive a copy of the license and are unable to
12
+ * obtain it through the world-wide-web, please send an email
13
+ * to license@zend.com so we can send you a copy immediately.
14
+ *
15
+ * @category Zend
16
+ * @package Zend_Loader
17
+ * @copyright Copyright (c) 2005-2011 Zend Technologies USA Inc. (http://www.zend.com)
18
+ * @license http://framework.zend.com/license/new-bsd New BSD License
19
+ * @version $Id: Loader.php 23775 2011-03-01 17:25:24Z ralph $
20
+ */
21
+
22
+ /**
23
+ * Static methods for loading classes and files.
24
+ *
25
+ * @category Zend
26
+ * @package Zend_Loader
27
+ * @copyright Copyright (c) 2005-2011 Zend Technologies USA Inc. (http://www.zend.com)
28
+ * @license http://framework.zend.com/license/new-bsd New BSD License
29
+ */
30
+ class Zend_Loader
31
+ {
32
+ /**
33
+ * Loads a class from a PHP file. The filename must be formatted
34
+ * as "$class.php".
35
+ *
36
+ * If $dirs is a string or an array, it will search the directories
37
+ * in the order supplied, and attempt to load the first matching file.
38
+ *
39
+ * If $dirs is null, it will split the class name at underscores to
40
+ * generate a path hierarchy (e.g., "Zend_Example_Class" will map
41
+ * to "Zend/Example/Class.php").
42
+ *
43
+ * If the file was not found in the $dirs, or if no $dirs were specified,
44
+ * it will attempt to load it from PHP's include_path.
45
+ *
46
+ * @param string $class - The full class name of a Zend component.
47
+ * @param string|array $dirs - OPTIONAL Either a path or an array of paths
48
+ * to search.
49
+ * @return void
50
+ * @throws Zend_Exception
51
+ */
52
+ public static function loadClass($class, $dirs = null)
53
+ {
54
+ if (class_exists($class, false) || interface_exists($class, false)) {
55
+ return;
56
+ }
57
+
58
+ if ((null !== $dirs) && !is_string($dirs) && !is_array($dirs)) {
59
+ require_once 'Zend/Exception.php';
60
+ throw new Zend_Exception('Directory argument must be a string or an array');
61
+ }
62
+
63
+ // Autodiscover the path from the class name
64
+ // Implementation is PHP namespace-aware, and based on
65
+ // Framework Interop Group reference implementation:
66
+ // http://groups.google.com/group/php-standards/web/psr-0-final-proposal
67
+ $className = ltrim($class, '\\');
68
+ $file = '';
69
+ $namespace = '';
70
+ if ($lastNsPos = strripos($className, '\\')) {
71
+ $namespace = substr($className, 0, $lastNsPos);
72
+ $className = substr($className, $lastNsPos + 1);
73
+ $file = str_replace('\\', DIRECTORY_SEPARATOR, $namespace) . DIRECTORY_SEPARATOR;
74
+ }
75
+ $file .= str_replace('_', DIRECTORY_SEPARATOR, $className) . '.php';
76
+
77
+ if (!empty($dirs)) {
78
+ // use the autodiscovered path
79
+ $dirPath = dirname($file);
80
+ if (is_string($dirs)) {
81
+ $dirs = explode(PATH_SEPARATOR, $dirs);
82
+ }
83
+ foreach ($dirs as $key => $dir) {
84
+ if ($dir == '.') {
85
+ $dirs[$key] = $dirPath;
86
+ } else {
87
+ $dir = rtrim($dir, '\\/');
88
+ $dirs[$key] = $dir . DIRECTORY_SEPARATOR . $dirPath;
89
+ }
90
+ }
91
+ $file = basename($file);
92
+ self::loadFile($file, $dirs, true);
93
+ } else {
94
+ self::loadFile($file, null, true);
95
+ }
96
+
97
+ if (!class_exists($class, false) && !interface_exists($class, false)) {
98
+ require_once 'Zend/Exception.php';
99
+ throw new Zend_Exception("File \"$file\" does not exist or class \"$class\" was not found in the file");
100
+ }
101
+ }
102
+
103
+ /**
104
+ * Loads a PHP file. This is a wrapper for PHP's include() function.
105
+ *
106
+ * $filename must be the complete filename, including any
107
+ * extension such as ".php". Note that a security check is performed that
108
+ * does not permit extended characters in the filename. This method is
109
+ * intended for loading Zend Framework files.
110
+ *
111
+ * If $dirs is a string or an array, it will search the directories
112
+ * in the order supplied, and attempt to load the first matching file.
113
+ *
114
+ * If the file was not found in the $dirs, or if no $dirs were specified,
115
+ * it will attempt to load it from PHP's include_path.
116
+ *
117
+ * If $once is TRUE, it will use include_once() instead of include().
118
+ *
119
+ * @param string $filename
120
+ * @param string|array $dirs - OPTIONAL either a path or array of paths
121
+ * to search.
122
+ * @param boolean $once
123
+ * @return boolean
124
+ * @throws Zend_Exception
125
+ */
126
+ public static function loadFile($filename, $dirs = null, $once = false)
127
+ {
128
+ self::_securityCheck($filename);
129
+
130
+ /**
131
+ * Search in provided directories, as well as include_path
132
+ */
133
+ $incPath = false;
134
+ if (!empty($dirs) && (is_array($dirs) || is_string($dirs))) {
135
+ if (is_array($dirs)) {
136
+ $dirs = implode(PATH_SEPARATOR, $dirs);
137
+ }
138
+ $incPath = get_include_path();
139
+ set_include_path($dirs . PATH_SEPARATOR . $incPath);
140
+ }
141
+
142
+ /**
143
+ * Try finding for the plain filename in the include_path.
144
+ */
145
+ if ($once) {
146
+ include_once $filename;
147
+ } else {
148
+ include $filename;
149
+ }
150
+
151
+ /**
152
+ * If searching in directories, reset include_path
153
+ */
154
+ if ($incPath) {
155
+ set_include_path($incPath);
156
+ }
157
+
158
+ return true;
159
+ }
160
+
161
+ /**
162
+ * Returns TRUE if the $filename is readable, or FALSE otherwise.
163
+ * This function uses the PHP include_path, where PHP's is_readable()
164
+ * does not.
165
+ *
166
+ * Note from ZF-2900:
167
+ * If you use custom error handler, please check whether return value
168
+ * from error_reporting() is zero or not.
169
+ * At mark of fopen() can not suppress warning if the handler is used.
170
+ *
171
+ * @param string $filename
172
+ * @return boolean
173
+ */
174
+ public static function isReadable($filename)
175
+ {
176
+ if (is_readable($filename)) {
177
+ // Return early if the filename is readable without needing the
178
+ // include_path
179
+ return true;
180
+ }
181
+
182
+ if (strtoupper(substr(PHP_OS, 0, 3)) == 'WIN'
183
+ && preg_match('/^[a-z]:/i', $filename)
184
+ ) {
185
+ // If on windows, and path provided is clearly an absolute path,
186
+ // return false immediately
187
+ return false;
188
+ }
189
+
190
+ foreach (self::explodeIncludePath() as $path) {
191
+ if ($path == '.') {
192
+ if (is_readable($filename)) {
193
+ return true;
194
+ }
195
+ continue;
196
+ }
197
+ $file = $path . '/' . $filename;
198
+ if (is_readable($file)) {
199
+ return true;
200
+ }
201
+ }
202
+ return false;
203
+ }
204
+
205
+ /**
206
+ * Explode an include path into an array
207
+ *
208
+ * If no path provided, uses current include_path. Works around issues that
209
+ * occur when the path includes stream schemas.
210
+ *
211
+ * @param string|null $path
212
+ * @return array
213
+ */
214
+ public static function explodeIncludePath($path = null)
215
+ {
216
+ if (null === $path) {
217
+ $path = get_include_path();
218
+ }
219
+
220
+ if (PATH_SEPARATOR == ':') {
221
+ // On *nix systems, include_paths which include paths with a stream
222
+ // schema cannot be safely explode'd, so we have to be a bit more
223
+ // intelligent in the approach.
224
+ $paths = preg_split('#:(?!//)#', $path);
225
+ } else {
226
+ $paths = explode(PATH_SEPARATOR, $path);
227
+ }
228
+ return $paths;
229
+ }
230
+
231
+ /**
232
+ * spl_autoload() suitable implementation for supporting class autoloading.
233
+ *
234
+ * Attach to spl_autoload() using the following:
235
+ * <code>
236
+ * spl_autoload_register(array('Zend_Loader', 'autoload'));
237
+ * </code>
238
+ *
239
+ * @deprecated Since 1.8.0
240
+ * @param string $class
241
+ * @return string|false Class name on success; false on failure
242
+ */
243
+ public static function autoload($class)
244
+ {
245
+ trigger_error(__CLASS__ . '::' . __METHOD__ . ' is deprecated as of 1.8.0 and will be removed with 2.0.0; use Zend_Loader_Autoloader instead', E_USER_NOTICE);
246
+ try {
247
+ @self::loadClass($class);
248
+ return $class;
249
+ } catch (Exception $e) {
250
+ return false;
251
+ }
252
+ }
253
+
254
+ /**
255
+ * Register {@link autoload()} with spl_autoload()
256
+ *
257
+ * @deprecated Since 1.8.0
258
+ * @param string $class (optional)
259
+ * @param boolean $enabled (optional)
260
+ * @return void
261
+ * @throws Zend_Exception if spl_autoload() is not found
262
+ * or if the specified class does not have an autoload() method.
263
+ */
264
+ public static function registerAutoload($class = 'Zend_Loader', $enabled = true)
265
+ {
266
+ trigger_error(__CLASS__ . '::' . __METHOD__ . ' is deprecated as of 1.8.0 and will be removed with 2.0.0; use Zend_Loader_Autoloader instead', E_USER_NOTICE);
267
+ require_once 'Zend/Loader/Autoloader.php';
268
+ $autoloader = Zend_Loader_Autoloader::getInstance();
269
+ $autoloader->setFallbackAutoloader(true);
270
+
271
+ if ('Zend_Loader' != $class) {
272
+ self::loadClass($class);
273
+ $methods = get_class_methods($class);
274
+ if (!in_array('autoload', (array) $methods)) {
275
+ require_once 'Zend/Exception.php';
276
+ throw new Zend_Exception("The class \"$class\" does not have an autoload() method");
277
+ }
278
+
279
+ $callback = array($class, 'autoload');
280
+
281
+ if ($enabled) {
282
+ $autoloader->pushAutoloader($callback);
283
+ } else {
284
+ $autoloader->removeAutoloader($callback);
285
+ }
286
+ }
287
+ }
288
+
289
+ /**
290
+ * Ensure that filename does not contain exploits
291
+ *
292
+ * @param string $filename
293
+ * @return void
294
+ * @throws Zend_Exception
295
+ */
296
+ protected static function _securityCheck($filename)
297
+ {
298
+ /**
299
+ * Security check
300
+ */
301
+ if (preg_match('/[^a-z0-9\\/\\\\_.:-]/i', $filename)) {
302
+ require_once 'Zend/Exception.php';
303
+ throw new Zend_Exception('Security check: Illegal character in filename');
304
+ }
305
+ }
306
+
307
+ /**
308
+ * Attempt to include() the file.
309
+ *
310
+ * include() is not prefixed with the @ operator because if
311
+ * the file is loaded and contains a parse error, execution
312
+ * will halt silently and this is difficult to debug.
313
+ *
314
+ * Always set display_errors = Off on production servers!
315
+ *
316
+ * @param string $filespec
317
+ * @param boolean $once
318
+ * @return boolean
319
+ * @deprecated Since 1.5.0; use loadFile() instead
320
+ */
321
+ protected static function _includeFile($filespec, $once = false)
322
+ {
323
+ if ($once) {
324
+ return include_once $filespec;
325
+ } else {
326
+ return include $filespec ;
327
+ }
328
+ }
329
+ }
lib/Zend/Loader/Autoloader.php ADDED
@@ -0,0 +1,589 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ /**
3
+ * Zend Framework
4
+ *
5
+ * LICENSE
6
+ *
7
+ * This source file is subject to the new BSD license that is bundled
8
+ * with this package in the file LICENSE.txt.
9
+ * It is also available through the world-wide-web at this URL:
10
+ * http://framework.zend.com/license/new-bsd
11
+ * If you did not receive a copy of the license and are unable to
12
+ * obtain it through the world-wide-web, please send an email
13
+ * to license@zend.com so we can send you a copy immediately.
14
+ *
15
+ * @category Zend
16
+ * @package Zend_Loader
17
+ * @subpackage Autoloader
18
+ * @copyright Copyright (c) 2005-2011 Zend Technologies USA Inc. (http://www.zend.com)
19
+ * @version $Id: Autoloader.php 23953 2011-05-03 05:47:39Z ralph $
20
+ * @license http://framework.zend.com/license/new-bsd New BSD License
21
+ */
22
+
23
+ /** Zend_Loader */
24
+ require_once 'Zend/Loader.php';
25
+
26
+ /**
27
+ * Autoloader stack and namespace autoloader
28
+ *
29
+ * @uses Zend_Loader_Autoloader
30
+ * @package Zend_Loader
31
+ * @subpackage Autoloader
32
+ * @copyright Copyright (c) 2005-2011 Zend Technologies USA Inc. (http://www.zend.com)
33
+ * @license http://framework.zend.com/license/new-bsd New BSD License
34
+ */
35
+ class Zend_Loader_Autoloader
36
+ {
37
+ /**
38
+ * @var Zend_Loader_Autoloader Singleton instance
39
+ */
40
+ protected static $_instance;
41
+
42
+ /**
43
+ * @var array Concrete autoloader callback implementations
44
+ */
45
+ protected $_autoloaders = array();
46
+
47
+ /**
48
+ * @var array Default autoloader callback
49
+ */
50
+ protected $_defaultAutoloader = array('Zend_Loader', 'loadClass');
51
+
52
+ /**
53
+ * @var bool Whether or not to act as a fallback autoloader
54
+ */
55
+ protected $_fallbackAutoloader = false;
56
+
57
+ /**
58
+ * @var array Callback for internal autoloader implementation
59
+ */
60
+ protected $_internalAutoloader;
61
+
62
+ /**
63
+ * @var array Supported namespaces 'Zend' and 'ZendX' by default.
64
+ */
65
+ protected $_namespaces = array(
66
+ 'Zend_' => true,
67
+ 'ZendX_' => true,
68
+ );
69
+
70
+ /**
71
+ * @var array Namespace-specific autoloaders
72
+ */
73
+ protected $_namespaceAutoloaders = array();
74
+
75
+ /**
76
+ * @var bool Whether or not to suppress file not found warnings
77
+ */
78
+ protected $_suppressNotFoundWarnings = false;
79
+
80
+ /**
81
+ * @var null|string
82
+ */
83
+ protected $_zfPath;
84
+
85
+ /**
86
+ * Retrieve singleton instance
87
+ *
88
+ * @return Zend_Loader_Autoloader
89
+ */
90
+ public static function getInstance()
91
+ {
92
+ if (null === self::$_instance) {
93
+ self::$_instance = new self();
94
+ }
95
+ return self::$_instance;
96
+ }
97
+
98
+ /**
99
+ * Reset the singleton instance
100
+ *
101
+ * @return void
102
+ */
103
+ public static function resetInstance()
104
+ {
105
+ self::$_instance = null;
106
+ }
107
+
108
+ /**
109
+ * Autoload a class
110
+ *
111
+ * @param string $class
112
+ * @return bool
113
+ */
114
+ public static function autoload($class)
115
+ {
116
+ $self = self::getInstance();
117
+
118
+ foreach ($self->getClassAutoloaders($class) as $autoloader) {
119
+ if ($autoloader instanceof Zend_Loader_Autoloader_Interface) {
120
+ if ($autoloader->autoload($class)) {
121
+ return true;
122
+ }
123
+ } elseif (is_array($autoloader)) {
124
+ if (call_user_func($autoloader, $class)) {
125
+ return true;
126
+ }
127
+ } elseif (is_string($autoloader) || is_callable($autoloader)) {
128
+ if ($autoloader($class)) {
129
+ return true;
130
+ }
131
+ }
132
+ }
133
+
134
+ return false;
135
+ }
136
+
137
+ /**
138
+ * Set the default autoloader implementation
139
+ *
140
+ * @param string|array $callback PHP callback
141
+ * @return void
142
+ */
143
+ public function setDefaultAutoloader($callback)
144
+ {
145
+ if (!is_callable($callback)) {
146
+ throw new Zend_Loader_Exception('Invalid callback specified for default autoloader');
147
+ }
148
+
149
+ $this->_defaultAutoloader = $callback;
150
+ return $this;
151
+ }
152
+
153
+ /**
154
+ * Retrieve the default autoloader callback
155
+ *
156
+ * @return string|array PHP Callback
157
+ */
158
+ public function getDefaultAutoloader()
159
+ {
160
+ return $this->_defaultAutoloader;
161
+ }
162
+
163
+ /**
164
+ * Set several autoloader callbacks at once
165
+ *
166
+ * @param array $autoloaders Array of PHP callbacks (or Zend_Loader_Autoloader_Interface implementations) to act as autoloaders
167
+ * @return Zend_Loader_Autoloader
168
+ */
169
+ public function setAutoloaders(array $autoloaders)
170
+ {
171
+ $this->_autoloaders = $autoloaders;
172
+ return $this;
173
+ }
174
+
175
+ /**
176
+ * Get attached autoloader implementations
177
+ *
178
+ * @return array
179
+ */
180
+ public function getAutoloaders()
181
+ {
182
+ return $this->_autoloaders;
183
+ }
184
+
185
+ /**
186
+ * Return all autoloaders for a given namespace
187
+ *
188
+ * @param string $namespace
189
+ * @return array
190
+ */
191
+ public function getNamespaceAutoloaders($namespace)
192
+ {
193
+ $namespace = (string) $namespace;
194
+ if (!array_key_exists($namespace, $this->_namespaceAutoloaders)) {
195
+ return array();
196
+ }
197
+ return $this->_namespaceAutoloaders[$namespace];
198
+ }
199
+
200
+ /**
201
+ * Register a namespace to autoload
202
+ *
203
+ * @param string|array $namespace
204
+ * @return Zend_Loader_Autoloader
205
+ */
206
+ public function registerNamespace($namespace)
207
+ {
208
+ if (is_string($namespace)) {
209
+ $namespace = (array) $namespace;
210
+ } elseif (!is_array($namespace)) {
211
+ throw new Zend_Loader_Exception('Invalid namespace provided');
212
+ }
213
+
214
+ foreach ($namespace as $ns) {
215
+ if (!isset($this->_namespaces[$ns])) {
216
+ $this->_namespaces[$ns] = true;
217
+ }
218
+ }
219
+ return $this;
220
+ }
221
+
222
+ /**
223
+ * Unload a registered autoload namespace
224
+ *
225
+ * @param string|array $namespace
226
+ * @return Zend_Loader_Autoloader
227
+ */
228
+ public function unregisterNamespace($namespace)
229
+ {
230
+ if (is_string($namespace)) {
231
+ $namespace = (array) $namespace;
232
+ } elseif (!is_array($namespace)) {
233
+ throw new Zend_Loader_Exception('Invalid namespace provided');
234
+ }
235
+
236
+ foreach ($namespace as $ns) {
237
+ if (isset($this->_namespaces[$ns])) {
238
+ unset($this->_namespaces[$ns]);
239
+ }
240
+ }
241
+ return $this;
242
+ }
243
+
244
+ /**
245
+ * Get a list of registered autoload namespaces
246
+ *
247
+ * @return array
248
+ */
249
+ public function getRegisteredNamespaces()
250
+ {
251
+ return array_keys($this->_namespaces);
252
+ }
253
+
254
+ public function setZfPath($spec, $version = 'latest')
255
+ {
256
+ $path = $spec;
257
+ if (is_array($spec)) {
258
+ if (!isset($spec['path'])) {
259
+ throw new Zend_Loader_Exception('No path specified for ZF');
260
+ }
261
+ $path = $spec['path'];
262
+ if (isset($spec['version'])) {
263
+ $version = $spec['version'];
264
+ }
265
+ }
266
+
267
+ $this->_zfPath = $this->_getVersionPath($path, $version);
268
+ set_include_path(implode(PATH_SEPARATOR, array(
269
+ $this->_zfPath,
270
+ get_include_path(),
271
+ )));
272
+ return $this;
273
+ }
274
+
275
+ public function getZfPath()
276
+ {
277
+ return $this->_zfPath;
278
+ }
279
+
280
+ /**
281
+ * Get or set the value of the "suppress not found warnings" flag
282
+ *
283
+ * @param null|bool $flag
284
+ * @return bool|Zend_Loader_Autoloader Returns boolean if no argument is passed, object instance otherwise
285
+ */
286
+ public function suppressNotFoundWarnings($flag = null)
287
+ {
288
+ if (null === $flag) {
289
+ return $this->_suppressNotFoundWarnings;
290
+ }
291
+ $this->_suppressNotFoundWarnings = (bool) $flag;
292
+ return $this;
293
+ }
294
+
295
+ /**
296
+ * Indicate whether or not this autoloader should be a fallback autoloader
297
+ *
298
+ * @param bool $flag
299
+ * @return Zend_Loader_Autoloader
300
+ */
301
+ public function setFallbackAutoloader($flag)
302
+ {
303
+ $this->_fallbackAutoloader = (bool) $flag;
304
+ return $this;
305
+ }
306
+
307
+ /**
308
+ * Is this instance acting as a fallback autoloader?
309
+ *
310
+ * @return bool
311
+ */
312
+ public function isFallbackAutoloader()
313
+ {
314
+ return $this->_fallbackAutoloader;
315
+ }
316
+
317
+ /**
318
+ * Get autoloaders to use when matching class
319
+ *
320
+ * Determines if the class matches a registered namespace, and, if so,
321
+ * returns only the autoloaders for that namespace. Otherwise, it returns
322
+ * all non-namespaced autoloaders.
323
+ *
324
+ * @param string $class
325
+ * @return array Array of autoloaders to use
326
+ */
327
+ public function getClassAutoloaders($class)
328
+ {
329
+ $namespace = false;
330
+ $autoloaders = array();
331
+
332
+ // Add concrete namespaced autoloaders
333
+ foreach (array_keys($this->_namespaceAutoloaders) as $ns) {
334
+ if ('' == $ns) {
335
+ continue;
336
+ }
337
+ if (0 === strpos($class, $ns)) {
338
+ if ((false === $namespace) || (strlen($ns) > strlen($namespace))) {
339
+ $namespace = $ns;
340
+ $autoloaders = $this->getNamespaceAutoloaders($ns);
341
+ }
342
+ }
343
+ }
344
+
345
+ // Add internal namespaced autoloader
346
+ foreach ($this->getRegisteredNamespaces() as $ns) {
347
+ if (0 === strpos($class, $ns)) {
348
+ $namespace = $ns;
349
+ $autoloaders[] = $this->_internalAutoloader;
350
+ break;
351
+ }
352
+ }
353
+
354
+ // Add non-namespaced autoloaders
355
+ $autoloadersNonNamespace = $this->getNamespaceAutoloaders('');
356
+ if (count($autoloadersNonNamespace)) {
357
+ foreach ($autoloadersNonNamespace as $ns) {
358
+ $autoloaders[] = $ns;
359
+ }
360
+ unset($autoloadersNonNamespace);
361
+ }
362
+
363
+ // Add fallback autoloader
364
+ if (!$namespace && $this->isFallbackAutoloader()) {
365
+ $autoloaders[] = $this->_internalAutoloader;
366
+ }
367
+
368
+ return $autoloaders;
369
+ }
370
+
371
+ /**
372
+ * Add an autoloader to the beginning of the stack
373
+ *
374
+ * @param object|array|string $callback PHP callback or Zend_Loader_Autoloader_Interface implementation
375
+ * @param string|array $namespace Specific namespace(s) under which to register callback
376
+ * @return Zend_Loader_Autoloader
377
+ */
378
+ public function unshiftAutoloader($callback, $namespace = '')
379
+ {
380
+ $autoloaders = $this->getAutoloaders();
381
+ array_unshift($autoloaders, $callback);
382
+ $this->setAutoloaders($autoloaders);
383
+
384
+ $namespace = (array) $namespace;
385
+ foreach ($namespace as $ns) {
386
+ $autoloaders = $this->getNamespaceAutoloaders($ns);
387
+ array_unshift($autoloaders, $callback);
388
+ $this->_setNamespaceAutoloaders($autoloaders, $ns);
389
+ }
390
+
391
+ return $this;
392
+ }
393
+
394
+ /**
395
+ * Append an autoloader to the autoloader stack
396
+ *
397
+ * @param object|array|string $callback PHP callback or Zend_Loader_Autoloader_Interface implementation
398
+ * @param string|array $namespace Specific namespace(s) under which to register callback
399
+ * @return Zend_Loader_Autoloader
400
+ */
401
+ public function pushAutoloader($callback, $namespace = '')
402
+ {
403
+ $autoloaders = $this->getAutoloaders();
404
+ array_push($autoloaders, $callback);
405
+ $this->setAutoloaders($autoloaders);
406
+
407
+ $namespace = (array) $namespace;
408
+ foreach ($namespace as $ns) {
409
+ $autoloaders = $this->getNamespaceAutoloaders($ns);
410
+ array_push($autoloaders, $callback);
411
+ $this->_setNamespaceAutoloaders($autoloaders, $ns);
412
+ }
413
+
414
+ return $this;
415
+ }
416
+
417
+ /**
418
+ * Remove an autoloader from the autoloader stack
419
+ *
420
+ * @param object|array|string $callback PHP callback or Zend_Loader_Autoloader_Interface implementation
421
+ * @param null|string|array $namespace Specific namespace(s) from which to remove autoloader
422
+ * @return Zend_Loader_Autoloader
423
+ */
424
+ public function removeAutoloader($callback, $namespace = null)
425
+ {
426
+ if (null === $namespace) {
427
+ $autoloaders = $this->getAutoloaders();
428
+ if (false !== ($index = array_search($callback, $autoloaders, true))) {
429
+ unset($autoloaders[$index]);
430
+ $this->setAutoloaders($autoloaders);
431
+ }
432
+
433
+ foreach ($this->_namespaceAutoloaders as $ns => $autoloaders) {
434
+ if (false !== ($index = array_search($callback, $autoloaders, true))) {
435
+ unset($autoloaders[$index]);
436
+ $this->_setNamespaceAutoloaders($autoloaders, $ns);
437
+ }
438
+ }
439
+ } else {
440
+ $namespace = (array) $namespace;
441
+ foreach ($namespace as $ns) {
442
+ $autoloaders = $this->getNamespaceAutoloaders($ns);
443
+ if (false !== ($index = array_search($callback, $autoloaders, true))) {
444
+ unset($autoloaders[$index]);
445
+ $this->_setNamespaceAutoloaders($autoloaders, $ns);
446
+ }
447
+ }
448
+ }
449
+
450
+ return $this;
451
+ }
452
+
453
+ /**
454
+ * Constructor
455
+ *
456
+ * Registers instance with spl_autoload stack
457
+ *
458
+ * @return void
459
+ */
460
+ protected function __construct()
461
+ {
462
+ spl_autoload_register(array(__CLASS__, 'autoload'));
463
+ $this->_internalAutoloader = array($this, '_autoload');
464
+ }
465
+
466
+ /**
467
+ * Internal autoloader implementation
468
+ *
469
+ * @param string $class
470
+ * @return bool
471
+ */
472
+ protected function _autoload($class)
473
+ {
474
+ $callback = $this->getDefaultAutoloader();
475
+ try {
476
+ if ($this->suppressNotFoundWarnings()) {
477
+ @call_user_func($callback, $class);
478
+ } else {
479
+ call_user_func($callback, $class);
480
+ }
481
+ return $class;
482
+ } catch (Zend_Exception $e) {
483
+ return false;
484
+ }
485
+ }
486
+
487
+ /**
488
+ * Set autoloaders for a specific namespace
489
+ *
490
+ * @param array $autoloaders
491
+ * @param string $namespace
492
+ * @return Zend_Loader_Autoloader
493
+ */
494
+ protected function _setNamespaceAutoloaders(array $autoloaders, $namespace = '')
495
+ {
496
+ $namespace = (string) $namespace;
497
+ $this->_namespaceAutoloaders[$namespace] = $autoloaders;
498
+ return $this;
499
+ }
500
+
501
+ /**
502
+ * Retrieve the filesystem path for the requested ZF version
503
+ *
504
+ * @param string $path
505
+ * @param string $version
506
+ * @return void
507
+ */
508
+ protected function _getVersionPath($path, $version)
509
+ {
510
+ $type = $this->_getVersionType($version);
511
+
512
+ if ($type == 'latest') {
513
+ $version = 'latest';
514
+ }
515
+
516
+ $availableVersions = $this->_getAvailableVersions($path, $version);
517
+ if (empty($availableVersions)) {
518
+ throw new Zend_Loader_Exception('No valid ZF installations discovered');
519
+ }
520
+
521
+ $matchedVersion = array_pop($availableVersions);
522
+ return $matchedVersion;
523
+ }
524
+
525
+ /**
526
+ * Retrieve the ZF version type
527
+ *
528
+ * @param string $version
529
+ * @return string "latest", "major", "minor", or "specific"
530
+ * @throws Zend_Loader_Exception if version string contains too many dots
531
+ */
532
+ protected function _getVersionType($version)
533
+ {
534
+ if (strtolower($version) == 'latest') {
535
+ return 'latest';
536
+ }
537
+
538
+ $parts = explode('.', $version);
539
+ $count = count($parts);
540
+ if (1 == $count) {
541
+ return 'major';
542
+ }
543
+ if (2 == $count) {
544
+ return 'minor';
545
+ }
546
+ if (3 < $count) {
547
+ throw new Zend_Loader_Exception('Invalid version string provided');
548
+ }
549
+ return 'specific';
550
+ }
551
+
552
+ /**
553
+ * Get available versions for the version type requested
554
+ *
555
+ * @param string $path
556
+ * @param string $version
557
+ * @return array
558
+ */
559
+ protected function _getAvailableVersions($path, $version)
560
+ {
561
+ if (!is_dir($path)) {
562
+ throw new Zend_Loader_Exception('Invalid ZF path provided');
563
+ }
564
+
565
+ $path = rtrim($path, '/');
566
+ $path = rtrim($path, '\\');
567
+ $versionLen = strlen($version);
568
+ $versions = array();
569
+ $dirs = glob("$path/*", GLOB_ONLYDIR);
570
+ foreach ((array) $dirs as $dir) {
571
+ $dirName = substr($dir, strlen($path) + 1);
572
+ if (!preg_match('/^(?:ZendFramework-)?(\d+\.\d+\.\d+((a|b|pl|pr|p|rc)\d+)?)(?:-minimal)?$/i', $dirName, $matches)) {
573
+ continue;
574
+ }
575
+
576
+ $matchedVersion = $matches[1];
577
+
578
+ if (('latest' == $version)
579
+ || ((strlen($matchedVersion) >= $versionLen)
580
+ && (0 === strpos($matchedVersion, $version)))
581
+ ) {
582
+ $versions[$matchedVersion] = $dir . '/library';
583
+ }
584
+ }
585
+
586
+ uksort($versions, 'version_compare');
587
+ return $versions;
588
+ }
589
+ }
lib/Zend/Loader/Autoloader/Interface.php ADDED
@@ -0,0 +1,43 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ /**
3
+ * Zend Framework
4
+ *
5
+ * LICENSE
6
+ *
7
+ * This source file is subject to the new BSD license that is bundled
8
+ * with this package in the file LICENSE.txt.
9
+ * It is also available through the world-wide-web at this URL:
10
+ * http://framework.zend.com/license/new-bsd
11
+ * If you did not receive a copy of the license and are unable to
12
+ * obtain it through the world-wide-web, please send an email
13
+ * to license@zend.com so we can send you a copy immediately.
14
+ *
15
+ * @category Zend
16
+ * @package Zend_Loader
17
+ * @subpackage Autoloader
18
+ * @copyright Copyright (c) 2005-2011 Zend Technologies USA Inc. (http://www.zend.com)
19
+ * @version $Id: Interface.php 23775 2011-03-01 17:25:24Z ralph $
20
+ * @license http://framework.zend.com/license/new-bsd New BSD License
21
+ */
22
+
23
+ /**
24
+ * Autoloader interface
25
+ *
26
+ * @package Zend_Loader
27
+ * @subpackage Autoloader
28
+ * @copyright Copyright (c) 2005-2011 Zend Technologies USA Inc. (http://www.zend.com)
29
+ * @license http://framework.zend.com/license/new-bsd New BSD License
30
+ */
31
+ interface Zend_Loader_Autoloader_Interface
32
+ {
33
+ /**
34
+ * Autoload a class
35
+ *
36
+ * @abstract
37
+ * @param string $class
38
+ * @return mixed
39
+ * False [if unable to load $class]
40
+ * get_class($class) [if $class is successfully loaded]
41
+ */
42
+ public function autoload($class);
43
+ }
lib/Zend/Loader/Autoloader/Resource.php ADDED
@@ -0,0 +1,472 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ /**
3
+ * Zend Framework
4
+ *
5
+ * LICENSE
6
+ *
7
+ * This source file is subject to the new BSD license that is bundled
8
+ * with this package in the file LICENSE.txt.
9
+ * It is also available through the world-wide-web at this URL:
10
+ * http://framework.zend.com/license/new-bsd
11
+ * If you did not receive a copy of the license and are unable to
12
+ * obtain it through the world-wide-web, please send an email
13
+ * to license@zend.com so we can send you a copy immediately.
14
+ *
15
+ * @category Zend
16
+ * @package Zend_Loader
17
+ * @subpackage Autoloader
18
+ * @copyright Copyright (c) 2005-2011 Zend Technologies USA Inc. (http://www.zend.com)
19
+ * @version $Id: Resource.php 23860 2011-04-14 17:03:28Z matthew $
20
+ * @license http://framework.zend.com/license/new-bsd New BSD License
21
+ */
22
+
23
+ /** Zend_Loader_Autoloader_Interface */
24
+ require_once 'Zend/Loader/Autoloader/Interface.php';
25
+
26
+ /**
27
+ * Resource loader
28
+ *
29
+ * @uses Zend_Loader_Autoloader_Interface
30
+ * @package Zend_Loader
31
+ * @subpackage Autoloader
32
+ * @copyright Copyright (c) 2005-2011 Zend Technologies USA Inc. (http://www.zend.com)
33
+ * @license http://framework.zend.com/license/new-bsd New BSD License
34
+ */
35
+ class Zend_Loader_Autoloader_Resource implements Zend_Loader_Autoloader_Interface
36
+ {
37
+ /**
38
+ * @var string Base path to resource classes
39
+ */
40
+ protected $_basePath;
41
+
42
+ /**
43
+ * @var array Components handled within this resource
44
+ */
45
+ protected $_components = array();
46
+
47
+ /**
48
+ * @var string Default resource/component to use when using object registry
49
+ */
50
+ protected $_defaultResourceType;
51
+
52
+ /**
53
+ * @var string Namespace of classes within this resource
54
+ */
55
+ protected $_namespace;
56
+
57
+ /**
58
+ * @var array Available resource types handled by this resource autoloader
59
+ */
60
+ protected $_resourceTypes = array();
61
+
62
+ /**
63
+ * Constructor
64
+ *
65
+ * @param array|Zend_Config $options Configuration options for resource autoloader
66
+ * @return void
67
+ */
68
+ public function __construct($options)
69
+ {
70
+ if ($options instanceof Zend_Config) {
71
+ $options = $options->toArray();
72
+ }
73
+ if (!is_array($options)) {
74
+ require_once 'Zend/Loader/Exception.php';
75
+ throw new Zend_Loader_Exception('Options must be passed to resource loader constructor');
76
+ }
77
+
78
+ $this->setOptions($options);
79
+
80
+ $namespace = $this->getNamespace();
81
+ if ((null === $namespace)
82
+ || (null === $this->getBasePath())
83
+ ) {
84
+ require_once 'Zend/Loader/Exception.php';
85
+ throw new Zend_Loader_Exception('Resource loader requires both a namespace and a base path for initialization');
86
+ }
87
+
88
+ if (!empty($namespace)) {
89
+ $namespace .= '_';
90
+ }
91
+ require_once 'Zend/Loader/Autoloader.php';
92
+ Zend_Loader_Autoloader::getInstance()->unshiftAutoloader($this, $namespace);
93
+ }
94
+
95
+ /**
96
+ * Overloading: methods
97
+ *
98
+ * Allow retrieving concrete resource object instances using 'get<Resourcename>()'
99
+ * syntax. Example:
100
+ * <code>
101
+ * $loader = new Zend_Loader_Autoloader_Resource(array(
102
+ * 'namespace' => 'Stuff_',
103
+ * 'basePath' => '/path/to/some/stuff',
104
+ * ))
105
+ * $loader->addResourceType('Model', 'models', 'Model');
106
+ *
107
+ * $foo = $loader->getModel('Foo'); // get instance of Stuff_Model_Foo class
108
+ * </code>
109
+ *
110
+ * @param string $method
111
+ * @param array $args
112
+ * @return mixed
113
+ * @throws Zend_Loader_Exception if method not beginning with 'get' or not matching a valid resource type is called
114
+ */
115
+ public function __call($method, $args)
116
+ {
117
+ if ('get' == substr($method, 0, 3)) {
118
+ $type = strtolower(substr($method, 3));
119
+ if (!$this->hasResourceType($type)) {
120
+ require_once 'Zend/Loader/Exception.php';
121
+ throw new Zend_Loader_Exception("Invalid resource type $type; cannot load resource");
122
+ }
123
+ if (empty($args)) {
124
+ require_once 'Zend/Loader/Exception.php';
125
+ throw new Zend_Loader_Exception("Cannot load resources; no resource specified");
126
+ }
127
+ $resource = array_shift($args);
128
+ return $this->load($resource, $type);
129
+ }
130
+
131
+ require_once 'Zend/Loader/Exception.php';
132
+ throw new Zend_Loader_Exception("Method '$method' is not supported");
133
+ }
134
+
135
+ /**
136
+ * Helper method to calculate the correct class path
137
+ *
138
+ * @param string $class
139
+ * @return False if not matched other wise the correct path
140
+ */
141
+ public function getClassPath($class)
142
+ {
143
+ $segments = explode('_', $class);
144
+ $namespaceTopLevel = $this->getNamespace();
145
+ $namespace = '';
146
+
147
+ if (!empty($namespaceTopLevel)) {
148
+ $namespace = array();
149
+ $topLevelSegments = count(explode('_', $namespaceTopLevel));
150
+ for ($i = 0; $i < $topLevelSegments; $i++) {
151
+ $namespace[] = array_shift($segments);
152
+ }
153
+ $namespace = implode('_', $namespace);
154
+ if ($namespace != $namespaceTopLevel) {
155
+ // wrong prefix? we're done
156
+ return false;
157
+ }
158
+ }
159
+
160
+ if (count($segments) < 2) {
161
+ // assumes all resources have a component and class name, minimum
162
+ return false;
163
+ }
164
+
165
+ $final = array_pop($segments);
166
+ $component = $namespace;
167
+ $lastMatch = false;
168
+ do {
169
+ $segment = array_shift($segments);
170
+ $component .= empty($component) ? $segment : '_' . $segment;
171
+ if (isset($this->_components[$component])) {
172
+ $lastMatch = $component;
173
+ }
174
+ } while (count($segments));
175
+
176
+ if (!$lastMatch) {
177
+ return false;
178
+ }
179
+
180
+ $final = substr($class, strlen($lastMatch) + 1);
181
+ $path = $this->_components[$lastMatch];
182
+ $classPath = $path . '/' . str_replace('_', '/', $final) . '.php';
183
+
184
+ if (Zend_Loader::isReadable($classPath)) {
185
+ return $classPath;
186
+ }
187
+
188
+ return false;
189
+ }
190
+
191
+ /**
192
+ * Attempt to autoload a class
193
+ *
194
+ * @param string $class
195
+ * @return mixed False if not matched, otherwise result if include operation
196
+ */
197
+ public function autoload($class)
198
+ {
199
+ $classPath = $this->getClassPath($class);
200
+ if (false !== $classPath) {
201
+ return include $classPath;
202
+ }
203
+ return false;
204
+ }
205
+
206
+ /**
207
+ * Set class state from options
208
+ *
209
+ * @param array $options
210
+ * @return Zend_Loader_Autoloader_Resource
211
+ */
212
+ public function setOptions(array $options)
213
+ {
214
+ // Set namespace first, see ZF-10836
215
+ if (isset($options['namespace'])) {
216
+ $this->setNamespace($options['namespace']);
217
+ unset($options['namespace']);
218
+ }
219
+
220
+ $methods = get_class_methods($this);
221
+ foreach ($options as $key => $value) {
222
+ $method = 'set' . ucfirst($key);
223
+ if (in_array($method, $methods)) {
224
+ $this->$method($value);
225
+ }
226
+ }
227
+ return $this;
228
+ }
229
+
230
+ /**
231
+ * Set namespace that this autoloader handles
232
+ *
233
+ * @param string $namespace
234
+ * @return Zend_Loader_Autoloader_Resource
235
+ */
236
+ public function setNamespace($namespace)
237
+ {
238
+ $this->_namespace = rtrim((string) $namespace, '_');
239
+ return $this;
240
+ }
241
+
242
+ /**
243
+ * Get namespace this autoloader handles
244
+ *
245
+ * @return string
246
+ */
247
+ public function getNamespace()
248
+ {
249
+ return $this->_namespace;
250
+ }
251
+
252
+ /**
253
+ * Set base path for this set of resources
254
+ *
255
+ * @param string $path
256
+ * @return Zend_Loader_Autoloader_Resource
257
+ */
258
+ public function setBasePath($path)
259
+ {
260
+ $this->_basePath = (string) $path;
261
+ return $this;
262
+ }
263
+
264
+ /**
265
+ * Get base path to this set of resources
266
+ *
267
+ * @return string
268
+ */
269
+ public function getBasePath()
270
+ {
271
+ return $this->_basePath;
272
+ }
273
+
274
+ /**
275
+ * Add resource type
276
+ *
277
+ * @param string $type identifier for the resource type being loaded
278
+ * @param string $path path relative to resource base path containing the resource types
279
+ * @param null|string $namespace sub-component namespace to append to base namespace that qualifies this resource type
280
+ * @return Zend_Loader_Autoloader_Resource
281
+ */
282
+ public function addResourceType($type, $path, $namespace = null)
283
+ {
284
+ $type = strtolower($type);
285
+ if (!isset($this->_resourceTypes[$type])) {
286
+ if (null === $namespace) {
287
+ require_once 'Zend/Loader/Exception.php';
288
+ throw new Zend_Loader_Exception('Initial definition of a resource type must include a namespace');
289
+ }
290
+ $namespaceTopLevel = $this->getNamespace();
291
+ $namespace = ucfirst(trim($namespace, '_'));
292
+ $this->_resourceTypes[$type] = array(
293
+ 'namespace' => empty($namespaceTopLevel) ? $namespace : $namespaceTopLevel . '_' . $namespace,
294
+ );
295
+ }
296
+ if (!is_string($path)) {
297
+ require_once 'Zend/Loader/Exception.php';
298
+ throw new Zend_Loader_Exception('Invalid path specification provided; must be string');
299
+ }
300
+ $this->_resourceTypes[$type]['path'] = $this->getBasePath() . '/' . rtrim($path, '\/');
301
+
302
+ $component = $this->_resourceTypes[$type]['namespace'];
303
+ $this->_components[$component] = $this->_resourceTypes[$type]['path'];
304
+ return $this;
305
+ }
306
+
307
+ /**
308
+ * Add multiple resources at once
309
+ *
310
+ * $types should be an associative array of resource type => specification
311
+ * pairs. Each specification should be an associative array containing
312
+ * minimally the 'path' key (specifying the path relative to the resource
313
+ * base path) and optionally the 'namespace' key (indicating the subcomponent
314
+ * namespace to append to the resource namespace).
315
+ *
316
+ * As an example:
317
+ * <code>
318
+ * $loader->addResourceTypes(array(
319
+ * 'model' => array(
320
+ * 'path' => 'models',
321
+ * 'namespace' => 'Model',
322
+ * ),
323
+ * 'form' => array(
324
+ * 'path' => 'forms',
325
+ * 'namespace' => 'Form',
326
+ * ),
327
+ * ));
328
+ * </code>
329
+ *
330
+ * @param array $types
331
+ * @return Zend_Loader_Autoloader_Resource
332
+ */
333
+ public function addResourceTypes(array $types)
334
+ {
335
+ foreach ($types as $type => $spec) {
336
+ if (!is_array($spec)) {
337
+ require_once 'Zend/Loader/Exception.php';
338
+ throw new Zend_Loader_Exception('addResourceTypes() expects an array of arrays');
339
+ }
340
+ if (!isset($spec['path'])) {
341
+ require_once 'Zend/Loader/Exception.php';
342
+ throw new Zend_Loader_Exception('addResourceTypes() expects each array to include a paths element');
343
+ }
344
+ $paths = $spec['path'];
345
+ $namespace = null;
346
+ if (isset($spec['namespace'])) {
347
+ $namespace = $spec['namespace'];
348
+ }
349
+ $this->addResourceType($type, $paths, $namespace);
350
+ }
351
+ return $this;
352
+ }
353
+
354
+ /**
355
+ * Overwrite existing and set multiple resource types at once
356
+ *
357
+ * @see Zend_Loader_Autoloader_Resource::addResourceTypes()
358
+ * @param array $types
359
+ * @return Zend_Loader_Autoloader_Resource
360
+ */
361
+ public function setResourceTypes(array $types)
362
+ {
363
+ $this->clearResourceTypes();
364
+ return $this->addResourceTypes($types);
365
+ }
366
+
367
+ /**
368
+ * Retrieve resource type mappings
369
+ *
370
+ * @return array
371
+ */
372
+ public function getResourceTypes()
373
+ {
374
+ return $this->_resourceTypes;
375
+ }
376
+
377
+ /**
378
+ * Is the requested resource type defined?
379
+ *
380
+ * @param string $type
381
+ * @return bool
382
+ */
383
+ public function hasResourceType($type)
384
+ {
385
+ return isset($this->_resourceTypes[$type]);
386
+ }
387
+
388
+ /**
389
+ * Remove the requested resource type
390
+ *
391
+ * @param string $type
392
+ * @return Zend_Loader_Autoloader_Resource
393
+ */
394
+ public function removeResourceType($type)
395
+ {
396
+ if ($this->hasResourceType($type)) {
397
+ $namespace = $this->_resourceTypes[$type]['namespace'];
398
+ unset($this->_components[$namespace]);
399
+ unset($this->_resourceTypes[$type]);
400
+ }
401
+ return $this;
402
+ }
403
+
404
+ /**
405
+ * Clear all resource types
406
+ *
407
+ * @return Zend_Loader_Autoloader_Resource
408
+ */
409
+ public function clearResourceTypes()
410
+ {
411
+ $this->_resourceTypes = array();
412
+ $this->_components = array();
413
+ return $this;
414
+ }
415
+
416
+ /**
417
+ * Set default resource type to use when calling load()
418
+ *
419
+ * @param string $type
420
+ * @return Zend_Loader_Autoloader_Resource
421
+ */
422
+ public function setDefaultResourceType($type)
423
+ {
424
+ if ($this->hasResourceType($type)) {
425
+ $this->_defaultResourceType = $type;
426
+ }
427
+ return $this;
428
+ }
429
+
430
+ /**
431
+ * Get default resource type to use when calling load()
432
+ *
433
+ * @return string|null
434
+ */
435
+ public function getDefaultResourceType()
436
+ {
437
+ return $this->_defaultResourceType;
438
+ }
439
+
440
+ /**
441
+ * Object registry and factory
442
+ *
443
+ * Loads the requested resource of type $type (or uses the default resource
444
+ * type if none provided). If the resource has been loaded previously,
445
+ * returns the previous instance; otherwise, instantiates it.
446
+ *
447
+ * @param string $resource
448
+ * @param string $type
449
+ * @return object
450
+ * @throws Zend_Loader_Exception if resource type not specified or invalid
451
+ */
452
+ public function load($resource, $type = null)
453
+ {
454
+ if (null === $type) {
455
+ $type = $this->getDefaultResourceType();
456
+ if (empty($type)) {
457
+ require_once 'Zend/Loader/Exception.php';
458
+ throw new Zend_Loader_Exception('No resource type specified');
459
+ }
460
+ }
461
+ if (!$this->hasResourceType($type)) {
462
+ require_once 'Zend/Loader/Exception.php';
463
+ throw new Zend_Loader_Exception('Invalid resource type specified');
464
+ }
465
+ $namespace = $this->_resourceTypes[$type]['namespace'];
466
+ $class = $namespace . '_' . ucfirst($resource);
467
+ if (!isset($this->_resources[$class])) {
468
+ $this->_resources[$class] = new $class;
469
+ }
470
+ return $this->_resources[$class];
471
+ }
472
+ }
readme.txt CHANGED
@@ -2,9 +2,9 @@
2
  Contributors: Mvied
3
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=N9NFVADLVUR7A
4
  Tags: security, encryption, ssl, shared ssl, private ssl, public ssl, private ssl, http, https
5
- Requires at least: 2.7.0
6
- Tested up to: 3.3
7
- Stable tag: 2.0.3
8
 
9
  WordPress HTTPS is intended to be an all-in-one solution to using SSL on WordPress sites.
10
 
@@ -71,9 +71,13 @@ add_filter('force_ssl' , 'custom_force_ssl', 10, 2);`
71
  2. Force SSL checkbox added to add/edit posts screen
72
 
73
  == Changelog ==
 
 
 
 
74
  = 2.0.4 =
75
  * Bug Fix - Users using Shared SSL should no longer have broken URL's and redirects.
76
- * Bug Fix - Pages should correctly be identified as HTTPS if PHP returns an IP address for HTTP_HOST in $_SERVER.
77
  * Bug Fix - Users using the default permalink structure should now have URL's being properly changed to/from HTTPS.
78
  = 2.0.3 =
79
  * Force SSL Admin will always be enabled when FORCE_SSL_ADMIN is true in wp-config.php.
2
  Contributors: Mvied
3
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=N9NFVADLVUR7A
4
  Tags: security, encryption, ssl, shared ssl, private ssl, public ssl, private ssl, http, https
5
+ Requires at least: 3.0
6
+ Tested up to: 3.4
7
+ Stable tag: 3.0
8
 
9
  WordPress HTTPS is intended to be an all-in-one solution to using SSL on WordPress sites.
10
 
71
  2. Force SSL checkbox added to add/edit posts screen
72
 
73
  == Changelog ==
74
+ = 3.0 =
75
+ * The plugin has been completely re-written.
76
+ * Redirect loops should no longer be an issue.
77
+ * Bugs are likely to occur.
78
  = 2.0.4 =
79
  * Bug Fix - Users using Shared SSL should no longer have broken URL's and redirects.
80
+ * Bug Fix - Pages should correctly be identified as HTTPS if PHP returns an IP address for SERVER_ADDR in $_SERVER.
81
  * Bug Fix - Users using the default permalink structure should now have URL's being properly changed to/from HTTPS.
82
  = 2.0.3 =
83
  * Force SSL Admin will always be enabled when FORCE_SSL_ADMIN is true in wp-config.php.
screenshot-1.png CHANGED
Binary file
screenshot-2.png CHANGED
Binary file
uninstall.php CHANGED
@@ -8,6 +8,7 @@ if ( !defined('WP_UNINSTALL_PLUGIN') ) {
8
 
9
  // Delete WordPress HTTPS options
10
  delete_option('wordpress-https_external_urls');
 
11
  delete_option('wordpress-https_unsecure_external_urls');
12
  delete_option('wordpress-https_ssl_host');
13
  delete_option('wordpress-https_ssl_port');
@@ -15,6 +16,8 @@ delete_option('wordpress-https_exclusive_https');
15
  delete_option('wordpress-https_frontpage');
16
  delete_option('wordpress-https_ssl_admin');
17
  delete_option('wordpress-https_ssl_host_subdomain');
 
 
18
 
19
  // Delete force_ssl custom_field from posts and pages
20
  delete_metadata('post', null, 'force_ssl', null, true);
8
 
9
  // Delete WordPress HTTPS options
10
  delete_option('wordpress-https_external_urls');
11
+ delete_option('wordpress-https_secure_external_urls');
12
  delete_option('wordpress-https_unsecure_external_urls');
13
  delete_option('wordpress-https_ssl_host');
14
  delete_option('wordpress-https_ssl_port');
16
  delete_option('wordpress-https_frontpage');
17
  delete_option('wordpress-https_ssl_admin');
18
  delete_option('wordpress-https_ssl_host_subdomain');
19
+ delete_option('wordpress-https_version');
20
+ delete_option('wordpress-https_debug');
21
 
22
  // Delete force_ssl custom_field from posts and pages
23
  delete_metadata('post', null, 'force_ssl', null, true);
wordpress-https.php CHANGED
@@ -1,1406 +1,48 @@
1
  <?php
2
- /*
3
  Plugin Name: WordPress HTTPS
4
  Plugin URI: http://mvied.com/projects/wordpress-https/
5
  Description: WordPress HTTPS is intended to be an all-in-one solution to using SSL on WordPress sites.
6
  Author: Mike Ems
7
- Version: 2.0.4
8
  Author URI: http://mvied.com/
9
  */
10
 
11
- /**
12
- * Class for the WordPress plugin WordPress HTTPS
13
- *
14
- * @author Mike Ems
15
- * @package WordPressHTTPS
16
- * @copyright Copyright 2011
17
- *
18
- */
19
- if ( !class_exists('WordPressHTTPS') ) {
20
- class WordPressHTTPS {
21
-
22
- /**
23
- * Plugin Version
24
- *
25
- * @var int
26
- */
27
- public $version = '2.0.4';
28
-
29
- /**
30
- * Debug Mode
31
- *
32
- * Enabled debug output to the browser's console.
33
- *
34
- * @var boolean
35
- */
36
- public $debug = false;
37
-
38
- /**
39
- * Log Entries
40
- *
41
- * @var array
42
- */
43
- public $log = array();
44
-
45
- /**
46
- * Plugin URL
47
- *
48
- * @var string
49
- */
50
- public $plugin_url;
51
-
52
- /**
53
- * HTTP URL
54
- *
55
- * @var string
56
- */
57
- public $http_url;
58
-
59
- /**
60
- * HTTPS URL
61
- *
62
- * @var string
63
- */
64
- public $https_url;
65
-
66
- /**
67
- * SSL Port
68
- *
69
- * @var int
70
- */
71
- public $ssl_port;
72
-
73
- /**
74
- * Different SSL Host
75
- *
76
- * Set to true if the secure host is set to a a host that is not the default WordPress host.
77
- *
78
- * @var boolean
79
- */
80
- public $diff_host = false;
81
-
82
- /**
83
- * Force SSL Admin
84
- *
85
- * Set to true if the admin panel is being forced to use the secure host.
86
- *
87
- * @var boolean
88
- */
89
- public $ssl_admin = false;
90
-
91
- /**
92
- * Default Options
93
- *
94
- * @var array
95
- */
96
- protected $options_default = array(
97
- 'wordpress-https_external_urls' => array(), // External URL's that are okay to rewrite to HTTPS
98
- 'wordpress-https_unsecure_external_urls' => array(), // External URL's that are okay to rewrite to HTTPS
99
- 'wordpress-https_ssl_host' => '', // Hostname for SSL Host
100
- 'wordpress-https_ssl_port' => '', // Port number for SSL Host
101
- 'wordpress-https_ssl_host_subdomain' => 0, // Is SSL Host a subdomain
102
- 'wordpress-https_exclusive_https' => 0, // Exclusively force SSL on posts and pages with the `Force SSL` option checked.
103
- 'wordpress-https_frontpage' => 0, // Force SSL on front page
104
- 'wordpress-https_ssl_admin' => 0, // Force SSL Over Administration Panel (The same as FORCE_SSL_ADMIN)
105
- );
106
-
107
- /**
108
- * Initialize (PHP4)
109
- *
110
- * @param none
111
- * @return void
112
- */
113
- public function WordPressHTTPS() {
114
- $argcv = func_get_args();
115
- call_user_func_array(array(&$this, '__construct'), $argcv);
116
- }
117
-
118
- /**
119
- * Initialize (PHP5+)
120
- *
121
- * @param none
122
- * @return void
123
- */
124
- public function __construct() {
125
- // Assign plugin_url
126
- if ( version_compare( get_bloginfo('version'), '2.8', '>=' ) ) {
127
- $this->plugin_url = plugins_url('', __FILE__);
128
- } else {
129
- $this->plugin_url = WP_PLUGIN_URL . '/' . plugin_basename(dirname(__FILE__));
130
- }
131
-
132
- // If WPHTTPS_RESET global is defined, run reset method
133
- if ( defined('WPHTTPS_RESET') && constant('WPHTTPS_RESET') == true ) {
134
- $this->reset();
135
- }
136
-
137
- // HTTP URL
138
- $this->http_url = 'http://' . parse_url(get_option('home'), PHP_URL_HOST);
139
- // HTTPS URL
140
- $this->https_url = $this->replace_http($this->http_url);
141
- // SSL Port
142
- $this->ssl_port = ((get_option('wordpress-https_ssl_port') > 0) ? get_option('wordpress-https_ssl_port') : null);
143
- // Force SSL Admin
144
- $this->ssl_admin = ((force_ssl_admin() || get_option('wordpress-https_ssl_admin') > 0) ? true : false);
145
-
146
- // If using a different host for SSL
147
- if ( get_option('wordpress-https_ssl_host') && get_option('wordpress-https_ssl_host') != $this->https_url ) {
148
- // Assign HTTPS URL to SSL Host
149
- $this->diff_host = true;
150
- $this->https_url = get_option('wordpress-https_ssl_host');
151
-
152
- // Prevent WordPress' canonical redirect when using a different SSL Host
153
- if ( $this->is_ssl() ) {
154
- remove_filter('template_redirect', 'redirect_canonical');
155
- }
156
-
157
- // Add SSL Host to allowed redirect hosts
158
- add_filter('allowed_redirect_hosts' , array(&$this, 'allowed_redirect_hosts'), 10, 1);
159
-
160
- // Remove SSL Host authentication cookies on logout
161
- add_action('clear_auth_cookie', array(&$this, 'clear_cookies'));
162
-
163
- // Set authentication cookie
164
- if ( $this->is_ssl() ) {
165
- add_action('set_auth_cookie', array(&$this, 'set_cookie'), 10, 5);
166
- add_action('set_logged_in_cookie', array(&$this, 'set_cookie'), 10, 5);
167
- }
168
-
169
- // Fix admin_url on login page
170
- if ( $GLOBALS['pagenow'] == 'wp-login.php' && $this->is_ssl() ) {
171
- add_filter('admin_url', array(&$this, 'replace_http_url'));
172
- }
173
-
174
- // Filter site_url in admin panel
175
- if ( is_admin() && $this->is_ssl() ) {
176
- add_filter('site_url', array(&$this, 'replace_http_url'));
177
- add_action('wp_redirect', array(&$this, 'wp_redirect_admin'), 1, 1);
178
- }
179
- }
180
-
181
- // Add SSL Port to HTTPS URL
182
- if ( $this->ssl_port ) {
183
- $this->https_url = $this->add_port($this->https_url);
184
- }
185
-
186
- $this->log('HTTP URL: ' . $this->http_url);
187
- $this->log('HTTPS URL: ' . $this->https_url);
188
-
189
- // Redirect admin/login pages. This is not pluggable due to the redirect methods used in wp-login.php
190
- if ( ( is_admin() || $GLOBALS['pagenow'] == 'wp-login.php' ) && $this->ssl_admin ) {
191
- add_action('wp_redirect', array(&$this, 'wp_redirect_admin'), 1, 1);
192
- if ( !$this->is_ssl() ) {
193
- $this->redirect('https');
194
- }
195
- }
196
-
197
- // Start output buffering
198
- add_action('init', array(&$this, 'buffer_start'));
199
-
200
- // Check if the page needs to be redirected
201
- add_action('template_redirect', array(&$this, 'redirect_check'));
202
-
203
- // Admin panel
204
- if ( is_admin() ) {
205
- // Add admin menus
206
- add_action('admin_menu', array(&$this, 'menu'));
207
-
208
- // Load on plugins page
209
- if ( $GLOBALS['pagenow'] == 'plugins.php' ) {
210
- add_filter( 'plugin_row_meta', array(&$this, 'plugin_links'), 10, 2);
211
- }
212
-
213
- // Load on Settings page
214
- if ( @$_GET['page'] == 'wordpress-https' ) {
215
- wp_enqueue_script('jquery-form', $this->plugin_url . '/js/jquery.form.js', array('jquery'), '2.47', true);
216
- wp_enqueue_script('jquery-tooltip', $this->plugin_url . '/js/jquery.tooltip.js', array('jquery'), '1.3', true);
217
- wp_enqueue_script('wordpress-https', $this->plugin_url . '/js/admin.php', array('jquery'), $this->version, true);
218
- wp_enqueue_style('wordpress-https', $this->plugin_url . '/css/admin.css', $this->version, true);
219
-
220
- if ( function_exists('add_thickbox') ) {
221
- add_thickbox();
222
- }
223
- }
224
-
225
- // Add 'Force SSL' checkbox to add/edit post pages
226
- if ( version_compare( get_bloginfo('version'), '2.8', '>' ) ) {
227
- add_action('post_submitbox_misc_actions', array(&$this, 'post_checkbox'));
228
- } else {
229
- add_action('post_submitbox_start', array(&$this, 'post_checkbox'));
230
- }
231
- add_action('save_post', array(&$this, 'post_save'));
232
- }
233
-
234
- // Filter HTTPS from links in WP 3.0+
235
- if ( version_compare(get_bloginfo('version'), '3.0', '>') && !is_admin() && strpos(get_option('home'), 'https://') === false ) {
236
- add_filter('page_link', array(&$this, 'replace_https_url'));
237
- add_filter('post_link', array(&$this, 'replace_https_url'));
238
- add_filter('category_link', array(&$this, 'replace_https_url'));
239
- add_filter('get_archives_link', array(&$this, 'replace_https_url'));
240
- add_filter('tag_link', array(&$this, 'replace_https_url'));
241
- add_filter('search_link', array(&$this, 'replace_https_url'));
242
- add_filter('home_url', array(&$this, 'replace_https_url'));
243
- add_filter('bloginfo', array(&$this, 'bloginfo'), 10, 2);
244
- add_filter('bloginfo_url', array(&$this, 'bloginfo'), 10, 2);
245
-
246
- // If the whole site is not HTTPS, set links to the front-end to HTTP from within the admin panel
247
- } else if ( is_admin() && $this->is_ssl() && strpos(get_option('home'), 'https://') === false ) {
248
- add_filter('page_link', array(&$this, 'replace_https_url'));
249
- add_filter('post_link', array(&$this, 'replace_https_url'));
250
- add_filter('category_link', array(&$this, 'replace_https_url'));
251
- add_filter('get_archives_link', array(&$this, 'replace_https_url'));
252
- add_filter('tag_link', array(&$this, 'replace_https_url'));
253
- add_filter('search_link', array(&$this, 'replace_https_url'));
254
- }
255
-
256
- // Change all page and post links to HTTPS in the admin panel when using different SSL Host
257
- if ( get_option('wordpress-https_ssl_host_subdomain') == 0 && $this->diff_host && is_admin() && $this->is_ssl() ) {
258
- add_filter('page_link', array(&$this, 'replace_http_url'));
259
- add_filter('post_link', array(&$this, 'replace_http_url'));
260
- }
261
- }
262
-
263
- /**
264
- * Operations performed when plugin is activated.
265
- *
266
- * @param none
267
- * @return void
268
- */
269
- public function install() {
270
- // Add plugin options
271
- foreach ( $this->options_default as $option => $value ) {
272
- if ( get_option($option) === false ) {
273
- add_option($option, $value);
274
- }
275
- }
276
-
277
- // Checks to see if the SSL Host is a subdomain
278
- $http_domain = $this->get_url_domain($this->http_url);
279
- $https_domain = $this->get_url_domain($this->https_url);
280
-
281
- if ( $this->replace_https($url) != $this->http_url && $http_domain == $https_domain ) {
282
- update_option('wordpress-https_ssl_host_subdomain', 1);
283
- }
284
-
285
- // Run plugin updates
286
- $this->update();
287
- }
288
-
289
- /**
290
- * Updates plugin from one version to another
291
- *
292
- * @param none
293
- * @return void
294
- */
295
- protected function update() {
296
- // Remove deprecated options
297
- $deprecated_options = array(
298
- 'wordpress-https_sharedssl_site',
299
- 'wordpress-https_internalurls',
300
- 'wordpress-https_externalurls',
301
- 'wordpress-https_bypass',
302
- 'wordpress-https_disable_autohttps'
303
- );
304
- foreach( $deprecated_options as $option ) {
305
- delete_option($option);
306
- }
307
-
308
- // Upgrade from version < 2.0
309
- if ( get_option('wordpress-https_sharedssl') ) {
310
- $shared_ssl = ((get_option('wordpress-https_sharedssl') == 1) ? true : false);
311
-
312
- $options = array(
313
- 'wordpress-https_sharedssl' => get_option('wordpress-https_sharedssl'),
314
- 'wordpress-https_sharedssl_host' => get_option('wordpress-https_sharedssl_host'),
315
- 'wordpress-https_sharedssl_admin' => get_option('wordpress-https_sharedssl_admin')
316
- );
317
 
318
- foreach( $options as $option => $value) {
319
- if ( $shared_ssl && $value ) {
320
- if ( $option == 'wordpress-https_sharedssl_host' ) {
321
- if ( $ssl_port = parse_url($value, PHP_URL_PORT) ) {
322
- update_option('wordpress-https_ssl_port', $ssl_port);
323
- $value = str_replace(':' . $ssl_port, '', $value);
324
- }
325
- update_option('wordpress-https_ssl_host', $value);
326
- }
327
- if ( $option == 'wordpress-https_sharedssl_admin' ) {
328
- update_option('wordpress-https_ssl_admin', $value);
329
- delete_option($option);
330
- }
331
- }
332
- delete_option($option);
333
- }
334
- }
335
-
336
- // Update current version
337
- update_option('wordpress-https_version', $this->version);
338
- }
339
-
340
- /**
341
- * Rests all plugin options to the defaults
342
- *
343
- * @param none
344
- * @return void
345
- */
346
- public function reset() {
347
- foreach ( $this->options_default as $option => $value ) {
348
- update_option($option, $value);
349
- }
350
- }
351
-
352
- /**
353
- * Adds a string to an array of log entries
354
- *
355
- * @param none
356
- * @return void
357
- */
358
- public function log( $string ) {
359
- $this->log[] = $string;
360
- }
361
-
362
- /**
363
- * Returns an array of warnings to notify the user of on the settings page
364
- *
365
- * @param none
366
- * @return void
367
- */
368
- public function warnings() {
369
- $warnings = array();
370
- $i = 0;
371
-
372
- // Warnings about unsecure external URL's
373
- $unsecure_external_urls = (array) get_option('wordpress-https_unsecure_external_urls');
374
- foreach( $unsecure_external_urls as $admin => $urls ) {
375
- if ( $urls && sizeof($urls) > 0 ) {
376
- $warnings[$i]['label'] = 'Unsecure External Content';
377
- $warnings[$i]['warnings'] = $urls;
378
- }
379
- }
380
- $i++;
381
 
382
- return $warnings;
383
- }
384
-
385
- /**
386
- * Finds the URL in a string
387
- *
388
- * @param string $string
389
- * @return string $url
390
- */
391
- static function get_url($string) {
392
- preg_match_all('/(http|https):\/\/[\/-\w\d\.,~#@^!\'()?=\+&%;:[\]]+/i', $string, $url);
393
- $url = @$url[0][0];
394
- return $url;
395
- }
396
 
397
- /**
398
- * Retrieves the base host of a given URL
399
- *
400
- * @param string $url
401
- * @return string $url_host
402
- */
403
- function get_url_domain($url) {
404
- $url = $this->get_url($url);
405
- $url_parts = parse_url($url);
406
- $url_host_parts = explode('.', @$url_parts['host']);
407
 
408
- // Find base hostname
409
- $url_host = @$url_parts['host'];
410
- for ($i = 0; $i < sizeof($url_host_parts)-1; $i++) {
411
- $test_host = str_replace($url_host_parts[$i] . '.', '', $url_host);
412
- if ( $this->get_file_contents($url_parts['scheme'] . '://' . $test_host) ) {
413
- $url_host = $test_host;
414
- } else {
415
- break;
416
- }
417
- }
418
- return $url_host;
419
- }
420
-
421
- /**
422
- * Replace HTTPS with HTTP in a string
423
- *
424
- * @param string $string
425
- * @return string $string
426
- */
427
- static function replace_https($string) {
428
- return str_replace('https://', 'http://', $string);
429
- }
430
 
431
- /**
432
- * Replace HTTP with HTTPS in a string
433
- *
434
- * @param string $string
435
- * @return string $string
436
- */
437
- static function replace_http($string) {
438
- return str_replace('http://', 'https://', $string);
439
  }
440
-
441
- /**
442
- * Determines if URL is local or external
443
- *
444
- * @param string $url
445
- * @return boolean
446
- */
447
- function is_local($url) {
448
- if ( ($url_parts = parse_url($url)) && strpos($this->http_url, $url_parts['host']) !== false || strpos($this->https_url, $url_parts['host']) !== false ) {
449
- return true;
450
- } else {
451
- return false;
452
- }
453
- }
454
-
455
- /**
456
- * Adds the SSL Port to URL in a string
457
- *
458
- * @param string $string
459
- * @return string $string
460
- */
461
- function add_port($string) {
462
- $url = $this->get_url($string);
463
- $url_parts = parse_url($url);
464
- if ( isset($url_parts['port']) ) {
465
- $url = $this->remove_port($url);
466
- }
467
-
468
- if ( $this->ssl_port && $this->ssl_port != 80 && $this->ssl_port != 443 && strpos($url, ':' . $this->ssl_port) === false ) {
469
- $url_host_port = $url_parts['host'] . ':' . $this->ssl_port;
470
- $string = str_replace($url_parts['host'], $url_host_port, $string);
471
- }
472
- return $string;
473
- }
474
-
475
- /**
476
- * Remove the SSL Port from URL in a string
477
- *
478
- * @param string $string
479
- * @return string $string
480
- */
481
- function remove_port($string) {
482
- $url = $this->get_url($string);
483
-
484
- if ( $this->is_local($url) && $port = parse_url($url, PHP_URL_PORT) ) {
485
- $string = str_replace($url, str_replace(':' . $port, '', $url), $string);
486
- }
487
- return $string;
488
- }
489
-
490
- /**
491
- * Replaces HTTP Host with HTTPS Host
492
- *
493
- * @param string $string
494
- * @return string $string
495
- */
496
- function replace_http_url($string) {
497
- // URL in string to be replaced
498
- $url_original = $this->get_url($string);
499
- if ( $this->is_local($url_original) ) {
500
- $url_parts = parse_url($url_original);
501
- $url = str_replace($url_parts['host'], parse_url($this->https_url, PHP_URL_HOST), $url_original);
502
-
503
- if ( $this->diff_host ) {
504
- $https_url_path = parse_url($this->https_url, PHP_URL_PATH);
505
- if ( strpos($url_parts['path'], $https_url_path) === false ) {
506
- if ( $url_parts['path'] == '/' ) {
507
- if ( isset($url_parts['query']) ) {
508
- $url_query = '?' . $url_parts['query'];
509
- $url = str_replace($url_query, '', $url);
510
- }
511
- $url = rtrim($url, '/') . $https_url_path . ((isset($url_query)) ? '/' . $url_query : '');
512
- } else {
513
- $url = str_replace($url_parts['path'], $https_url_path . $url_parts['path'], $url);
514
- }
515
- }
516
- }
517
-
518
- $url = $this->remove_port($url);
519
- $url = $this->add_port($url);
520
- $url = $this->replace_http($url);
521
- $string = str_replace($url_original, $url, $string);
522
- } else if ( $url_parts == null ) {
523
- $this->log('[ERROR] Unabled to parse URL: ' . $url_original);
524
- }
525
-
526
- return $string;
527
- }
528
-
529
- /**
530
- * Replaces HTTPS Host with HTTP Host
531
- *
532
- * @param string $string
533
- * @return string $string
534
- */
535
- public function replace_https_url($string) {
536
- $url_original = $this->get_url($string);
537
- if ( $this->is_local($url_original) ) {
538
- $url_parts = parse_url($url_original);
539
- $url = str_replace($url_parts['host'], parse_url($this->http_url, PHP_URL_HOST), $url_original);
540
- if ( $this->diff_host ) {
541
- $https_url_path = parse_url($this->https_url, PHP_URL_PATH);
542
- if ( $https_url_path != '/' && strpos(@$url_parts['path'], $https_url_path) !== false ) {
543
- $url = str_replace($https_url_path, '', $url);
544
- }
545
- }
546
- $url = $this->remove_port($url);
547
- $url = $this->replace_https($url);
548
- $string = str_replace($url_original, $url, $string);
549
- } else if ( $url_parts == null ) {
550
- $this->log('[ERROR] Unabled to parse URL: ' . $url_original);
551
- }
552
-
553
- return $string;
554
- }
555
-
556
- /**
557
- * Retrieves the contents of a local or external file
558
- *
559
- * @param string $url
560
- * @return boolean|string Contents of existing file, or false if file does not exist
561
- */
562
- static function get_file_contents($url) {
563
- if ( function_exists('curl_init') ) {
564
- $ch = curl_init();
565
-
566
- curl_setopt($ch, CURLOPT_URL, $url);
567
- curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER["HTTP_USER_AGENT"]);
568
- curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
569
- curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
570
- curl_setopt($ch, CURLOPT_FAILONERROR, true);
571
- @curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
572
- curl_setopt($ch, CURLOPT_HEADER, false);
573
- curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
574
-
575
- $content = curl_exec($ch);
576
- $info = curl_getinfo($ch);
577
- if ( !$info['http_code'] && ( $info['http_code'] == 0 || $info['http_code'] == 302 || $info['http_code'] == 404 ) ) {
578
- $content = false;
579
- } else if ( $content == "" ) {
580
- $content = true;
581
- }
582
- curl_close($ch);
583
- return $content;
584
- } else if ( @ini_get('allow_url_fopen') ) {
585
- $content = @file_get_contents($url);
586
- return $content;
587
- }
588
- return false;
589
- }
590
-
591
- /**
592
- * Start output buffering
593
- *
594
- * @param none
595
- * @return void
596
- */
597
- public function buffer_start() {
598
- ob_start(array(&$this, 'process'));
599
- }
600
-
601
- /**
602
- * Processes the output buffer to fix HTML output
603
- *
604
- * @param string $buffer
605
- * @return string $buffer
606
- */
607
- public function process($buffer) {
608
- $processed_urls = array();
609
- // Post = 2, Admin = 1, Other = 0
610
- $location = ((is_admin()) ? 1 : ((is_page() || is_home()) ? 2 : 0));
611
-
612
- $external_urls = get_option('wordpress-https_external_urls');
613
- if ( !is_array($external_urls) ) {
614
- $external_urls = array();
615
- }
616
-
617
- $unsecure_external_urls = get_option('wordpress-https_unsecure_external_urls');
618
- if ( !is_array($unsecure_external_urls) ) {
619
- $unsecure_external_urls = array();
620
- }
621
-
622
- // Fix any occurrence of the HTTPS version of the regular domain when using different SSL Host
623
- if ( $this->diff_host ) {
624
- $url = $this->replace_http($this->http_url);
625
- $count = substr_count($buffer, $url);
626
- if ( $count > 0 ) {
627
- $this->log('[FIXED] Updated ' . $count . ' Occurrences of URL: ' . $url . ' => ' . $this->replace_https_url($url));
628
- $buffer = str_replace($url, $this->replace_https_url($url), $buffer);
629
- }
630
- }
631
-
632
- if ( $this->is_ssl() ) {
633
- if ( is_admin() ) {
634
- preg_match_all('/\<(script|link|img)[^>]+[\'"]((http|https):\/\/[^\'"]+)[\'"][^>]*>/im', $buffer, $matches);
635
- } else {
636
- preg_match_all('/\<(script|link|img|form|input|embed|param)[^>]+[\'"]((http|https):\/\/[^\'"]+)[\'"][^>]*>/im', $buffer, $matches);
637
- }
638
- for ($i = 0; $i < sizeof($matches[0]); $i++) {
639
- $html = $matches[0][$i];
640
- $type = $matches[1][$i];
641
- $url = $matches[2][$i];
642
- $scheme = $matches[3][$i];
643
- $updated = false;
644
-
645
- if ( $type == 'img' || $type == 'script' || $type == 'embed' ||
646
- ( $type == 'link' && ( strpos($html, 'stylesheet') !== false || strpos($html, 'pingback') !== false ) ) ||
647
- ( $type == 'form' && strpos($html, 'wp-pass.php') !== false ) ||
648
- ( $type == 'form' && strpos($html, 'commentform') !== false ) ||
649
- ( $type == 'input' && strpos($html, 'image') !== false ) ||
650
- ( $type == 'param' && strpos($html, 'movie') !== false )
651
- ) {
652
- // Fix image tags in the admin panel
653
- if ( is_admin() && $type == 'img' ) {
654
- if ( strpos($url, $this->http_url) !== false && $this->diff_host ) {
655
- $updated = true;
656
- $processed_urls[$url] = $this->replace_http_url($url);
657
- $buffer = str_replace($html, str_replace($url, $processed_urls[$url], $html), $buffer);
658
- }
659
- } else {
660
- // If local
661
- if ( $this->is_local($url) ) {
662
- $updated = true;
663
- $processed_urls[$url] = $this->replace_http_url($url);
664
- $buffer = str_replace($html, str_replace($url, $processed_urls[$url], $html), $buffer);
665
- // If external and not HTTPS
666
- } else if ( strpos($url, 'https://') === false ) {
667
- if ( @in_array($url, $external_urls) == false && @in_array($url, $unsecure_external_urls[$location]) == false ) {
668
- if ( $this->get_file_contents($this->replace_http($url)) !== false ) {
669
- // Cache this URL as available over HTTPS for future reference
670
- $external_urls[] = $url;
671
- update_option('wordpress-https_external_urls', $external_urls);
672
- } else {
673
- // If not available over HTTPS, mark as an unsecure external URL
674
- $unsecure_external_urls[$location][] = $url;
675
- update_option('wordpress-https_unsecure_external_urls', $unsecure_external_urls);
676
- }
677
- }
678
-
679
- if ( in_array($url, $external_urls) ) {
680
- $updated = true;
681
- $processed_urls[$url] = $this->replace_http($url);
682
- $buffer = str_replace($html, str_replace($url, $processed_urls[$url], $html), $buffer);
683
- } else {
684
- $processed_urls[$url] = $url;
685
- }
686
- }
687
-
688
- if ( $updated == false && strpos($url, 'https://') === false ) {
689
- $this->log('[WARNING] Unsecure Element: <' . $type . '> - ' . $url);
690
- }
691
- }
692
- }
693
-
694
- if ( $updated && $url != $processed_urls[$url] ) {
695
- $this->log('[FIXED] Element: <' . $type . '> - ' . $url . ' => ' . $processed_urls[$url]);
696
- }
697
- }
698
-
699
- // Fix any CSS background images or imports
700
- preg_match_all('/(import|background)[:]?[^u]*url\([\'"]?(http:\/\/[^)]+)[\'"]?\)/im', $buffer, $matches);
701
- for ($i = 0; $i < sizeof($matches[0]); $i++) {
702
- $css = $matches[0][$i];
703
- $url = $matches[2][$i];
704
- $processed_urls[$url] = $this->replace_http_url($url);
705
- $buffer = str_replace($css, str_replace($url, $processed_urls[$url], $css), $buffer);
706
- $this->log('[FIXED] CSS: ' . $url . ' => ' . $processed_urls[$url]);
707
- }
708
-
709
- // Look for any relative paths that should be udpated to the SSL Host path
710
- if ( $this->diff_host ) {
711
- preg_match_all('/\<(script|link|img|input|form|embed|param|a)[^>]+(src|href|action|data|movie)=[\'"](\/[^\'"]*)[\'"][^>]*>/im', $buffer, $matches);
712
-
713
- for ($i = 0; $i < sizeof($matches[0]); $i++) {
714
- $html = $matches[0][$i];
715
- $type = $matches[1][$i];
716
- $attr = $matches[2][$i];
717
- $url = $matches[3][$i];
718
- if ( $type != 'input' || ( $type == 'input' && $attr == 'image' ) ) {
719
- $https_url = $this->https_url;
720
- if ( strpos($url, parse_url($https_url, PHP_URL_PATH)) !== false ) {
721
- $https_url = str_replace(parse_url($https_url, PHP_URL_PATH), '', $https_url);
722
- }
723
- $processed_urls[$url] = $https_url . $url;
724
- $buffer = str_replace($html, str_replace($url, $processed_urls[$url], $html), $buffer);
725
- $this->log('[FIXED] Element: <' . $type . '> - ' . $url . ' => ' . $processed_urls[$url]);
726
- }
727
- }
728
- }
729
- }
730
-
731
- // Update anchor and form tags to appropriate URL's
732
- preg_match_all('/\<(a|form)[^>]+[\'"]((http|https):\/\/[^\'"]+)[\'"][^>]*>/im', $buffer, $matches);
733
-
734
- for ($i = 0; $i < sizeof($matches[0]); $i++) {
735
- $html = $matches[0][$i];
736
- $type = $matches[1][$i];
737
- $url = $matches[2][$i];
738
- $scheme = $matches[3][$i];
739
- $updated = false;
740
-
741
- unset($force_ssl);
742
-
743
- if ( $this->is_local($url) ) {
744
- $url_parts = parse_url($url);
745
- if ( $this->diff_host ) {
746
- $url_parts['path'] = str_replace(parse_url($this->https_url, PHP_URL_PATH), '', $url_parts['path']);
747
- }
748
- $url_parts['path'] = str_replace(parse_url(get_option('home'), PHP_URL_PATH), '', $url_parts['path']);
749
-
750
- if ( preg_match("/page_id=([\d]+)/", parse_url($url, PHP_URL_QUERY), $postID) ) {
751
- $post = $postID[1];
752
- } else if ( $post = get_page_by_path($url_parts['path']) ) {
753
- $post = $post->ID;
754
- } else if ( $url_parts['path'] == '/' ) {
755
- if ( get_option('show_on_front') == 'posts' ) {
756
- $post = true;
757
- $force_ssl = (( get_option('wordpress-https_frontpage') == 1 ) ? true : false);
758
- } else {
759
- $post = get_option('page_on_front');
760
- }
761
- //TODO When logged in to HTTP and visiting an HTTPS page, admin links will always be forced to HTTPS, even if the user is not logged in via HTTPS. I need to find a way to detect this.
762
- } else if ( ( strpos($url_parts['path'], 'wp-admin') !== false || strpos($url_parts['path'], 'wp-login') !== false ) && ( $this->is_ssl() || $this->ssl_admin )) {
763
- $post = true;
764
- $force_ssl = true;
765
- }
766
-
767
- if ( isset($post) ) {
768
- // Always change links to HTTPS when logged in via different SSL Host
769
- if ( $type == 'a' && get_option('wordpress-https_ssl_host_subdomain') == 0 && $this->diff_host && $this->ssl_admin && is_user_logged_in() ) {
770
- $force_ssl = true;
771
- } else if ( (int) $post > 0 ) {
772
- $force_ssl = (( !isset($force_ssl) ) ? get_post_meta($post, 'force_ssl', true) : $force_ssl);
773
- }
774
-
775
- if ( $force_ssl == true ) {
776
- $updated = true;
777
- $processed_urls[$url] = $this->replace_http_url($url);
778
- $buffer = str_replace($html, str_replace($url, $processed_urls[$url], $html), $buffer);
779
- } else if ( get_option('wordpress-https_exclusive_https') == 1 ) {
780
- $updated = true;
781
- $processed_urls[$url] = $this->replace_https_url($url);
782
- $buffer = str_replace($html, str_replace($url, $processed_urls[$url], $html), $buffer);
783
- }
784
- }
785
-
786
- if ( $updated && $url != $processed_urls[$url] ) {
787
- $this->log('[FIXED] Element: <' . $type . '> - ' . $url . ' => ' . $processed_urls[$url]);
788
- }
789
- }
790
- }
791
-
792
- // If an unsecure element has been removed from the site, remove it from $unsecure_external_urls to clear warnings
793
- if ( isset($unsecure_external_urls[$location]) && is_array($unsecure_external_urls[$location]) ) {
794
- $unsecure_external_urls[$location] = array_values($unsecure_external_urls[$location]);
795
- for( $i = 0; $i < sizeof($unsecure_external_urls[$location]); $i++ ) {
796
- $removed = true;
797
- foreach( $processed_urls as $original_url => $new_url ) {
798
- // If unsecure_external_url was found in processed_urls, it has not been removed
799
- if ( $unsecure_external_urls[$location][$i] == $original_url ) {
800
- $removed = false;
801
- }
802
- }
803
- if ( $removed ) {
804
- $this->log('[FIXED] Removed Unsecure URL: ' . $unsecure_external_urls[$location][$i]);
805
- unset($unsecure_external_urls[$location][$i]);
806
- update_option('wordpress-https_unsecure_external_urls', $unsecure_external_urls);
807
- }
808
-
809
- }
810
- }
811
-
812
- // Add debug console logging. It's not pretty, but it works.
813
- if ( $this->debug && sizeof($this->log) > 0 ) {
814
- $code = "<script type=\"text/javascript\">\n\tif ( typeof console === 'object' ) {\n";
815
-
816
- array_unshift($this->log, '[BEGIN WordPress HTTPS Debug Log]');
817
- array_push($this->log, '[END WordPress HTTPS Debug Log]');
818
- foreach( $this->log as $log_entry ) {
819
- if ( is_array($log_entry) ) {
820
- $log_entry = json_encode($log_entry);
821
- } else {
822
- $log_entry = "'" . $log_entry . "'";
823
- }
824
- $code .= "\t\tconsole.log(" . $log_entry . ");\n";
825
- }
826
- $code .= "\t}\n</script>\n";
827
- $buffer = str_replace("</body>", $code . "\n</body>", $buffer);
828
- }
829
-
830
- return $buffer;
831
- }
832
-
833
- /**
834
- * Filters HTTPS urls from bloginfo function
835
- *
836
- * @param string $result
837
- * @param string $show
838
- * @return string $result
839
- */
840
- public function bloginfo($result = '', $show = '') {
841
- if ( $show == 'stylesheet_url' || $show == 'template_url' || $show == 'wpurl' || $show == 'home' || $show == 'siteurl' || $show == 'url' ) {
842
- $result = $this->replace_https_url($result);
843
- }
844
- return $result;
845
- }
846
-
847
- /**
848
- * Checks if the current page is SSL
849
- *
850
- * @param none
851
- * @return bool
852
- */
853
- public function is_ssl() {
854
- $https_url = parse_url($this->https_url);
855
- // Some extra checks for proxies and Shared SSL
856
- if ( is_ssl() && strpos($_SERVER['HTTP_HOST'], $https_url['host']) === false && $_SERVER['SERVER_ADDR'] != $_SERVER['HTTP_HOST'] ) {
857
- return false;
858
- } else if ( isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) == 'https' ) {
859
- return true;
860
- } else if ( $this->diff_host && !is_ssl() && isset($_SERVER['HTTP_X_FORWARDED_SERVER']) && strpos($this->https_url, 'https://' . $_SERVER['HTTP_X_FORWARDED_SERVER']) !== false ) {
861
- return true;
862
- } else if ( $this->diff_host && !is_ssl() && strpos($_SERVER['HTTP_HOST'], $https_url['host']) !== false && (!$this->ssl_port || $_SERVER['SERVER_PORT'] == $this->ssl_port) && (isset($https_url['path']) && !$https_url['path'] || strpos($_SERVER['REQUEST_URI'], $https_url['path']) !== false) ) {
863
- return true;
864
- }
865
- return is_ssl();
866
- }
867
-
868
- /**
869
- * Checks if the current page needs to be redirected
870
- *
871
- * @param none
872
- * @return void
873
- */
874
- public function redirect_check() {
875
- global $post;
876
- if ( is_front_page() && get_option('show_on_front') == 'posts' ) {
877
- if ( get_option('wordpress-https_frontpage') == 1 && !$this->is_ssl() ) {
878
- $scheme = 'https';
879
- } else if ( get_option('wordpress-https_frontpage') != 1 && get_option('wordpress-https_exclusive_https') == 1 && $this->is_ssl() && ( !$this->diff_host || ( $this->diff_host && $this->ssl_admin && !is_user_logged_in() ) ) ) {
880
- $scheme = 'http';
881
- }
882
- } else if ( ( is_single() || is_page() || is_front_page() || is_home() ) && $post->ID > 0 ) {
883
- $force_ssl = get_post_meta($post->ID, 'force_ssl', true);
884
- $force_ssl = apply_filters('force_ssl', $force_ssl, $post->ID );
885
- if ( !$this->is_ssl() && $force_ssl ) {
886
- $scheme = 'https';
887
- } else if ( get_option('wordpress-https_exclusive_https') == 1 && !$force_ssl && ( !$this->diff_host || ( $this->diff_host && $this->ssl_admin && !is_user_logged_in() ) ) ) {
888
- $scheme = 'http';
889
- }
890
- }
891
-
892
- if ( isset($scheme) ) {
893
- $this->redirect($scheme);
894
- }
895
- }
896
-
897
- /**
898
- * Fix wp_redirect in admin/login when using a different SSL Host
899
- *
900
- * @param string $url
901
- * @return string $url
902
- */
903
- public function wp_redirect_admin( $url ) {
904
- $url = $this->replace_http_url($url);
905
-
906
- // Fix redirect_to
907
- preg_match('/redirect_to=([^&]+)/i', $url, $redirect);
908
- $redirect_url = $redirect[1];
909
- $url = str_replace($redirect_url, urlencode($this->replace_http_url(urldecode($redirect_url))), $url);
910
- return $url;
911
- }
912
-
913
- /**
914
- * Redirects page to HTTP or HTTPS accordingly
915
- *
916
- * @param string $scheme Either http or https
917
- * @return void
918
- */
919
- public function redirect($scheme = 'https') {
920
- if ( !$this->is_ssl() && $scheme == 'https' ) {
921
- $url = parse_url($this->https_url);
922
- $url['scheme'] = $scheme;
923
- } else if ( $this->is_ssl() && $scheme == 'http' ) {
924
- $url = parse_url($this->http_url);
925
- $url['scheme'] = $scheme;
926
- } else {
927
- $url = false;
928
- }
929
- if ( $url ) {
930
- $destination = $url['scheme'] . '://' . $url['host'] . (( isset($url['port']) ) ? ':' . $url['port'] : '') . (( isset($url['path']) && strpos($_SERVER['REQUEST_URI'], $url['path']) !== true ) ? $url['path'] : '') . $_SERVER['REQUEST_URI'];
931
- if ( function_exists('wp_redirect') ) {
932
- wp_redirect($destination, 301);
933
- } else {
934
- // End all output buffering and redirect
935
- while(@ob_end_clean());
936
-
937
- // If redirecting to an admin page
938
- if ( strpos($destination, 'wp-admin') !== false || strpos($destination, 'wp-login') !== false ) {
939
- $destination = $this->wp_redirect_admin($destination);
940
- }
941
-
942
- header("Location: " . $destination);
943
- }
944
- exit();
945
- }
946
- }
947
-
948
- /**
949
- * Add SSL Host host to allowed redirect hosts
950
- *
951
- * @param array $content
952
- * @return array $content
953
- */
954
- public function allowed_redirect_hosts($content) {
955
- $content[] = parse_url($this->https_url, PHP_URL_HOST);
956
- return $content;
957
- }
958
-
959
- /**
960
- * Set Cookie
961
- *
962
- * Set authentication cookie when using different SSL Host
963
- *
964
- * @param none
965
- * @return void
966
- */
967
- public function set_cookie($cookie, $expire, $expiration, $user_id, $scheme) {
968
- if( $scheme == 'logged_in' ) {
969
- $cookie_name = LOGGED_IN_COOKIE;
970
- } elseif ( $secure ) {
971
- $cookie_name = SECURE_AUTH_COOKIE;
972
- $scheme = 'secure_auth';
973
- } else {
974
- $cookie_name = AUTH_COOKIE;
975
- $scheme = 'auth';
976
- }
977
-
978
- //$cookie_domain = COOKIE_DOMAIN;
979
- $cookie_path = COOKIEPATH;
980
- $cookie_path_site = SITECOOKIEPATH;
981
- $cookie_path_plugins = PLUGINS_COOKIE_PATH;
982
- $cookie_path_admin = ADMIN_COOKIE_PATH;
983
-
984
- if ( $this->diff_host && $this->is_ssl() ) {
985
- // If SSL Host is a subdomain and we're setting an authentication cookie, the cookie does not need to be set
986
- if ( get_option('wordpress-https_ssl_host_subdomain') == 1 && ( $scheme == 'auth' || $scheme == 'secure_auth' ) ) {
987
- return;
988
- // If SSL Host is a subdomain, make cookie domain a wildcard
989
- } else if ( get_option('wordpress-https_ssl_host_subdomain') == 1 ) {
990
- $cookie_domain = '.' . $this->get_url_domain($this->https_url);
991
- // Otherwise, cookie domain set for different SSL Host
992
- } else {
993
- $cookie_domain = parse_url($this->https_url, PHP_URL_HOST);
994
- }
995
-
996
- $cookie_path = rtrim(parse_url($this->https_url, PHP_URL_PATH), '/') . $cookie_path;
997
- $cookie_path_site = rtrim(parse_url($this->https_url, PHP_URL_PATH), '/') . $cookie_path_site;
998
- $cookie_path_plugins = rtrim(parse_url($this->https_url, PHP_URL_PATH), '/') . $cookie_path_plugins;
999
- $cookie_path_admin = $cookie_path_site . 'wp-admin';
1000
- }
1001
-
1002
- // Cookie paths defined to accomodate different SSL Host
1003
- if ( version_compare(phpversion(), '5.2.0', '>=') ) {
1004
- if ( $scheme == 'logged_in' ) {
1005
- setcookie($cookie_name, $cookie, $expire, $cookie_path, $cookie_domain, $secure, true);
1006
- if ( $cookie_path != $cookie_path_site ) {
1007
- setcookie($cookie_name, $cookie, $expire, $cookie_path_site, $cookie_domain, $secure, true);
1008
- }
1009
- } else {
1010
- setcookie($cookie_name, $cookie, $expire, $cookie_path_plugins, $cookie_domain, false, true);
1011
- setcookie($cookie_name, $cookie, $expire, $cookie_path_admin, $cookie_domain, false, true);
1012
- }
1013
- } else {
1014
- if ( !empty($cookie_domain) ) {
1015
- $cookie_domain .= '; HttpOnly';
1016
- }
1017
-
1018
- if ( $scheme == 'logged_in' ) {
1019
- setcookie($cookie_name, $cookie, $expire, $cookie_path, $cookie_domain, $secure);
1020
- if ( $cookie_path != $cookie_path_site ) {
1021
- setcookie($cookie_name, $cookie, $expire, $cookie_path_site, $cookie_domain, $secure);
1022
- }
1023
- } else {
1024
- setcookie($cookie_name, $cookie, $expire, $cookie_path_plugins, $cookie_domain);
1025
- setcookie($cookie_name, $cookie, $expire, $cookie_path_admin, $cookie_domain);
1026
- }
1027
- }
1028
- }
1029
-
1030
- /**
1031
- * Clear Cookies
1032
- *
1033
- * Clear authentication and logged in cookies when using a different SSL Host
1034
- *
1035
- * @param none
1036
- * @return void
1037
- */
1038
- public function clear_cookies() {
1039
- $cookie_domain = '.' . $this->get_url_domain($this->https_url);
1040
- $cookie_path = rtrim(parse_url($this->https_url, PHP_URL_PATH), '/') . COOKIEPATH;
1041
- $cookie_path_site = rtrim(parse_url($this->https_url, PHP_URL_PATH), '/') . SITECOOKIEPATH;
1042
- $cookie_path_plugins = rtrim(parse_url($this->https_url, PHP_URL_PATH), '/') . PLUGINS_COOKIE_PATH;
1043
- $cookie_path_admin = $cookie_path_site . 'wp-admin';
1044
-
1045
- if ( get_option('wordpress-https_ssl_host_subdomain') == 1 ) {
1046
- setcookie(LOGGED_IN_COOKIE, ' ', time() - 31536000, $cookie_path, $cookie_domain);
1047
- setcookie(LOGGED_IN_COOKIE, ' ', time() - 31536000, $cookie_path_site, $cookie_domain);
1048
- }
1049
-
1050
- setcookie(AUTH_COOKIE, ' ', time() - 31536000, $cookie_path_admin);
1051
- setcookie(AUTH_COOKIE, ' ', time() - 31536000, $cookie_path_plugins);
1052
- setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, $cookie_path_admin);
1053
- setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, $cookie_path_plugins);
1054
- setcookie(LOGGED_IN_COOKIE, ' ', time() - 31536000, $cookie_path);
1055
- setcookie(LOGGED_IN_COOKIE, ' ', time() - 31536000, $cookie_path_site);
1056
- }
1057
-
1058
- /**
1059
- * Add 'Force SSL' checkbox to add/edit post pages
1060
- *
1061
- * @param none
1062
- * @return void
1063
- */
1064
- public function post_checkbox() {
1065
- global $post;
1066
-
1067
- wp_nonce_field(plugin_basename(__FILE__), 'wordpress-https');
1068
-
1069
- $checked = false;
1070
- if ( $post->ID ) {
1071
- $checked = get_post_meta($post->ID, 'force_ssl', true);
1072
- }
1073
- echo '<div class="misc-pub-section misc-pub-section-wphttps"><label>Force SSL: <input type="checkbox" value="1" name="force_ssl" id="force_ssl"' . (( $checked ) ? ' checked="checked"' : '') . ' /></label></div>';
1074
- }
1075
-
1076
- /**
1077
- * Save Force SSL option to post or page
1078
- *
1079
- * @param int $post_id
1080
- * @return int $post_id
1081
- */
1082
- public function post_save( $post_id ) {
1083
- if ( array_key_exists('wordpress-https', $_POST) ) {
1084
- if ( !wp_verify_nonce($_POST['wordpress-https'], plugin_basename(__FILE__)) ) {
1085
- return $post_id;
1086
- }
1087
-
1088
- if ( defined('DOING_AUTOSAVE') && DOING_AUTOSAVE ) {
1089
- return $post_id;
1090
- }
1091
-
1092
- if ( $_POST['post_type'] == 'page' ) {
1093
- if ( !current_user_can('edit_page', $post_id) ) {
1094
- return $post_id;
1095
- }
1096
- } else {
1097
- if ( !current_user_can('edit_post', $post_id) ) {
1098
- return $post_id;
1099
- }
1100
- }
1101
-
1102
- $force_ssl = (( $_POST['force_ssl'] == 1 ) ? true : false);
1103
- if ( $force_ssl ) {
1104
- update_post_meta($post_id, 'force_ssl', 1);
1105
- } else {
1106
- delete_post_meta($post_id, 'force_ssl');
1107
- }
1108
-
1109
- return $force_ssl;
1110
- }
1111
- return $post_id;
1112
- }
1113
-
1114
- /**
1115
- * Admin panel menu option
1116
- *
1117
- * @param none
1118
- * @return void
1119
- */
1120
- public function menu() {
1121
- add_options_page('WordPress HTTPS Settings', 'WordPress HTTPS', 'manage_options', 'wordpress-https', array(&$this, 'settings'));
1122
- }
1123
-
1124
- /**
1125
- * Plugin links on Manage Plugins page in admin panel
1126
- *
1127
- * @param array $links
1128
- * @param string $file
1129
- * @return array $links
1130
- */
1131
- public function plugin_links($links, $file) {
1132
- if ( strpos($file, basename( __FILE__)) === false ) {
1133
- return $links;
1134
- }
1135
-
1136
- $links[] = '<a href="' . site_url() . '/wp-admin/options-general.php?page=wordpress-https" title="WordPress HTTPS Settings">Settings</a>';
1137
- $links[] = '<a href="http://wordpress.org/extend/plugins/wordpress-https/faq/" title="Frequently Asked Questions">FAQ</a>';
1138
- $links[] = '<a href="http://wordpress.org/tags/wordpress-https#postform" title="Support">Support</a>';
1139
- $links[] = '<a href="https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=N9NFVADLVUR7A" title="Support WordPress HTTPS development with a donation!">Donate</a>';
1140
- return $links;
1141
- }
1142
-
1143
- /**
1144
- * Settings Page
1145
- *
1146
- * @param none
1147
- * @return void
1148
- */
1149
- public function settings() {
1150
- if ( !current_user_can('manage_options') ) {
1151
- wp_die( __('You do not have sufficient permissions to access this page.') );
1152
- }
1153
-
1154
- if ( $_SERVER['REQUEST_METHOD'] === 'POST' ) {
1155
- $errors = array();
1156
- $reload = false;
1157
- $logout = false;
1158
- if ( @$_POST['Reset'] ) {
1159
- $this->reset();
1160
- $reload = true;
1161
- } else {
1162
- foreach ($this->options_default as $key => $default) {
1163
- if ( !array_key_exists($key, $_POST) && $default == 0 ) {
1164
- $_POST[$key] = 0;
1165
- update_option($key, $_POST[$key]);
1166
- } else {
1167
- if ( $key == 'wordpress-https_ssl_host' ) {
1168
- if ( $_POST[$key] != '' ) {
1169
- $url = strtolower($_POST[$key]);
1170
- // Add scheme if it doesn't exist so that parse_url does not fail
1171
- if ( strpos($url, 'http://') === false && strpos($url, 'https://') === false ) {
1172
- $url = $this->replace_http('http://' . $url);
1173
- }
1174
- $url = parse_url($url);
1175
- $port = ((isset($_POST['wordpress-https_ssl_port'])) ? $_POST['wordpress-https_ssl_port'] : $url['port']);
1176
- $port = (($port != 80 && $port != 443) ? $port : null);
1177
- $url = 'https://' . $url['host'] . (($port) ? ':' . $port : '') . @$url['path'];
1178
-
1179
- // If secure host is set to a different host
1180
- if ( $url != $this->https_url ) {
1181
- $home_url = $url . parse_url(get_option('home'), PHP_URL_PATH);
1182
- // Add trailing slash
1183
- $home_url = ((substr($home_url, -1) !== '/') ? $home_url . '/' : $home_url);
1184
- // Ensure that the WordPress installation is accessible at this host
1185
- if ( $this->get_file_contents($home_url) ) {
1186
- // Remove trailing slash
1187
- if ( substr($url, -1, 1) == '/' ) {
1188
- $url = substr($url, 0, strlen($url)-1);
1189
- }
1190
- $this->log('[SETTINGS] Updated SSL Host: ' . $this->https_url . ' => ' . $url);
1191
-
1192
- // If secure domain has changed and currently on SSL, logout user
1193
- if ( $this->is_ssl() ) {
1194
- $logout = true;
1195
- }
1196
- $_POST[$key] = $this->remove_port($url);
1197
- } else {
1198
- $errors[] = '<strong>SSL Host</strong> - Invalid WordPress installation at ' . $home_url;
1199
- $_POST[$key] = get_option($key);
1200
- }
1201
- } else {
1202
- $_POST[$key] = $this->https_url;
1203
- }
1204
- } else {
1205
- $_POST[$key] = get_option($key);
1206
- }
1207
- } else if ( $key == 'wordpress-https_ssl_admin' ) {
1208
- if ( force_ssl_admin() || force_ssl_login() ) {
1209
- $errors[] = '<strong>SSL Admin</strong> - FORCE_SSL_ADMIN and FORCE_SSL_LOGIN can not be set to true in your wp-config.php.';
1210
- $_POST[$key] = 0;
1211
- // If forcing SSL Admin and currently not SSL, logout user
1212
- } else if ( !$this->is_ssl() ) {
1213
- $logout = true;
1214
- }
1215
- } else if ( $key == 'wordpress-https_ssl_host_subdomain' ) {
1216
- // Checks to see if the SSL Host is a subdomain
1217
- $http_domain = $this->get_url_domain($this->http_url);
1218
- $https_domain = $this->get_url_domain($this->https_url);
1219
-
1220
- if ( $this->replace_https($url) != $this->http_url && $http_domain == $https_domain ) {
1221
- $_POST[$key] = 1;
1222
- } else {
1223
- $_POST[$key] = 0;
1224
- }
1225
- }
1226
-
1227
- update_option($key, $_POST[$key]);
1228
- }
1229
- }
1230
- }
1231
-
1232
- if ( $logout ) {
1233
- wp_logout();
1234
- }
1235
-
1236
- if ( array_key_exists('ajax', $_POST) ) {
1237
- while(@ob_end_clean());
1238
- ob_start();
1239
- if ( sizeof( $errors ) > 0 ) {
1240
- echo "<div class=\"error below-h2 fade wphttps-message\" id=\"message\">\n\t<ul>\n";
1241
- foreach ( $errors as $error ) {
1242
- echo "\t\t<li><p>".$error."</p></li>\n";
1243
- }
1244
- echo "\t</ul>\n</div>\n";
1245
- } else {
1246
- echo "<div class=\"updated below-h2 fade wphttps-message\" id=\"message\"><p>Settings saved.</p></div>\n";
1247
- if ( $logout || $reload ) {
1248
- echo "<script type=\"text/javascript\">window.location.reload();</script>";
1249
- }
1250
- }
1251
- exit();
1252
- }
1253
- }
1254
- ?>
1255
-
1256
- <div class="wrap">
1257
- <div id="icon-options-general" class="icon32"><br /></div>
1258
- <h2>WordPress HTTPS Settings</h2>
1259
-
1260
- <?php
1261
- if ( $_SERVER['REQUEST_METHOD'] === 'POST' ) {
1262
- if ( sizeof( $errors ) > 0 ) {
1263
- echo "\t<div class=\"error below-h2 fade wphttps-message\" id=\"message\">\n\t<ul>\n";
1264
- foreach ( $errors as $error ) {
1265
- echo "\t\t<li><p>".$error."</p></li>\n";
1266
- }
1267
- echo "\t</ul>\n</div>\n";
1268
- } else {
1269
- echo "\t\t<div class=\"updated below-h2 fade wphttps-message\" id=\"message\"><p>Settings saved.</p></div>\n";
1270
- }
1271
- } else {
1272
- echo "\t<div class=\"wphttps-message-wrap\"id=\"message-wrap\"><div id=\"message-body\"></div></div>\n";
1273
  }
1274
- ?>
1275
-
1276
- <div id="wphttps-sidebar">
1277
-
1278
- <?php if ( sizeof($this->warnings()) > 0 ) { ?>
1279
- <div class="wphttps-widget" id="wphttps-warnings">
1280
- <h3 class="wphttps-widget-title">Warnings</h3>
1281
- <div class="wphttps-widget-content inside">
1282
- <?php
1283
- foreach( $this->warnings() as $warning ) {
1284
- $warning_id = 'warnings-' . strtolower(str_replace(' ', '-', $warning['label']));
1285
- echo "\t\t\t\t\t<strong>" . $warning['label'] . "</strong><a class=\"warning-help wphttps-icon\" href=\"#" . $warning_id . "-tooltip\">Help</a>\n";
1286
- echo "\t\t\t\t\t<ul id=\"" . $warning_id . "\">";
1287
- foreach ( $warning['warnings'] as $warning ) {
1288
- echo "\t\t\t\t\t\t<li><span class=\"warning-url\">" . $warning . "</span></li>\n";
1289
- }
1290
- echo "\t\t\t\t\t</ul>\n\n";
1291
- }
1292
- ?>
1293
- </div>
1294
- </div>
1295
-
1296
- <?php } ?>
1297
-
1298
- <div class="wphttps-widget" id="wphttps-updates">
1299
- <h3 class="wphttps-widget-title">Developer Updates</h3>
1300
- <div class="wphttps-widget-content inside">
1301
- <img alt="Loading..." src="<?php echo parse_url($this->plugin_url, PHP_URL_PATH); ?>/css/images/wpspin_light.gif" class="loading" id="updates-loading" />
1302
- </div>
1303
- </div>
1304
-
1305
- <div class="wphttps-widget" id="wphttps-support">
1306
- <h3 class="wphttps-widget-title">Support</h3>
1307
- <div class="wphttps-widget-content inside">
1308
- <p>Having problems getting your site secure? If you haven't already, check out the <a href="http://wordpress.org/extend/plugins/wordpress-https/faq/" target="_blank">Frequently Asked Questions</a>.</p>
1309
- <p>Still not fixed? Please <a href="http://wordpress.org/tags/wordpress-https#postform" target="_blank">start a support topic</a> and I'll do my best to assist you.</p>
1310
- </div>
1311
- </div>
1312
-
1313
- <div class="wphttps-widget" id="wphttps-donate">
1314
- <h3 class="wphttps-widget-title">Donate</h3>
1315
- <div class="wphttps-widget-content inside">
1316
- <p>If you found this plugin useful, or I've already helped you, please considering buying me a <a href="http://en.wikipedia.org/wiki/Newcastle_Brown_Ale" target="_blank">beer</a> or two.</p>
1317
- <p>Donations help alleviate the time spent developing and supporting this plugin and are greatly appreciated.</p>
1318
 
1319
- <a href="https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=N9NFVADLVUR7A" target="_blank" id="wphttps-donate-link">
1320
- <img alt="Donate" src="https://www.paypal.com/en_US/i/btn/btn_donate_SM.gif" width="74" height="21" />
1321
- </a>
1322
- </div>
1323
- </div>
1324
-
1325
- </div>
1326
-
1327
- <div id="wphttps-main">
1328
- <div id="post-body">
1329
- <form name="form" id="wordpress-https" action="options-general.php?page=wordpress-https" method="post">
1330
- <?php settings_fields('wordpress-https'); ?>
1331
-
1332
- <input type="hidden" name="wordpress-https_ssl_host_subdomain" value="<?php echo ((get_option('wordpress-https_ssl_host_subdomain') != 1) ? 0 : 1); ?>" />
1333
-
1334
- <h3 class="title">General Settings</h3>
1335
- <table class="form-table">
1336
- <tr valign="top">
1337
- <th scope="row">SSL Host</th>
1338
- <td>
1339
- <fieldset>
1340
- <label for="wordpress-https_ssl_host">
1341
- <input name="wordpress-https_ssl_host" type="text" id="wordpress-https_ssl_host" class="regular-text code" value="<?php echo str_replace('https://', '', $this->remove_port($this->https_url)); ?>" />
1342
- </label>
1343
- <label for="wordpress-https_ssl_port">Port
1344
- <input name="wordpress-https_ssl_port" type="text" id="wordpress-https_ssl_port" class="small-text" value="<?php echo $this->ssl_port; ?>" />
1345
- </label>
1346
- </fieldset>
1347
- </td>
1348
- </tr>
1349
- <tr valign="top">
1350
- <th scope="row">Force SSL Exclusively</th>
1351
- <td>
1352
- <fieldset>
1353
- <input name="wordpress-https_exclusive_https" type="checkbox" id="wordpress-https_exclusive_https" value="1"<?php echo ((get_option('wordpress-https_exclusive_https')) ? ' checked="checked"' : ''); ?> />
1354
- <label for="wordpress-https_exclusive_https">
1355
- Posts and pages without <a href="<?php echo parse_url($this->plugin_url, PHP_URL_PATH); ?>/screenshot-2.png" class="thickbox">Force SSL</a> enabled will be redirected to HTTP.
1356
- </label>
1357
- </fieldset>
1358
- </td>
1359
- </tr>
1360
- <tr valign="top">
1361
- <th scope="row">Force SSL Administration</th>
1362
- <td>
1363
- <fieldset>
1364
- <label for="wordpress-https_ssl_admin">
1365
- <input name="wordpress-https_ssl_admin" type="checkbox" id="wordpress-https_ssl_admin" value="1"<?php echo (($this->ssl_admin) ? ' checked="checked"' : ''); ?><?php echo ((force_ssl_admin()) ? ' disabled="disabled" title="FORCE_SSL_ADMIN is true in wp-config.php"' : ''); ?> />
1366
- </label>
1367
- </fieldset>
1368
- </td>
1369
- </tr>
1370
-
1371
- <?php if ( get_option('show_on_front') == 'posts' ) { ?>
1372
- <tr valign="top">
1373
- <th scope="row">HTTPS Front Page</th>
1374
- <td>
1375
- <fieldset>
1376
- <label for="wordpress-https_frontpage">
1377
- <input name="wordpress-https_frontpage" type="checkbox" id="wordpress-https_frontpage" value="1"<?php echo ((get_option('wordpress-https_frontpage')) ? ' checked="checked"' : ''); ?> />
1378
- </label>
1379
- </fieldset>
1380
- </td>
1381
- </tr>
1382
-
1383
- <?php } ?>
1384
- </table>
1385
-
1386
- <p class="button-controls">
1387
- <input type="submit" name="Submit" value="Save Changes" class="button-primary" id="settings-save" />
1388
- <input type="submit" name="Reset" value="Reset" class="button-secondary" id="settings-reset" />
1389
- <img alt="Waiting..." src="<?php echo parse_url($this->plugin_url, PHP_URL_PATH); ?>/css/images/wpspin_light.gif" class="waiting" id="submit-waiting" />
1390
- </p>
1391
- </form>
1392
- </div>
1393
- </div>
1394
-
1395
- <div class="wphttps-tooltip-body" id="warnings-unsecure-external-content-tooltip">Unsecure External Content are URL's being loaded on secure pages that can not be loaded securely. It is recommended that you remove these elements by disabling or editing the plugin or theme that requires them.</div>
1396
-
1397
- <?php
1398
- }
1399
- } // End WordPressHTTPS Class
1400
- }
1401
 
1402
- // Instantiate class if we're in WordPress
1403
- if ( class_exists('WordPressHTTPS') && function_exists('get_bloginfo') ) {
1404
- $wordpress_https = new WordPressHTTPS();
1405
  register_activation_hook(__FILE__, array($wordpress_https, 'install'));
1406
  }
1
  <?php
2
+ /**
3
  Plugin Name: WordPress HTTPS
4
  Plugin URI: http://mvied.com/projects/wordpress-https/
5
  Description: WordPress HTTPS is intended to be an all-in-one solution to using SSL on WordPress sites.
6
  Author: Mike Ems
7
+ Version: 3.0
8
  Author URI: http://mvied.com/
9
  */
10
 
11
+ $include_paths = array(
12
+ get_include_path(),
13
+ dirname(__FILE__),
14
+ dirname(__FILE__) . '/lib'
15
+ );
16
+ set_include_path(implode(PATH_SEPARATOR, $include_paths));
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
17
 
18
+ require_once('Zend/Loader/Autoloader.php');
19
+ $autoloader = Zend_Loader_Autoloader::getInstance();
20
+ $autoloader->registerNamespace('WordPressHTTPS_');
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
21
 
22
+ require_once('WordPressHTTPS.php');
 
 
 
 
 
 
 
 
 
 
 
 
 
23
 
24
+ if ( function_exists('get_bloginfo') && ! defined('WP_UNINSTALL_PLUGIN') ) {
25
+ $wordpress_https = new WordPressHTTPS;
26
+ $wordpress_https->setSlug('wordpress-https');
27
+ $wordpress_https->setVersion('3.0');
28
+ $wordpress_https->setLogger(WordPressHTTPS_Logger::getInstance());
29
+ $wordpress_https->setPluginUrl(plugins_url('', __FILE__));
30
+ $wordpress_https->setDirectory(dirname(__FILE__));
31
+ $wordpress_https->setModuleDirectory(dirname(__FILE__) . '/lib/WordPressHTTPS/Module/');
 
 
32
 
33
+ //Load Modules
34
+ $wordpress_https->loadModules();
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
35
 
36
+ // If WPHTTPS_RESET global is defined, reset settings
37
+ if ( defined('WPHTTPS_RESET') && constant('WPHTTPS_RESET') == true ) {
38
+ foreach($wordpress_https->getSettings() as $key => $default) {
39
+ $wordpress_https->setSetting($key, $default);
 
 
 
 
40
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
41
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
42
 
43
+ // Initialize Plugin
44
+ $wordpress_https->init();
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
45
 
46
+ // Register activation hook. Must be called outside of a class.
 
 
47
  register_activation_hook(__FILE__, array($wordpress_https, 'install'));
48
  }