WordPress HTTPS (SSL) - Version 3.2

Version Description

  • Added domain mapping. Domain mapping allows you to map external domains that host their HTTPS content on a different domain.
  • Added Remove Unsecure Elements option. If possible, this option removes external elements from the page that can not be loaded over HTTPS, preventing insecure content errors without modifying any code.
  • ClouldFlare support.
  • Substantial memory optimization.
  • Removed Secure Front Page option. This can now be achieved through URL Filters.
  • Bug Fix - Visiting the admin panel over HTTP when using Shared SSL should no longer log the user out, but will now redirect accordingly.
  • Bug Fix - Random 404 errors should be gone.
  • Bug Fix - Fixed bug where a bad setting for ssl_host would cause the code to fail.
  • Bug Fix - CSS backgrounds that do not have quotes should no longer break debug output.
Download this release

Release Info

Developer Mvied
Plugin Icon wp plugin WordPress HTTPS (SSL)
Version 3.2
Comparing to
See all releases

Code changes from version 3.1.2 to 3.2

Files changed (35) hide show
  1. admin/css/images/add.png +0 -0
  2. admin/css/images/arrow_left.png +0 -0
  3. admin/css/images/arrow_right.png +0 -0
  4. admin/css/images/delete.png +0 -0
  5. admin/css/settings.css +96 -3
  6. admin/js/metabox.php +2 -9
  7. admin/templates/ajax_message.php +19 -0
  8. admin/templates/metabox/ajax.php +2 -2
  9. admin/templates/metabox/domain_mapping.php +117 -0
  10. admin/templates/metabox/filters.php +3 -5
  11. admin/templates/metabox/network.php +31 -0
  12. admin/templates/metabox/settings.php +27 -24
  13. admin/templates/network.php +23 -0
  14. admin/templates/settings.php +98 -0
  15. lib/Mvied/Plugin.php +13 -5
  16. lib/Mvied/Plugin/Module.php +11 -1
  17. lib/Mvied/Theme.php +44 -27
  18. lib/Mvied/Theme/Module.php +11 -1
  19. lib/WordPressHTTPS.php +439 -406
  20. lib/WordPressHTTPS/Logger.php +0 -2
  21. lib/WordPressHTTPS/Module/Admin.php +4 -23
  22. lib/WordPressHTTPS/Module/Core.php +634 -0
  23. lib/WordPressHTTPS/Module/DomainMapping.php +105 -0
  24. lib/WordPressHTTPS/Module/Filters.php +0 -324
  25. lib/WordPressHTTPS/Module/Hooks.php +0 -293
  26. lib/WordPressHTTPS/Module/Network.php +144 -0
  27. lib/WordPressHTTPS/Module/Parser.php +47 -29
  28. lib/WordPressHTTPS/Module/{Admin/Post.php → Post.php} +2 -2
  29. lib/WordPressHTTPS/Module/{Admin/Settings.php → Settings.php} +53 -62
  30. lib/WordPressHTTPS/Module/UrlFilters.php +103 -0
  31. lib/WordPressHTTPS/Url.php +3 -3
  32. readme.txt +39 -37
  33. screenshot-1.png +0 -0
  34. uninstall.php +35 -15
  35. wordpress-https.php +6 -13
admin/css/images/add.png ADDED
Binary file
admin/css/images/arrow_left.png ADDED
Binary file
admin/css/images/arrow_right.png ADDED
Binary file
admin/css/images/delete.png ADDED
Binary file
admin/css/settings.css CHANGED
@@ -75,16 +75,19 @@
75
  padding-top: 0;
76
  }
77
  #wphttps-main table th {
78
- width: 140px;
79
  line-height: 32px;
80
  padding: 0;
81
  }
82
  #wphttps-main label.label-radio {
83
  display: block;
84
- margin-top: 5px;
 
85
  }
86
  #wphttps-main #settings-reset,
87
- #wphttps-main #filters-reset {
 
 
88
  float: left;
89
  margin-right: 10px;
90
  }
@@ -106,4 +109,94 @@
106
  #wphttps-main #secure_filter_row textarea {
107
  width: 95%;
108
  height: 120px;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
109
  }
75
  padding-top: 0;
76
  }
77
  #wphttps-main table th {
78
+ width: 160px;
79
  line-height: 32px;
80
  padding: 0;
81
  }
82
  #wphttps-main label.label-radio {
83
  display: block;
84
+ margin: 5px 5px 0 0;
85
+ float: left;
86
  }
87
  #wphttps-main #settings-reset,
88
+ #wphttps-main #network-settings-reset,
89
+ #wphttps-main #filters-reset,
90
+ #wphttps-main #domain_mapping-reset {
91
  float: left;
92
  margin-right: 10px;
93
  }
109
  #wphttps-main #secure_filter_row textarea {
110
  width: 95%;
111
  height: 120px;
112
+ }
113
+
114
+ #wphttps-main #admin_menu_row fieldset {
115
+ margin-top: 5px;
116
+ }
117
+
118
+ #wphttps-main input[type="checkbox"] {
119
+ float: left;
120
+ }
121
+ #wphttps-main p.description {
122
+ margin: .5em 0 0 .5em;
123
+ width: 75%;
124
+ display: block;
125
+ float: left;
126
+ line-height: 1.2em;
127
+ }
128
+ #wphttps-main #secure_filter_row p.description {
129
+ margin: .5em 10px 0 0;
130
+ width: auto;
131
+ }
132
+ #wphttps-main #ssl_proxy_row p.description {
133
+ width: 65%;
134
+ }
135
+ #wphttps-main #domain_mapping td {
136
+ padding: 10px 0;
137
+ }
138
+ #wphttps-main #domain_mapping td.arrow {
139
+ padding: 8px 0;
140
+ }
141
+ #wphttps-main #domain_mapping .http_scheme,
142
+ #wphttps-main #domain_mapping .https_scheme {
143
+ width: 30px;
144
+ padding: 10px;
145
+ }
146
+ #wphttps-main #domain_mapping .https_scheme {
147
+ width: 35px;
148
+ }
149
+ #wphttps-main #domain_mapping .http_domain .label,
150
+ #wphttps-main #domain_mapping .https_domain .label {
151
+ display: block;
152
+ float: left;
153
+ text-align: right;
154
+ padding-right: 2%;
155
+ }
156
+ #wphttps-main #domain_mapping input {
157
+ width: 96%;
158
+ padding-left: 2%;
159
+ padding-right: 2%;
160
+ }
161
+ #wphttps-main #domain_mapping .add {
162
+ display: block;
163
+ height: 16px;
164
+ width: 16px;
165
+ overflow: hidden;
166
+ text-indent: -1000em;
167
+ float: left;
168
+ background: url(images/add.png) no-repeat 50% 50%;
169
+ }
170
+ #wphttps-main #domain_mapping .remove {
171
+ display: block;
172
+ height: 16px;
173
+ width: 16px;
174
+ overflow: hidden;
175
+ text-indent: -1000em;
176
+ float: left;
177
+ background: url(images/delete.png) no-repeat 50% 50%;
178
+ }
179
+ #wphttps-main #domain_mapping .arrow .label {
180
+ display: block;
181
+ height: 16px;
182
+ width: 16px;
183
+ overflow: hidden;
184
+ text-indent: -1000em;
185
+ background: url(images/arrow_right.png) no-repeat 50% 50%;
186
+ margin: 0 auto;
187
+ }
188
+
189
+ #wphttps-main #regex-help {
190
+ display: none;
191
+ }
192
+ table.regex-help {
193
+ border-collapse: collapse;
194
+ }
195
+ table.regex-help tr {
196
+ border: 1px solid #000;
197
+ border-width: 1px 1px 0 0;
198
+ }
199
+ table.regex-help td, table.regex-help th {
200
+ border: 1px solid #000;
201
+ border-width: 0 0 1px 1px;
202
  }
admin/js/metabox.php CHANGED
@@ -1,13 +1,6 @@
1
  <?php
2
 
3
- $include_paths = array(
4
- get_include_path(),
5
- realpath(dirname(__FILE__) . '/../../../../..'),
6
- realpath(dirname(__FILE__) . '/../../lib')
7
- );
8
- set_include_path(implode(PATH_SEPARATOR, $include_paths));
9
- require_once('wp-load.php');
10
- require_once('WordPressHTTPS.php');
11
 
12
  // Disable errors
13
  error_reporting(0);
@@ -21,7 +14,7 @@ header('Cache-Control: post-check=0, pre-check=0', FALSE);
21
  header('Pragma: no-cache');
22
  header("Vary: Accept-Encoding");
23
 
24
- if ( ! wp_verify_nonce($_POST['nonce'], $_POST['id']) ) {
25
  exit;
26
  }
27
 
1
  <?php
2
 
3
+ require_once(realpath(dirname(__FILE__) . '/../../../../..') . '/wp-load.php');
 
 
 
 
 
 
 
4
 
5
  // Disable errors
6
  error_reporting(0);
14
  header('Pragma: no-cache');
15
  header("Vary: Accept-Encoding");
16
 
17
+ if ( ! wp_verify_nonce($_POST['_nonce'], 'wordpress-https') ) {
18
  exit;
19
  }
20
 
admin/templates/ajax_message.php ADDED
@@ -0,0 +1,19 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ if ( array_key_exists('ajax', $_POST) ) {
4
+ error_reporting(0);
5
+ while(@ob_end_clean());
6
+ if ( sizeof( $errors ) > 0 ) {
7
+ echo "<div class=\"error below-h2 fade wphttps-message\" id=\"message\">\n\t<ul>\n";
8
+ foreach ( $errors as $error ) {
9
+ echo "\t\t<li><p>".$error."</p></li>\n";
10
+ }
11
+ echo "\t</ul>\n</div>\n";
12
+ } else {
13
+ echo "<div class=\"updated below-h2 fade wphttps-message\" id=\"message\"><p>" . $message . "</p></div>\n";
14
+ if ( $logout || $reload ) {
15
+ echo "<script type=\"text/javascript\">window.location.reload();</script>";
16
+ }
17
+ }
18
+ exit();
19
+ }
admin/templates/metabox/ajax.php CHANGED
@@ -1,5 +1,5 @@
1
  <?php
2
- $nonce = wp_create_nonce($metabox['id']);
3
  ?><script type="text/javascript">
4
  jQuery(document).ready(function($) {
5
  var loading = $('<img alt="Loading..." src="<?php echo admin_url('/images/wpspin_light.gif'); ?>" class="loading" />');
@@ -12,7 +12,7 @@ jQuery(document).ready(function($) {
12
  data: {
13
  id : '<?php echo $metabox['id']; ?>',
14
  url : '<?php echo $metabox['args']['url']; ?>',
15
- nonce : '<?php echo $nonce; ?>'
16
  },
17
  success: function(response) {
18
  $('#<?php echo $metabox['id']; ?> .inside').html(response);
1
  <?php
2
+ $nonce = wp_create_nonce($this->getPlugin()->getSlug());
3
  ?><script type="text/javascript">
4
  jQuery(document).ready(function($) {
5
  var loading = $('<img alt="Loading..." src="<?php echo admin_url('/images/wpspin_light.gif'); ?>" class="loading" />');
12
  data: {
13
  id : '<?php echo $metabox['id']; ?>',
14
  url : '<?php echo $metabox['args']['url']; ?>',
15
+ _nonce : '<?php echo $nonce; ?>'
16
  },
17
  success: function(response) {
18
  $('#<?php echo $metabox['id']; ?> .inside').html(response);
admin/templates/metabox/domain_mapping.php ADDED
@@ -0,0 +1,117 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <form name="<?php echo $this->getPlugin()->getSlug(); ?>_domain_mapping_form" id="<?php echo $this->getPlugin()->getSlug(); ?>_domain_mapping_form" action="<?php echo $_SERVER['REQUEST_URI']; ?>" method="post">
2
+ <?php settings_fields($this->getPlugin()->getSlug()); ?>
3
+
4
+ <p>Domain mapping allows you to map external domains that host their HTTPS content on a different domain. You may use <a href="#TB_inline?height=155&width=350&inlineId=regex-help&" class="thickbox" title="Regular Expressions Help">regular expressions</a>.</p>
5
+
6
+ <table class="form-table" id="domain_mapping">
7
+ <thead>
8
+ </thead>
9
+ <?php
10
+ $ssl_host_mapping = ( is_array($this->getPlugin()->getSetting('ssl_host_mapping')) ? $this->getPlugin()->getSetting('ssl_host_mapping') : array() );
11
+ foreach( $ssl_host_mapping as $http_domain => $https_domain ) {
12
+ ?>
13
+ <tr valign="top" class="domain_mapping_row">
14
+ <td class="http_scheme">
15
+ <span class="label">http://</span>
16
+ </td>
17
+ <td class="http_domain">
18
+ <input type="text" name="http_domain[]" value="<?=$http_domain?>" />
19
+ </td>
20
+ <td class="arrow">
21
+ <span class="label">&gt;</span>
22
+ </td>
23
+ <td class="https_scheme">
24
+ <span class="label">https://</span>
25
+ </td>
26
+ <td class="https_domain">
27
+ <input type="text" name="https_domain[]" value="<?=$https_domain?>" />
28
+ </td>
29
+ <td class="controls">
30
+ <a class="remove" href="#" title="Remove URL Filter">Remove</a>
31
+ <a class="add" href="#" title="Add URL Filter">Add</a>
32
+ </td>
33
+ </tr>
34
+
35
+ <?php } ?>
36
+ <tr valign="top" class="domain_mapping_row">
37
+ <td class="http_scheme">
38
+ <span class="label">http://</span>
39
+ </td>
40
+ <td class="http_domain">
41
+ <input type="text" name="http_domain[]" value="" />
42
+ </td>
43
+ <td class="arrow">
44
+ <span class="label">&gt;</span>
45
+ </td>
46
+ <td class="https_scheme">
47
+ <span class="label">https://</span>
48
+ </td>
49
+ <td class="https_domain">
50
+ <input type="text" name="https_domain[]" value="" />
51
+ </td>
52
+ <td class="controls">
53
+ <a class="remove" href="#" title="Remove URL Filter">Remove</a>
54
+ <a class="add" href="#" title="Add URL Filter">Add</a>
55
+ </td>
56
+ </tr>
57
+ </table>
58
+
59
+ <input type="hidden" name="action" value="wphttps-domain-mapping" />
60
+
61
+ <p class="button-controls">
62
+ <input type="submit" name="domain_mapping-save" value="Save Changes" class="button-primary" id="domain_mapping-save" />
63
+ <input type="submit" name="domain_mapping-reset" value="Reset" class="button-secondary" id="domain_mapping-reset" />
64
+ <img alt="Waiting..." src="<?php echo admin_url('/images/wpspin_light.gif'); ?>" class="waiting submit-waiting" />
65
+ </p>
66
+ </form>
67
+ <script type="text/javascript">
68
+ jQuery(document).ready(function($) {
69
+ $('#<?php echo $this->getPlugin()->getSlug(); ?>_domain_mapping_form').submit(function() {
70
+ $('#<?php echo $this->getPlugin()->getSlug(); ?>_domain_mapping_form .submit-waiting').show();
71
+ }).ajaxForm({
72
+ data: { ajax: '1'},
73
+ success: function(responseText, textStatus, XMLHttpRequest) {
74
+ $('#<?php echo $this->getPlugin()->getSlug(); ?>_domain_mapping_form .submit-waiting').hide();
75
+ $('#message-body').html(responseText).fadeOut(0).fadeIn().delay(5000).fadeOut();
76
+ }
77
+ });
78
+
79
+ if ( $('#domain_mapping tr').length <= 1 ) {
80
+ $('#domain_mapping .remove').hide();
81
+ } else {
82
+ $('#domain_mapping .remove').show();
83
+ $('#domain_mapping .add').hide();
84
+ $('#domain_mapping tr:last-child .add').show();
85
+ }
86
+
87
+ $('.domain_mapping_row .add').live('click', function(e) {
88
+ e.preventDefault();
89
+ var row = $(this).parents('tr').clone();
90
+ row.find('input').val('');
91
+ $(this).parents('table').append(row);
92
+ $(this).hide();
93
+ $('#domain_mapping .remove').show();
94
+ return false;
95
+ });
96
+
97
+ $('.domain_mapping_row .remove').live('click', function(e) {
98
+ e.preventDefault();
99
+ $(this).parents('tr').remove();
100
+ if ( $('#domain_mapping tr').length <= 1 ) {
101
+ $('#domain_mapping .remove').hide();
102
+ } else {
103
+ $('#domain_mapping .remove').show();
104
+ }
105
+ $('#domain_mapping .add').hide();
106
+ $('#domain_mapping tr:last-child .add').show();
107
+ return false;
108
+ });
109
+
110
+ $('#domain_mapping-reset').click(function(e, el) {
111
+ if ( ! confirm('Are you sure you want to reset all WordPress HTTPS domain mappings?') ) {
112
+ e.preventDefault();
113
+ return false;
114
+ }
115
+ });
116
+ });
117
+ </script>
admin/templates/metabox/filters.php CHANGED
@@ -1,26 +1,24 @@
1
  <form name="<?php echo $this->getPlugin()->getSlug(); ?>_filters_form" id="<?php echo $this->getPlugin()->getSlug(); ?>_filters_form" action="<?php echo $_SERVER['REQUEST_URI']; ?>" method="post">
2
  <?php settings_fields($this->getPlugin()->getSlug()); ?>
3
-
4
  <table class="form-table">
5
  <tr valign="top" id="secure_filter_row">
6
  <th scope="row">
7
  Secure Filters
8
- <p class="description">Example: If you have an E-commerce shop and all of the URL's begin with /store/, you could secure all store links by entering '/store/' on one line.</p>
9
  </th>
10
  <td>
11
  <textarea name="secure_filter" id="secure_filter"><?php echo implode("\n", $this->getPlugin()->getSetting('secure_filter')); ?></textarea>
12
  </td>
13
  </tr>
14
  </table>
15
-
16
- <input type="hidden" name="action" value="save" />
17
-
18
  <p class="button-controls">
19
  <input type="submit" name="filters-save" value="Save Changes" class="button-primary" id="filters-save" />
20
  <input type="submit" name="filters-reset" value="Reset" class="button-secondary" id="filters-reset" />
21
  <img alt="Waiting..." src="<?php echo admin_url('/images/wpspin_light.gif'); ?>" class="waiting submit-waiting" />
22
  </p>
23
  </form>
 
24
  <script type="text/javascript">
25
  jQuery(document).ready(function($) {
26
  $('#<?php echo $this->getPlugin()->getSlug(); ?>_filters_form').submit(function() {
1
  <form name="<?php echo $this->getPlugin()->getSlug(); ?>_filters_form" id="<?php echo $this->getPlugin()->getSlug(); ?>_filters_form" action="<?php echo $_SERVER['REQUEST_URI']; ?>" method="post">
2
  <?php settings_fields($this->getPlugin()->getSlug()); ?>
 
3
  <table class="form-table">
4
  <tr valign="top" id="secure_filter_row">
5
  <th scope="row">
6
  Secure Filters
7
+ <p class="description">Example: If you have an E-commerce shop and all of the URL's begin with /store/, you could secure all store links by entering '/store/' on one line. You may use <a href="#TB_inline?height=155&width=350&inlineId=regex-help" class="thickbox" title="Regular Expressions Help">regular expressions</a>.</p>
8
  </th>
9
  <td>
10
  <textarea name="secure_filter" id="secure_filter"><?php echo implode("\n", $this->getPlugin()->getSetting('secure_filter')); ?></textarea>
11
  </td>
12
  </tr>
13
  </table>
14
+ <input type="hidden" name="action" value="wphttps-filters" />
 
 
15
  <p class="button-controls">
16
  <input type="submit" name="filters-save" value="Save Changes" class="button-primary" id="filters-save" />
17
  <input type="submit" name="filters-reset" value="Reset" class="button-secondary" id="filters-reset" />
18
  <img alt="Waiting..." src="<?php echo admin_url('/images/wpspin_light.gif'); ?>" class="waiting submit-waiting" />
19
  </p>
20
  </form>
21
+
22
  <script type="text/javascript">
23
  jQuery(document).ready(function($) {
24
  $('#<?php echo $this->getPlugin()->getSlug(); ?>_filters_form').submit(function() {
admin/templates/metabox/network.php ADDED
@@ -0,0 +1,31 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <form name="<?php echo $this->getPlugin()->getSlug(); ?>_settings_form" id="<?php echo $this->getPlugin()->getSlug(); ?>_settings_form" action="<?php echo $_SERVER['REQUEST_URI']; ?>" method="post">
2
+ <?php settings_fields($this->getPlugin()->getSlug()); ?>
3
+
4
+ <input type="hidden" name="action" value="wphttps-network" />
5
+
6
+ <p class="button-controls">
7
+ <input type="submit" name="settings-save" value="Save Changes" class="button-primary" id="network-settings-save" />
8
+ <input type="submit" name="settings-reset" value="Reset" class="button-secondary" id="network-settings-reset" />
9
+ <img alt="Waiting..." src="<?php echo admin_url('/images/wpspin_light.gif'); ?>" class="waiting submit-waiting" />
10
+ </p>
11
+ </form>
12
+ <script type="text/javascript">
13
+ jQuery(document).ready(function($) {
14
+ $('#<?php echo $this->getPlugin()->getSlug(); ?>_settings_form').submit(function() {
15
+ $('#<?php echo $this->getPlugin()->getSlug(); ?>_settings_form .submit-waiting').show();
16
+ }).ajaxForm({
17
+ data: { ajax: '1'},
18
+ success: function(responseText, textStatus, XMLHttpRequest) {
19
+ $('#<?php echo $this->getPlugin()->getSlug(); ?>_settings_form .submit-waiting').hide();
20
+ $('#message-body').html(responseText).fadeOut(0).fadeIn().delay(5000).fadeOut();
21
+ }
22
+ });
23
+
24
+ $('#settings-reset').click(function(e, el) {
25
+ if ( ! confirm('Are you sure you want to reset all WordPress HTTPS network settings?') ) {
26
+ e.preventDefault();
27
+ return false;
28
+ }
29
+ });
30
+ });
31
+ </script>
admin/templates/metabox/settings.php CHANGED
@@ -24,6 +24,18 @@
24
  </fieldset>
25
  </td>
26
  </tr>
 
 
 
 
 
 
 
 
 
 
 
 
27
  <tr valign="top" id="exclusive_https_row">
28
  <th scope="row">Force SSL Exclusively</th>
29
  <td>
@@ -31,29 +43,31 @@
31
  <label for="exclusive_https">
32
  <input type="hidden" name="exclusive_https" value="0" />
33
  <input name="exclusive_https" type="checkbox" id="exclusive_https" value="1"<?php echo (($this->getPlugin()->getSetting('exclusive_https')) ? ' checked="checked"' : ''); ?> />
34
- Posts and pages without <a href="<?php echo parse_url($this->getPlugin()->getPluginUrl(), PHP_URL_PATH); ?>/screenshot-2.png" class="thickbox">Force SSL</a> enabled will be redirected to HTTP.
35
  </label>
36
  </fieldset>
37
  </td>
38
  </tr>
39
- <tr valign="top" id="ssl_admin_row">
40
- <th scope="row">Force SSL Administration</th>
41
  <td>
42
  <fieldset>
43
- <label for="ssl_admin">
44
- <input type="hidden" name="ssl_admin" value="0" />
45
- <input name="ssl_admin" type="checkbox" id="ssl_admin" value="1"<?php echo (($this->getPlugin()->getSetting('ssl_admin')) ? ' checked="checked"' : ''); ?><?php echo ((force_ssl_admin()) ? ' disabled="disabled" title="FORCE_SSL_ADMIN is true in wp-config.php"' : ''); ?> />
 
46
  </label>
47
  </fieldset>
48
  </td>
49
  </tr>
50
- <tr valign="top" id="frontpage_row">
51
- <th scope="row">Secure Front Page</th>
52
  <td>
53
  <fieldset>
54
- <label for="frontpage">
55
- <input type="hidden" name="frontpage" value="0" />
56
- <input name="frontpage" type="checkbox" id="frontpage" value="1"<?php echo (($this->getPlugin()->getSetting('frontpage')) ? ' checked="checked"' : ''); ?> />
 
57
  </label>
58
  </fieldset>
59
  </td>
@@ -67,18 +81,7 @@
67
  <input type="radio" name="ssl_proxy" value="auto"<?php echo (($this->getPlugin()->getSetting('ssl_proxy') === 'auto') ? ' checked="checked"' : ''); ?>> <span>Auto</span>
68
  <input type="radio" name="ssl_proxy" value="1"<?php echo (($this->getPlugin()->getSetting('ssl_proxy') == 1) ? ' checked="checked"' : ''); ?>> <span>Yes</span>
69
  </label>
70
- </fieldset>
71
- </td>
72
- </tr>
73
- <tr valign="top" id="debug_row">
74
- <th scope="row">Debug Mode</th>
75
- <td>
76
- <fieldset>
77
- <label for="debug">
78
- <input type="hidden" name="debug" value="0" />
79
- <input name="debug" type="checkbox" id="debug" value="1"<?php echo (($this->getPlugin()->getSetting('debug')) ? ' checked="checked"' : ''); ?> />
80
- Outputs debug information to the browser's console.
81
- </label>
82
  </fieldset>
83
  </td>
84
  </tr>
@@ -97,7 +100,7 @@
97
  </tr>
98
  </table>
99
 
100
- <input type="hidden" name="action" value="save" />
101
  <input type="hidden" name="ssl_host_subdomain" value="<?php echo (($this->getPlugin()->getSetting('ssl_host_subdomain') != 1) ? 0 : 1); ?>" />
102
  <input type="hidden" name="ssl_host_diff" value="<?php echo (($this->getPlugin()->getSetting('ssl_host_diff') != 1) ? 0 : 1); ?>" />
103
 
24
  </fieldset>
25
  </td>
26
  </tr>
27
+ <tr valign="top" id="ssl_admin_row">
28
+ <th scope="row">Force SSL Administration</th>
29
+ <td>
30
+ <fieldset>
31
+ <label for="ssl_admin">
32
+ <input type="hidden" name="ssl_admin" value="0" />
33
+ <input name="ssl_admin" type="checkbox" id="ssl_admin" value="1"<?php echo ((force_ssl_admin()) ? ' checked="checked" disabled="disabled" title="FORCE_SSL_ADMIN is true in wp-config.php"' : (($this->getPlugin()->getSetting('ssl_admin')) ? ' checked="checked"' : '') ); ?> />
34
+ <p class="description">Always use HTTPS while in the admin panel. This setting is identical to <a href="http://codex.wordpress.org/Administration_Over_SSL#Example_2" target="_blank">FORCE_SSL_ADMIN</a>.</p>
35
+ </label>
36
+ </fieldset>
37
+ </td>
38
+ </tr>
39
  <tr valign="top" id="exclusive_https_row">
40
  <th scope="row">Force SSL Exclusively</th>
41
  <td>
43
  <label for="exclusive_https">
44
  <input type="hidden" name="exclusive_https" value="0" />
45
  <input name="exclusive_https" type="checkbox" id="exclusive_https" value="1"<?php echo (($this->getPlugin()->getSetting('exclusive_https')) ? ' checked="checked"' : ''); ?> />
46
+ <p class="description">Any page that is not secured via <a href="<?php echo parse_url($this->getPlugin()->getPluginUrl(), PHP_URL_PATH); ?>/screenshot-2.png" class="thickbox">Force SSL</a> or URL Filters will be redirected to HTTP.</p>
47
  </label>
48
  </fieldset>
49
  </td>
50
  </tr>
51
+ <tr valign="top" id="remove_unsecure_row">
52
+ <th scope="row">Remove Unsecure Elements</th>
53
  <td>
54
  <fieldset>
55
+ <label for="remove_unsecure">
56
+ <input type="hidden" name="remove_unsecure" value="0" />
57
+ <input name="remove_unsecure" type="checkbox" id="remove_unsecure" value="1"<?php echo (($this->getPlugin()->getSetting('remove_unsecure')) ? ' checked="checked"' : ''); ?> />
58
+ <p class="description">Remove elements inaccessible over HTTPS. May break other plugins' functionality.</p>
59
  </label>
60
  </fieldset>
61
  </td>
62
  </tr>
63
+ <tr valign="top" id="debug_row">
64
+ <th scope="row">Debug Mode</th>
65
  <td>
66
  <fieldset>
67
+ <label for="debug">
68
+ <input type="hidden" name="debug" value="0" />
69
+ <input name="debug" type="checkbox" id="debug" value="1"<?php echo (($this->getPlugin()->getSetting('debug')) ? ' checked="checked"' : ''); ?> />
70
+ <p class="description">Outputs debug information to the browser's console.</p>
71
  </label>
72
  </fieldset>
73
  </td>
81
  <input type="radio" name="ssl_proxy" value="auto"<?php echo (($this->getPlugin()->getSetting('ssl_proxy') === 'auto') ? ' checked="checked"' : ''); ?>> <span>Auto</span>
82
  <input type="radio" name="ssl_proxy" value="1"<?php echo (($this->getPlugin()->getSetting('ssl_proxy') == 1) ? ' checked="checked"' : ''); ?>> <span>Yes</span>
83
  </label>
84
+ <p class="description">If you think you may behind a proxy, set to Auto. Otherwise, leave the setting on No.</p>
 
 
 
 
 
 
 
 
 
 
 
85
  </fieldset>
86
  </td>
87
  </tr>
100
  </tr>
101
  </table>
102
 
103
+ <input type="hidden" name="action" value="wphttps-settings" />
104
  <input type="hidden" name="ssl_host_subdomain" value="<?php echo (($this->getPlugin()->getSetting('ssl_host_subdomain') != 1) ? 0 : 1); ?>" />
105
  <input type="hidden" name="ssl_host_diff" value="<?php echo (($this->getPlugin()->getSetting('ssl_host_diff') != 1) ? 0 : 1); ?>" />
106
 
admin/templates/network.php ADDED
@@ -0,0 +1,23 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ require_once('../includes/template.php'); // WordPress Dashboard Functions
3
+ ?>
4
+
5
+ <div class="wphttps-message-wrap" id="message-wrap"><div id="message-body"></div></div>
6
+
7
+ <div class="wrap" id="wphttps-main">
8
+ <div id="icon-options-https" class="icon32"><br /></div>
9
+ <h2>HTTPS</h2>
10
+
11
+ <?php
12
+ wp_nonce_field('closedpostboxes', 'closedpostboxesnonce', false );
13
+ wp_nonce_field('meta-box-order', 'meta-box-order-nonce', false );
14
+ ?>
15
+ <div id="poststuff" class="columns metabox-holder">
16
+ <div class="postbox-container column-primary">
17
+ <?php do_meta_boxes('toplevel_page_' . $this->getPlugin()->getSlug() . '_network', 'main', $this); ?>
18
+ </div>
19
+ <div class="postbox-container column-secondary">
20
+ <?php do_meta_boxes('toplevel_page_' . $this->getPlugin()->getSlug(), 'side', $this); // Use side from regular settings ?>
21
+ </div>
22
+ </div>
23
+ </div>
admin/templates/settings.php CHANGED
@@ -20,4 +20,102 @@ require_once('includes/template.php'); // WordPress Dashboard Functions
20
  <?php do_meta_boxes('toplevel_page_' . $this->getPlugin()->getSlug(), 'side', $this); ?>
21
  </div>
22
  </div>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
23
  </div>
20
  <?php do_meta_boxes('toplevel_page_' . $this->getPlugin()->getSlug(), 'side', $this); ?>
21
  </div>
22
  </div>
23
+
24
+ <div id="regex-help">
25
+ <h3>Expressions</h3>
26
+ <table class="regex-help">
27
+ <tr>
28
+ <td>[abc]</td>
29
+ <td>A single character: a, b, or c</td>
30
+ </tr>
31
+ <tr>
32
+ <td>[^abc]</td>
33
+ <td>Any single character <em>but</em> a, b, or c</td>
34
+ </tr>
35
+ <tr>
36
+ <td>[a-z]</td>
37
+ <td>Any character in the range a-z</td>
38
+ </tr>
39
+ <tr>
40
+ <td>[a-zA-Z]</td>
41
+ <td>Any character in the range a-z or A-Z (any alphabetical character)</td>
42
+ </tr>
43
+ <tr>
44
+ <td>\s</td>
45
+ <td>Any whitespace character [ \t\n\r\f\v]</td>
46
+ </tr>
47
+ <tr>
48
+ <td>\S</td>
49
+ <td>Any non-whitespace character [^ \t\n\r\f\v]</td>
50
+ </tr>
51
+ <tr>
52
+ <td>\d</td>
53
+ <td>Any digit [0-9]</td>
54
+ </tr>
55
+ <tr>
56
+ <td>\D</td>
57
+ <td>Any non-digit [^0-9]</td>
58
+ </tr>
59
+ <tr>
60
+ <td>\w</td>
61
+ <td>Any word character [a-zA-Z0-9_]</td>
62
+ </tr>
63
+ <tr>
64
+ <td>\W</td>
65
+ <td>Any non-word character [^a-zA-Z0-9_]</td>
66
+ </tr>
67
+ <tr>
68
+ <td>\b</td>
69
+ <td>A word boundary between \w and \W</td>
70
+ </tr>
71
+ <tr>
72
+ <td>\B</td>
73
+ <td>A position that is not a word boundary</td>
74
+ </tr>
75
+ <tr>
76
+ <td>|</td>
77
+ <td>Alternation: matches either the subexpression to the left or to the right</td>
78
+ </tr>
79
+ <tr>
80
+ <td>()</td>
81
+ <td>Grouping: group all together for repetition operators</td>
82
+ </tr>
83
+ <tr>
84
+ <td>^</td>
85
+ <td>Beginning of the string</td>
86
+ </tr>
87
+ <tr>
88
+ <td>$</td>
89
+ <td>End of the string</td>
90
+ </tr>
91
+ </table>
92
+ <h3>Repetition&#160;Operators</h3>
93
+ <table class="regex-help">
94
+ <tr>
95
+ <td>{n,m}</td>
96
+ <td>Match the previous item at least <em>n</em> times but no more than <em>m</em>
97
+ times</td>
98
+ </tr>
99
+ <tr>
100
+ <td>{n,}</td>
101
+ <td>Match the previous item <em>n</em> or more times</td>
102
+ </tr>
103
+ <tr>
104
+ <td>{n}</td>
105
+ <td>Match exactly <em>n</em> occurrences of the previous item</td>
106
+ </tr>
107
+ <tr>
108
+ <td>?</td>
109
+ <td>Match 0 or 1 occurrences of the previous item {0,1}</td>
110
+ </tr>
111
+ <tr>
112
+ <td>+</td>
113
+ <td>Match 1 or more occurrences of the previous item {1,}</td>
114
+ </tr>
115
+ <tr>
116
+ <td>*</td>
117
+ <td>Match 0 or more occurrences of the previous item {0,}</td>
118
+ </tr>
119
+ </table>
120
+ </div>
121
  </div>
lib/Mvied/Plugin.php CHANGED
@@ -267,20 +267,25 @@ class Mvied_Plugin {
267
  public function getSettings() {
268
  return $this->_settings;
269
  }
270
-
271
  /**
272
  * Set Plugin Setting
273
  *
274
  * @param string $setting
275
  * @param mixed $value
 
276
  * @return $this
277
  */
278
- public function setSetting( $setting, $value ) {
279
- $setting = $this->getSlug() . '_' . $setting;
280
- update_option($setting, $value);
 
 
 
 
281
  return $this;
282
  }
283
-
284
  /**
285
  * Set Slug
286
  *
@@ -336,6 +341,9 @@ class Mvied_Plugin {
336
  foreach( $modules as $module ) {
337
  $module->init();
338
  }
 
 
 
339
  return $this;
340
  }
341
 
267
  public function getSettings() {
268
  return $this->_settings;
269
  }
270
+
271
  /**
272
  * Set Plugin Setting
273
  *
274
  * @param string $setting
275
  * @param mixed $value
276
+ * @param int $blog_id
277
  * @return $this
278
  */
279
+ public function setSetting( $setting, $value, $blog_id = 0 ) {
280
+ $setting_full = $this->getSlug() . '_' . $setting;
281
+ if ( $blog_id > 0 ) {
282
+ update_blog_option($blog_id, $setting_full, $value);
283
+ } else {
284
+ update_option($setting_full, $value);
285
+ }
286
  return $this;
287
  }
288
+
289
  /**
290
  * Set Slug
291
  *
341
  foreach( $modules as $module ) {
342
  $module->init();
343
  }
344
+ if ( isset($this->_slug) ) {
345
+ do_action($this->_slug . '_init');
346
+ }
347
  return $this;
348
  }
349
 
lib/Mvied/Plugin/Module.php CHANGED
@@ -8,7 +8,7 @@
8
  * @author Mike Ems
9
  * @package Mvied
10
  */
11
- class Mvied_Plugin_Module {
12
 
13
  /**
14
  * Plugin object that this module extends
@@ -17,6 +17,16 @@ class Mvied_Plugin_Module {
17
  */
18
  protected $_plugin;
19
 
 
 
 
 
 
 
 
 
 
 
20
  /**
21
  * Set Plugin
22
  *
8
  * @author Mike Ems
9
  * @package Mvied
10
  */
11
+ class Mvied_Plugin_Module implements Mvied_Plugin_Module_Interface {
12
 
13
  /**
14
  * Plugin object that this module extends
17
  */
18
  protected $_plugin;
19
 
20
+ /**
21
+ *
22
+ * Initializes the module
23
+ * @param none
24
+ * @return void
25
+ */
26
+ public function init() {
27
+ throw new Exception('No init method in ' . get_class($this));
28
+ }
29
+
30
  /**
31
  * Set Plugin
32
  *
lib/Mvied/Theme.php CHANGED
@@ -1,38 +1,42 @@
1
  <?php
2
  /**
 
 
3
  * @author Mike Ems
4
  * @package Mvied
5
  */
6
  class Mvied_Theme {
7
-
 
 
 
 
 
 
8
  /**
9
  * Module directory
10
  *
11
  * @var string
12
  */
13
  protected $_module_directory;
14
-
15
  /**
16
  * Loaded Modules
17
  *
18
  * @var array
19
  */
20
  protected $_modules = array();
21
-
22
  /**
23
  * Logger
24
  *
25
  * @var Mvied_Logger_Interface
26
  */
27
  protected $_logger;
28
-
29
  /**
30
  * Theme Settings
31
  *
32
  * @var array
33
  */
34
  protected $_settings = array();
35
-
36
  /**
37
  * Theme Slug
38
  *
@@ -49,6 +53,27 @@ class Mvied_Theme {
49
  */
50
  protected $_version;
51
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
52
  /**
53
  * Set Module Directory
54
  *
@@ -98,7 +123,6 @@ class Mvied_Theme {
98
  }
99
  return $modules;
100
  }
101
-
102
  /**
103
  * Get Module
104
  *
@@ -115,7 +139,6 @@ class Mvied_Theme {
115
 
116
  die('Module not found: \'' . $module . '\'.');
117
  }
118
-
119
  /**
120
  * Get Modules
121
  *
@@ -143,7 +166,6 @@ class Mvied_Theme {
143
  $this->_modules[$module] = $object;
144
  return $this;
145
  }
146
-
147
  /**
148
  * Set Logger
149
  *
@@ -168,7 +190,6 @@ class Mvied_Theme {
168
 
169
  return $this->_logger->getInstance();
170
  }
171
-
172
  /**
173
  * Get Theme Setting
174
  *
@@ -183,7 +204,6 @@ class Mvied_Theme {
183
  } else {
184
  $value = get_option($setting_full);
185
  }
186
-
187
  // Load default option
188
  if ( $value === false ) {
189
  $value = $this->_settings[$setting];
@@ -199,7 +219,6 @@ class Mvied_Theme {
199
  }
200
  return $value;
201
  }
202
-
203
  /**
204
  * Get Theme Settings
205
  *
@@ -209,20 +228,25 @@ class Mvied_Theme {
209
  public function getSettings() {
210
  return $this->_settings;
211
  }
212
-
213
  /**
214
- * Set Theme Setting
215
  *
216
  * @param string $setting
217
  * @param mixed $value
 
218
  * @return $this
219
  */
220
- public function setSetting( $setting, $value ) {
221
- $setting = $this->getSlug() . '_' . $setting;
222
- update_option($setting, $value);
 
 
 
 
223
  return $this;
224
  }
225
-
226
  /**
227
  * Set Slug
228
  *
@@ -278,9 +302,11 @@ class Mvied_Theme {
278
  foreach( $modules as $module ) {
279
  $module->init();
280
  }
 
 
 
281
  return $this;
282
  }
283
-
284
  /**
285
  * Is Module Loaded?
286
  *
@@ -294,7 +320,6 @@ class Mvied_Theme {
294
  return false;
295
  }
296
  }
297
-
298
  /**
299
  * Load Module
300
  *
@@ -312,7 +337,6 @@ class Mvied_Theme {
312
  $filename = $filename . '.php';
313
 
314
  require_once($this->getModuleDirectory() . $filename);
315
-
316
  $class = $base_class . '_' . str_replace('\\', '_', $module_full);
317
  if ( ! isset($this->_modules[$class]) || ! is_object($this->_modules[$class]) || get_class($this->_modules[$class]) != $class ) {
318
  try {
@@ -323,10 +347,8 @@ class Mvied_Theme {
323
  die('Unable to load module: \'' . $module . '\'. ' . $e->getMessage());
324
  }
325
  }
326
-
327
  return $this;
328
  }
329
-
330
  /**
331
  * Load Modules
332
  *
@@ -339,13 +361,11 @@ class Mvied_Theme {
339
  if ( sizeof($modules) == 0 ) {
340
  $modules = $this->getAvailableModules();
341
  }
342
-
343
  foreach( $modules as $module ) {
344
  $this->loadModule( $module );
345
  }
346
  return $this;
347
  }
348
-
349
  /**
350
  * Unload Module
351
  *
@@ -359,14 +379,11 @@ class Mvied_Theme {
359
  $base_class = get_class($this);
360
  }
361
  $module = 'Module\\' . $module;
362
-
363
  $modules = $this->getModules();
364
 
365
  unset($modules[$module]);
366
 
367
  $this->_modules = $modules;
368
-
369
  return $this;
370
  }
371
-
372
  }
1
  <?php
2
  /**
3
+ * Base class for a WordPress theme.
4
+ *
5
  * @author Mike Ems
6
  * @package Mvied
7
  */
8
  class Mvied_Theme {
9
+ /**
10
+ * Base directory
11
+ *
12
+ * @var string
13
+ */
14
+ protected $_directory;
15
+
16
  /**
17
  * Module directory
18
  *
19
  * @var string
20
  */
21
  protected $_module_directory;
 
22
  /**
23
  * Loaded Modules
24
  *
25
  * @var array
26
  */
27
  protected $_modules = array();
 
28
  /**
29
  * Logger
30
  *
31
  * @var Mvied_Logger_Interface
32
  */
33
  protected $_logger;
 
34
  /**
35
  * Theme Settings
36
  *
37
  * @var array
38
  */
39
  protected $_settings = array();
 
40
  /**
41
  * Theme Slug
42
  *
53
  */
54
  protected $_version;
55
 
56
+ /**
57
+ * Set Directory
58
+ *
59
+ * @param string $directory
60
+ * @return object $this
61
+ */
62
+ public function setDirectory( $directory ) {
63
+ $this->_directory = $directory;
64
+ return $this;
65
+ }
66
+
67
+ /**
68
+ * Get Directory
69
+ *
70
+ * @param none
71
+ * @return string
72
+ */
73
+ public function getDirectory() {
74
+ return $this->_directory;
75
+ }
76
+
77
  /**
78
  * Set Module Directory
79
  *
123
  }
124
  return $modules;
125
  }
 
126
  /**
127
  * Get Module
128
  *
139
 
140
  die('Module not found: \'' . $module . '\'.');
141
  }
 
142
  /**
143
  * Get Modules
144
  *
166
  $this->_modules[$module] = $object;
167
  return $this;
168
  }
 
169
  /**
170
  * Set Logger
171
  *
190
 
191
  return $this->_logger->getInstance();
192
  }
 
193
  /**
194
  * Get Theme Setting
195
  *
204
  } else {
205
  $value = get_option($setting_full);
206
  }
 
207
  // Load default option
208
  if ( $value === false ) {
209
  $value = $this->_settings[$setting];
219
  }
220
  return $value;
221
  }
 
222
  /**
223
  * Get Theme Settings
224
  *
228
  public function getSettings() {
229
  return $this->_settings;
230
  }
231
+
232
  /**
233
+ * Set Plugin Setting
234
  *
235
  * @param string $setting
236
  * @param mixed $value
237
+ * @param int $blog_id
238
  * @return $this
239
  */
240
+ public function setSetting( $setting, $value, $blog_id = 0 ) {
241
+ $setting_full = $this->getSlug() . '_' . $setting;
242
+ if ( $blog_id > 0 ) {
243
+ update_blog_option($blog_id, $setting_full, $value);
244
+ } else {
245
+ update_option($setting_full, $value);
246
+ }
247
  return $this;
248
  }
249
+
250
  /**
251
  * Set Slug
252
  *
302
  foreach( $modules as $module ) {
303
  $module->init();
304
  }
305
+ if ( isset($this->_slug) ) {
306
+ do_action($this->_slug . '_init');
307
+ }
308
  return $this;
309
  }
 
310
  /**
311
  * Is Module Loaded?
312
  *
320
  return false;
321
  }
322
  }
 
323
  /**
324
  * Load Module
325
  *
337
  $filename = $filename . '.php';
338
 
339
  require_once($this->getModuleDirectory() . $filename);
 
340
  $class = $base_class . '_' . str_replace('\\', '_', $module_full);
341
  if ( ! isset($this->_modules[$class]) || ! is_object($this->_modules[$class]) || get_class($this->_modules[$class]) != $class ) {
342
  try {
347
  die('Unable to load module: \'' . $module . '\'. ' . $e->getMessage());
348
  }
349
  }
 
350
  return $this;
351
  }
 
352
  /**
353
  * Load Modules
354
  *
361
  if ( sizeof($modules) == 0 ) {
362
  $modules = $this->getAvailableModules();
363
  }
 
364
  foreach( $modules as $module ) {
365
  $this->loadModule( $module );
366
  }
367
  return $this;
368
  }
 
369
  /**
370
  * Unload Module
371
  *
379
  $base_class = get_class($this);
380
  }
381
  $module = 'Module\\' . $module;
 
382
  $modules = $this->getModules();
383
 
384
  unset($modules[$module]);
385
 
386
  $this->_modules = $modules;
 
387
  return $this;
388
  }
 
389
  }
lib/Mvied/Theme/Module.php CHANGED
@@ -8,7 +8,7 @@
8
  * @author Mike Ems
9
  * @package Mvied
10
  */
11
- class Mvied_Theme_Module {
12
 
13
  /**
14
  * Theme object that this module extends
@@ -17,6 +17,16 @@ class Mvied_Theme_Module {
17
  */
18
  protected $_theme;
19
 
 
 
 
 
 
 
 
 
 
 
20
  /**
21
  * Set Theme
22
  *
8
  * @author Mike Ems
9
  * @package Mvied
10
  */
11
+ class Mvied_Theme_Module implements Mvied_Theme_Module_Interface {
12
 
13
  /**
14
  * Theme object that this module extends
17
  */
18
  protected $_theme;
19
 
20
+ /**
21
+ *
22
+ * Initializes the module
23
+ * @param none
24
+ * @return void
25
+ */
26
+ public function init() {
27
+ throw new Exception('No init method in ' . get_class($this));
28
+ }
29
+
30
  /**
31
  * Set Theme
32
  *
lib/WordPressHTTPS.php CHANGED
@@ -1,409 +1,442 @@
1
- <?php
2
- /**
3
- * WordPress HTTPS
4
- *
5
- * @author Mike Ems
6
- * @package WordPressHTTPS
7
- *
8
- */
9
-
10
- class WordPressHTTPS extends Mvied_Plugin {
11
-
12
- /**
13
- * HTTP URL
14
- *
15
- * @var WordPressHTTPS_Url
16
- */
17
- protected $_http_url;
18
-
19
- /**
20
- * HTTPS URL
21
- *
22
- * @var WordPressHTTPS_Url
23
- */
24
- protected $_https_url;
25
-
26
- /**
27
- * Plugin Settings
28
- *
29
- * setting_name => default_value
30
- *
31
- * @var array
32
- */
33
- protected $_settings = array(
34
- 'ssl_host' => '', // Hostname for SSL Host
35
- 'ssl_port' => '', // Port number for SSL Host
36
- 'secure_external_urls' => array(), // Secure external URL's
37
- 'unsecure_external_urls' => array(), // Unsecure external URL's
38
- 'ssl_host_diff' => 0, // Is SSL Host different than WordPress host
39
- 'ssl_host_subdomain' => 0, // Is SSL Host a subdomain of WordPress host
40
- 'exclusive_https' => 0, // Exclusively force SSL on posts and pages with the `Force SSL` option checked.
41
- 'frontpage' => 0, // Force SSL on front page
42
- 'ssl_admin' => 0, // Force SSL Over Administration Panel (The same as FORCE_SSL_ADMIN)
43
- 'ssl_proxy' => 0, // Proxy detection
44
- 'debug' => 0, // Debug Mode
45
- 'admin_menu' => 'side', // HTTPS Admin Menu location
46
- 'secure_filter' => array(), // Array of expressions to secure URL's against
47
- );
48
-
49
- /**
50
- * Set HTTP Url
51
- *
52
- * @param string $http_url
53
- * @return object $this
54
- */
55
- public function setHttpUrl( $http_url ) {
56
- $this->_http_url = $http_url;
57
- return $this;
58
- }
59
-
60
- /**
61
- * Get HTTP Url
62
- *
63
- * @param none
64
- * @return string
65
- */
66
- public function getHttpUrl() {
67
- return $this->_http_url;
68
- }
69
-
70
- /**
71
- * Set HTTPS Url
72
- *
73
- * @param string $https_url
74
- * @return object $this
75
- */
76
- public function setHttpsUrl( $https_url ) {
77
- $this->_https_url = $https_url;
78
- return $this;
79
- }
80
-
81
- /**
82
- * Get HTTPS Url
83
- *
84
- * @param none
85
- * @return string
86
- */
87
- public function getHttpsUrl() {
88
- return $this->_https_url;
89
- }
90
-
91
- /**
92
- * Initialize
93
- *
94
- * @param none
95
- * @return void
96
- */
97
- public function init() {
98
- // HTTP URL
99
- $this->setHttpUrl(WordPressHTTPS_Url::fromString('http://' . parse_url(get_bloginfo('template_url'), PHP_URL_HOST) . parse_url(home_url('/'), PHP_URL_PATH)));
100
- // HTTPS URL
101
- $this->setHttpsUrl(WordPressHTTPS_Url::fromString('https://' . parse_url(get_bloginfo('template_url'), PHP_URL_HOST) . parse_url(home_url('/'), PHP_URL_PATH)));
102
-
103
- // If using a different host for SSL
104
- if ( $this->getSetting('ssl_host') && $this->getSetting('ssl_host') != $this->getHttpsUrl()->toString() ) {
105
- // Assign HTTPS URL to SSL Host
106
- $this->setSetting('ssl_host_diff', 1);
107
- $this->setHttpsUrl(WordPressHTTPS_Url::fromString( rtrim($this->getSetting('ssl_host'), '/') . '/' ));
108
- } else {
109
- $this->setSetting('ssl_host_diff', 0);
110
- }
111
-
112
- // Prepend SSL Host path
113
- if ( strpos($this->getHttpsUrl()->getPath(), $this->getHttpUrl()->getPath()) === false ) {
114
- $this->getHttpsUrl()->setPath( $this->getHttpsUrl()->getPath() . $this->getHttpUrl()->getPath() );
115
- }
116
-
117
- // Add SSL Port to HTTPS URL
118
- $this->getHttpsUrl()->setPort($this->getSetting('ssl_port'));
119
-
120
- $this->getLogger()->log('Version: ' . $this->getVersion());
121
- $this->getLogger()->log('HTTP URL: ' . $this->getHttpUrl());
122
- $this->getLogger()->log('HTTPS URL: ' . $this->getHttpsUrl());
123
- $this->getLogger()->log('SSL: ' . ( $this->isSsl() ? 'Yes' : 'No' ));
124
- $this->getLogger()->log('Diff Host: ' . ( $this->getSetting('ssl_host_diff') ? 'Yes' : 'No' ));
125
- $this->getLogger()->log('Subdomain: ' . ( $this->getSetting('ssl_host_subdomain') ? 'Yes' : 'No' ));
126
- $this->getLogger()->log('Proxy: ' . ( $this->getSetting('ssl_proxy') === 'auto' ? 'Auto' : ( $this->getSetting('ssl_proxy') ? 'Yes' : 'No' ) ));
127
- $this->getLogger()->log('Secure External URLs: [ ' . implode(', ', (array)$this->getSetting('secure_external_urls')) . ' ]');
128
- $this->getLogger()->log('Unsecure External URLs: [ ' . implode(', ', (array)$this->getSetting('unsecure_external_urls')) . ' ]');
129
-
130
- // Redirect login page. This is not pluggable due to the redirect methods used in wp-login.php
131
- if ( ( $GLOBALS['pagenow'] == 'wp-login.php' ) ) {
132
- setcookie(constant('TEST_COOKIE'), 'WP Cookie check', 0);
133
- if ( $this->getSetting('ssl_admin') && ! $this->isSsl() ) {
134
- $this->redirect('https');
135
- }
136
- }
137
-
138
- parent::init();
139
- }
140
-
141
- /**
142
- * Install
143
- *
144
- * @param none
145
- * @return void
146
- */
147
- public function install() {
148
- // Add WordPress HTTPS settings to WordPress options
149
- foreach ( $this->getSettings() as $option => $value ) {
150
- if ( get_option($option) === false ) {
151
- add_option($option, $value);
152
- }
153
- }
154
-
155
- // Checks to see if the SSL Host is a subdomain
156
- $http_domain = $this->getHttpUrl()->getBaseHost();
157
- $https_domain = $this->getHttpsUrl()->getBaseHost();
158
-
159
- if ( $this->getHttpsUrl()->setScheme('http')->toString() != $this->getHttpUrl()->toString() && $http_domain == $https_domain ) {
160
- $this->setSetting('ssl_host_subdomain', 1);
161
- } else {
162
- $this->setSetting('ssl_host_subdomain', 0);
163
- }
164
- }
165
- /**
166
- * Is Local URL
167
- *
168
- * Determines if URL is local or external
169
- *
170
- * @param string $url
171
- * @return boolean
172
- */
173
- public function isUrlLocal($url) {
174
- $url_parts = parse_url($url);
175
-
176
- if ( $url_parts && $this->getHttpUrl()->getHost() != $url_parts['host'] && $this->getHttpsUrl()->getHost() != $url_parts['host'] ) {
177
- return false;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
178
  } else {
179
- return true;
180
  }
181
- }
182
-
183
- /**
184
- * Replaces HTTP Host with HTTPS Host
185
- *
186
- * @param string $string
187
- * @return string $string
188
- */
189
- public function makeUrlHttps( $string ) {
190
- $url = WordPressHTTPS_Url::fromString( $string ); // URL to replace HTTP URL
191
- if ( $url ) {
192
- if ( $this->isUrlLocal($url) ) {
193
- $url->setScheme('https');
194
- $url->setHost($this->getHttpsUrl()->getHost());
195
- $url->setPort($this->getHttpsUrl()->getPort());
196
-
197
- if ( $this->getSetting('ssl_host_diff') && strpos($url->getPath(), $this->getHttpsUrl()->getPath()) === false ) {
198
- if ( $this->getHttpUrl()->getPath() == '/' ) {
199
- $url->setPath(rtrim($this->getHttpsUrl()->getPath(), '/') . $url->getPath());
200
- } else {
201
- $url->setPath(str_replace($this->getHttpUrl()->getPath(), $this->getHttpsUrl()->getPath(), $url->getPath()));
202
- }
203
- }
204
-
205
- $string = $url->toString();
206
- } else {
207
- if ( $url->getScheme() == 'http' && @in_array($url, $this->getSetting('secure_external_urls')) == false && @in_array($url, $this->getSetting('unsecure_external_urls')) == false ) {
208
- $test_url = clone $url;
209
- $test_url->setScheme('https');
210
- if ( $test_url->isValid() ) {
211
- // Cache this URL as available over HTTPS for future reference
212
- $this->addSecureExternalUrl($url->toString());
213
- } else {
214
- // If not available over HTTPS, mark as an unsecure external URL
215
- $this->addUnsecureExternalUrl($url->toString());
216
- }
217
- }
218
-
219
- if ( in_array($url->toString(), $this->getSetting('secure_external_urls')) ) {
220
- $string = str_replace($url, str_replace('http://', 'https://', $url), $string);
221
- }
222
- }
223
- unset($url);
224
- }
225
- return $string;
226
- }
227
-
228
- /**
229
- * Replaces HTTPS Host with HTTP Host
230
- *
231
- * @param string $string
232
- * @return string $string
233
- */
234
- public function makeUrlHttp( $string ) {
235
- $url = WordPressHTTPS_Url::fromString( $string ); // URL to replace HTTP URL
236
- if ( $url ) {
237
- if ( $this->isUrlLocal($url) ) {
238
- $url->setScheme('http');
239
- $url->setHost($this->getHttpUrl()->getHost());
240
- $url->setPort($this->getHttpUrl()->getPort());
241
-
242
- if ( $this->getSetting('ssl_host_diff') && strpos($url->getPath(), $this->getHttpsUrl()->getPath()) !== false ) {
243
- $url->setPath(str_replace($this->getHttpsUrl()->getPath(), $this->getHttpUrl()->getPath(), $url->getPath()));
244
- }
245
-
246
- $string = $url->toString();
247
- } else {
248
- if ( $url ) {
249
- $string = str_replace($url, str_replace('https://', 'http://', $url), $string);
250
- }
251
- }
252
- unset($url);
253
- }
254
- return $string;
255
- }
256
-
257
- /**
258
- * Add Secure External URL
259
- *
260
- * @param string $value
261
- * @return $this
262
- */
263
- public function addSecureExternalUrl( $value ) {
264
- if ( trim($value) == '' ) {
265
- return $this;
266
- }
267
-
268
- $secure_external_urls = (array) $this->getSetting('secure_external_urls');
269
- array_push($secure_external_urls, (string) $value);
270
- $this->setSetting('secure_external_urls', $secure_external_urls);
271
-
272
- return $this;
273
- }
274
-
275
- /**
276
- * Add Unsecure External URL
277
- *
278
- * @param string $value
279
- * @return $this
280
- */
281
- public function addUnsecureExternalUrl( $value ) {
282
- if ( trim($value) == '' ) {
283
- return $this;
284
- }
285
-
286
- $unsecure_external_urls = (array) $this->getSetting('unsecure_external_urls');
287
- array_push($unsecure_external_urls, (string) $value);
288
- $this->setSetting('unsecure_external_urls', $unsecure_external_urls);
289
-
290
- return $this;
291
- }
292
-
293
- /**
294
- * Checks if the current page is SSL
295
- *
296
- * @param none
297
- * @return bool
298
- */
299
- public function isSsl() {
300
- // Some extra checks for Shared SSL
301
- if ( is_ssl() && strpos($_SERVER['HTTP_HOST'], $this->getHttpsUrl()->getHost()) === false && $_SERVER['SERVER_ADDR'] != $_SERVER['HTTP_HOST'] ) {
302
- return false;
303
- } else if ( isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) == 'https' ) {
304
- return true;
305
- } else if ( $this->getSetting('ssl_host_diff') && !is_ssl() && isset($_SERVER['HTTP_X_FORWARDED_SERVER']) && $this->getHttpsUrl()->getHost() == $_SERVER['HTTP_X_FORWARDED_SERVER'] ) {
306
- return true;
307
- } else if ( $this->getSetting('ssl_host_diff') && !is_ssl() && $this->getHttpsUrl()->getHost() == $_SERVER['HTTP_HOST'] && ( $this->getHttpsUrl()->getPort() <= 0 || $_SERVER['SERVER_PORT'] == $this->getHttpsUrl()->getPort() ) && strpos($_SERVER['REQUEST_URI'], $this->getHttpsUrl()->getPath()) !== false ) {
308
- return true;
309
- }
310
- return is_ssl();
311
- }
312
-
313
- /**
314
- * Maintained for backwards compatibility.
315
- *
316
- * @param none
317
- * @return bool
318
- */
319
- public function is_ssl() {
320
- return $this->isSsl();
321
- }
322
-
323
- /**
324
- * Redirects page to HTTP or HTTPS accordingly
325
- *
326
- * @param string $scheme Either http or https
327
- * @return void
328
- */
329
- public function redirect( $scheme = 'https' ) {
330
- if ( !$this->isSsl() && $scheme == 'https' ) {
331
- $url = clone $this->getHttpsUrl();
332
- $url->setScheme($scheme);
333
- } else if ( $this->isSsl() && $scheme == 'http' ) {
334
- $url = clone $this->getHttpUrl();
335
- $url->setScheme($scheme);
336
- } else {
337
- $url = false;
338
- }
339
-
340
- if ( $url ) {
341
- $path = ( isset($_SERVER['REDIRECT_URL']) ? $_SERVER['REDIRECT_URL'] : $_SERVER['REQUEST_URI'] );
342
- if ( strpos($_SERVER['REQUEST_URI'], '?') !== false && isset($_SERVER['REDIRECT_URL']) && strpos($_SERVER['REDIRECT_URL'], '?') === false ) {
343
- $path .= substr($_SERVER['REQUEST_URI'], strpos($_SERVER['REQUEST_URI'], '?'));
344
- }
345
-
346
- if ( $this->getHttpsUrl()->getPath() != '/' ) {
347
- $path = str_replace($this->getHttpsUrl()->getPath(), '', $path);
348
- }
349
- $path = ltrim($path, '/');
350
-
351
- if ( $scheme == 'https' ) {
352
- if ( $this->getSetting('ssl_host_diff') && $this->getHttpUrl()->getPath() != '/' ) {
353
- $url->setPath(str_replace($this->getHttpUrl()->getPath(), $this->getHttpsUrl()->getPath(), $_SERVER['REQUEST_URI']));
354
- } else {
355
- $url->setPath(rtrim($this->getHttpsUrl()->getPath(), '/') . '/' . $path);
356
- }
357
- } else if ($scheme == 'http' ) {
358
- if ( $this->getSetting('ssl_host_diff') && $this->getHttpsUrl()->getPath() != '/' ) {
359
- $url->setPath(str_replace($this->getHttpsUrl()->getPath(), $this->getHttpUrl()->getPath(), $_SERVER['REQUEST_URI']));
360
- } else {
361
- $url->setPath(rtrim($this->getHttpUrl()->getPath(), '/') . '/' . $path);
362
- }
363
- }
364
-
365
- // Use a cookie to detect redirect loops
366
- $redirect_count = ( isset($_COOKIE['redirect_count']) && is_numeric($_COOKIE['redirect_count']) ? (int)$_COOKIE['redirect_count']+1 : 1 );
367
- setcookie('redirect_count', $redirect_count, 0, '/');
368
- // If redirect count is greater than 2, prevent redirect and log the redirect loop
369
- if ( $redirect_count > 2 ) {
370
- setcookie('redirect_count', null, -time(), '/');
371
- $this->getLogger()->log('[ERROR] Redirect Loop!');
372
- return;
373
- }
374
-
375
- // Redirect
376
- if ( function_exists('wp_redirect') ) {
377
- wp_redirect($url, 301);
378
- } else {
379
- // End all output buffering and redirect
380
- while(@ob_end_clean());
381
-
382
- // If redirecting to an admin page
383
- if ( strpos($url->getPath(), 'wp-admin') !== false || strpos($url->getPath(), 'wp-login') !== false ) {
384
- $url = WordPressHTTPS_Url::fromString($this->redirectAdmin($url));
385
- }
386
-
387
- header("Location: " . $url, true, 301);
388
- }
389
- exit();
390
- }
391
- }
392
-
393
- /**
394
- * WP Redirect Admin
395
- * WordPress Filter - wp_redirect_admin
396
- *
397
- * @param string $url
398
- * @return string $url
399
- */
400
- public function redirectAdmin( $url ) {
401
- $url = $this->makeUrlHttps($url);
402
-
403
- // Fix redirect_to
404
- preg_match('/redirect_to=([^&]+)/i', $url, $redirect);
405
- $redirect_url = @$redirect[1];
406
- $url = str_replace($redirect_url, urlencode($this->makeUrlHttps(urldecode($redirect_url))), $url);
407
- return $url;
408
- }
409
  }
1
+ <?php
2
+ /**
3
+ * WordPress HTTPS
4
+ *
5
+ * @author Mike Ems
6
+ * @package WordPressHTTPS
7
+ *
8
+ */
9
+
10
+ class WordPressHTTPS extends Mvied_Plugin {
11
+
12
+ /**
13
+ * HTTP URL
14
+ *
15
+ * @var WordPressHTTPS_Url
16
+ */
17
+ protected $_http_url;
18
+
19
+ /**
20
+ * HTTPS URL
21
+ *
22
+ * @var WordPressHTTPS_Url
23
+ */
24
+ protected $_https_url;
25
+
26
+ /**
27
+ * Plugin Settings
28
+ *
29
+ * setting_name => default_value
30
+ *
31
+ * @var array
32
+ */
33
+ protected $_settings = array(
34
+ 'ssl_host' => '', // Hostname for SSL Host
35
+ 'ssl_port' => '', // Port number for SSL Host
36
+ 'secure_external_urls' => array(), // Secure external URL's
37
+ 'unsecure_external_urls' => array(), // Unsecure external URL's
38
+ 'ssl_host_diff' => 0, // Is SSL Host different than WordPress host
39
+ 'ssl_host_subdomain' => 0, // Is SSL Host a subdomain of WordPress host
40
+ 'exclusive_https' => 0, // Redirect pages that are not secured to HTTP
41
+ 'remove_unsecure' => 0, // Remove unsecure elements from HTML
42
+ 'ssl_admin' => 0, // Force SSL Over Administration Panel (The same as FORCE_SSL_ADMIN)
43
+ 'ssl_proxy' => 0, // Proxy detection
44
+ 'debug' => 0, // Debug Mode
45
+ 'admin_menu' => 'side', // HTTPS Admin Menu location
46
+ 'secure_filter' => array(), // Expressions to secure URL's against
47
+ 'ssl_host_mapping' => array(), // External SSL Hosts whose HTTPS content is on another domain
48
+ );
49
+
50
+ /**
51
+ * Default External SSL Host Mapping
52
+ * @var array
53
+ */
54
+ public static $ssl_host_mapping = array(
55
+ 'w.sharethis.com' => 'ws.sharethis.com',
56
+ '\d.gravatar.com' => 'secure.gravatar.com',
57
+ );
58
+
59
+ /**
60
+ * Get HTTP Url
61
+ *
62
+ * @param none
63
+ * @return WordPressHTTPS_Url
64
+ */
65
+ public function getHttpUrl() {
66
+ if ( !isset($this->_http_url) ) {
67
+ $this->_http_url = WordPressHTTPS_Url::fromString('http://' . parse_url(get_bloginfo('template_url'), PHP_URL_HOST) . parse_url(home_url('/'), PHP_URL_PATH));
68
+ }
69
+ return $this->_http_url;
70
+ }
71
+
72
+ /**
73
+ * Get HTTPS Url
74
+ *
75
+ * @param none
76
+ * @return WordPressHTTPS_Url
77
+ */
78
+ public function getHttpsUrl() {
79
+ if ( !isset($this->_https_url) ) {
80
+ $this->_https_url = WordPressHTTPS_Url::fromString('https://' . parse_url(get_bloginfo('template_url'), PHP_URL_HOST) . parse_url(home_url('/'), PHP_URL_PATH));
81
+
82
+ // If using a different host for SSL
83
+ if ( is_string($this->getSetting('ssl_host')) && $this->getSetting('ssl_host') != '' && $this->getSetting('ssl_host') != $this->_https_url->toString() ) {
84
+ // Assign HTTPS URL to SSL Host
85
+ $this->setSetting('ssl_host_diff', 1);
86
+ $ssl_host = rtrim($this->getSetting('ssl_host'), '/') . '/';
87
+ if ( strpos($ssl_host, 'http://') === false && strpos($ssl_host, 'https://') === false ) {
88
+ $ssl_host = 'https://' . $ssl_host;
89
+ }
90
+ $this->_https_url = WordPressHTTPS_Url::fromString( $ssl_host );
91
+ } else {
92
+ $this->setSetting('ssl_host_diff', 0);
93
+ }
94
+
95
+ // Prepend SSL Host path
96
+ if ( strpos($this->_https_url->getPath(), $this->getHttpUrl()->getPath()) === false ) {
97
+ $this->_https_url->setPath( $this->_https_url->getPath() . $this->getHttpUrl()->getPath() );
98
+ }
99
+
100
+ // Add SSL Port to HTTPS URL
101
+ $this->_https_url->setPort($this->getSetting('ssl_port'));
102
+ }
103
+
104
+ return $this->_https_url;
105
+ }
106
+
107
+ /**
108
+ * Initialize
109
+ *
110
+ * @param none
111
+ * @return void
112
+ */
113
+ public function init() {
114
+ $this->getLogger()->log('Version: ' . $this->getVersion());
115
+ $this->getLogger()->log('HTTP URL: ' . $this->getHttpUrl()->toString());
116
+ $this->getLogger()->log('HTTPS URL: ' . $this->getHttpsUrl()->toString());
117
+ $this->getLogger()->log('SSL: ' . ( $this->isSsl() ? 'Yes' : 'No' ));
118
+ $this->getLogger()->log('Diff Host: ' . ( $this->getSetting('ssl_host_diff') ? 'Yes' : 'No' ));
119
+ $this->getLogger()->log('Subdomain: ' . ( $this->getSetting('ssl_host_subdomain') ? 'Yes' : 'No' ));
120
+ $this->getLogger()->log('Proxy: ' . ( $this->getSetting('ssl_proxy') === 'auto' ? 'Auto' : ( $this->getSetting('ssl_proxy') ? 'Yes' : 'No' ) ));
121
+ $this->getLogger()->log('Secure External URLs: [ ' . implode(', ', (array)$this->getSetting('secure_external_urls')) . ' ]');
122
+ $this->getLogger()->log('Unsecure External URLs: [ ' . implode(', ', (array)$this->getSetting('unsecure_external_urls')) . ' ]');
123
+
124
+ parent::init();
125
+ do_action($this->getSlug() . '_init');
126
+ }
127
+
128
+ /**
129
+ * Install
130
+ *
131
+ * @param none
132
+ * @return void
133
+ */
134
+ public function install() {
135
+ global $wpdb;
136
+
137
+ if ( is_multisite() && is_network_admin() ) {
138
+ $blogs = $wpdb->get_col($wpdb->prepare("SELECT blog_id FROM " . $wpdb->blogs));
139
+ } else {
140
+ $blogs = array($wpdb->blogid);
141
+ }
142
+
143
+ foreach ( $blogs as $blog_id ) {
144
+ // Add Settings
145
+ foreach ( $this->getSettings() as $option => $value ) {
146
+ if ( is_multisite() && get_blog_option($blog_id, $option) === false ) {
147
+ add_blog_option($blog_id, $option, $value);
148
+ } else if ( get_option($option) === false ) {
149
+ add_option($option, $value);
150
+ }
151
+ }
152
+
153
+ // Fix a bug that saved the ssl_host as an object
154
+ if ( ! is_string($this->getSetting('ssl_host', $blog_id)) ) {
155
+ $this->setSetting('ssl_host', $this->_settings['ssl_host'], $blog_id);
156
+ $this->setSetting('ssl_port', $this->_settings['ssl_port'], $blog_id);
157
+ $this->setSetting('ssl_host_diff', $this->_settings['ssl_host_diff'], $blog_id);
158
+ $this->setSetting('ssl_host_subdomain', $this->_settings['ssl_host_subdomain'], $blog_id);
159
+ }
160
+
161
+ // If secure front page option exists, create front page filter
162
+ if ( $this->getSetting('frontpage', $blog_id) ) {
163
+ $this->setSetting('secure_filter', array_merge($this->getSetting('secure_filter'), array(rtrim(str_replace('http://', '', $this->getHttpUrl()->toString()), '/') . '/$')));
164
+ $this->setSetting('frontpage', 0, $blog_id);
165
+ }
166
+
167
+ // Reset cache
168
+ $this->setSetting('secure_external_urls', $this->_settings['secure_external_urls'], $blog_id);
169
+ $this->setSetting('unsecure_external_urls', $this->_settings['unsecure_external_urls'], $blog_id);
170
+
171
+ // Set default domain mapping
172
+ if ( $this->getSetting('ssl_host_mapping', $blog_id) == array() ) {
173
+ $this->setSetting('ssl_host_mapping', WordPressHTTPS::$ssl_host_mapping, $blog_id);
174
+ }
175
+ }
176
+
177
+ // Checks to see if the SSL Host is a subdomain
178
+ $http_domain = $this->getHttpUrl()->getBaseHost();
179
+ $https_domain = $this->getHttpsUrl()->getBaseHost();
180
+
181
+ if ( $this->getHttpsUrl()->setScheme('http')->toString() != $this->getHttpUrl()->toString() && $http_domain == $https_domain ) {
182
+ $subdomain = true;
183
+ } else {
184
+ $subdomain = false;
185
+ }
186
+ foreach ( $blogs as $blog_id ) {
187
+ $this->setSetting('ssl_host_subdomain', $subdomain, $blog_id);
188
+ }
189
+ }
190
+
191
+ /**
192
+ * Is Local URL
193
+ *
194
+ * Determines if URL is local or external
195
+ *
196
+ * @param string $url
197
+ * @return boolean
198
+ */
199
+ public function isUrlLocal($url) {
200
+ if ( ($url_parts = parse_url($url)) && isset($url_parts['host']) && $this->getHttpUrl()->getHost() != $url_parts['host'] && $this->getHttpsUrl()->getHost() != $url_parts['host'] ) {
201
+ return false;
202
+ }
203
+ return true;
204
+ }
205
+
206
+ /**
207
+ * Replaces HTTP Host with HTTPS Host
208
+ *
209
+ * @param string $string
210
+ * @return string $string
211
+ */
212
+ public function makeUrlHttps( $string ) {
213
+ if ( (string)$string == '' ) {
214
+ return false;
215
+ }
216
+
217
+ $url = WordPressHTTPS_Url::fromString( $string );
218
+ if ( $url ) {
219
+ if ( $this->isUrlLocal($url) ) {
220
+ $has_host = ( $this->getHttpUrl()->getHost() == $this->getHttpsUrl()->getHost() ) || strpos($url, $this->getHttpsUrl()->getHost()) !== false;
221
+ $has_path = ( $this->getHttpUrl()->getPath() == $this->getHttpsUrl()->getPath() ) || strpos($url, $this->getHttpsUrl()->getPath()) !== false;
222
+ $has_port = ( (int)$this->getHttpsUrl()->getPort() > 0 ? strpos($url, ':' . $this->getHttpsUrl()->getPort()) !== false : true );
223
+ if ( $url->getScheme() == 'http' || !$has_host || !$has_path || !$has_port ) {
224
+ $updated = clone $url;
225
+ $updated->setScheme('https');
226
+ $updated->setHost($this->getHttpsUrl()->getHost());
227
+ $updated->setPort($this->getHttpsUrl()->getPort());
228
+ if ( $this->getSetting('ssl_host_diff') && strpos($updated->getPath(), $this->getHttpsUrl()->getPath()) === false ) {
229
+ if ( $this->getHttpUrl()->getPath() == '/' ) {
230
+ $updated->setPath(rtrim($this->getHttpsUrl()->getPath(), '/') . $updated->getPath());
231
+ } else if ( strpos($updated->getPath(), $this->getHttpUrl()->getPath()) !== false ) {
232
+ $updated->setPath(str_replace($this->getHttpUrl()->getPath(), $this->getHttpsUrl()->getPath(), $updated->getPath()));
233
+ } else if ( strpos($updated->getPath(), rtrim($this->getHttpUrl()->getPath(), '/')) !== false ) {
234
+ $updated->setPath(str_replace(rtrim($this->getHttpUrl()->getPath(), '/'), $this->getHttpsUrl()->getPath(), $updated->getPath()));
235
+ }
236
+ }
237
+ if ( ( ( $this->isSsl() && !$this->getSetting('exclusive_https') ) || $this->getSetting('ssl_admin') ) && strpos($url, 'wp-admin') !== false && preg_match('/redirect_to=([^&]+)/i', $updated->toString(), $redirect) && isset($redirect[1]) ) {
238
+ $redirect_url = $redirect[1];
239
+ $updated = str_replace($redirect_url, urlencode($this->makeUrlHttps(urldecode($redirect_url))), $updated->toString());
240
+ }
241
+ $string = str_replace($url, $updated, $string);
242
+ }
243
+ } else {
244
+ $updated = clone $url;
245
+ $updated = WordPressHTTPS_Url::fromString( apply_filters('https_external_url', $updated->toString()) );
246
+ if ( @in_array($updated->toString(), $this->getSetting('secure_external_urls')) == false && @in_array($updated->toString(), $this->getSetting('unsecure_external_urls')) == false ) {
247
+ $test = clone $updated;
248
+ $test->setScheme('https');
249
+ if ( $test->isValid() ) {
250
+ // Cache this URL as available over HTTPS for future reference
251
+ $this->addSecureExternalUrl($updated->toString());
252
+ $updated->setScheme('https');
253
+ } else {
254
+ // If not available over HTTPS, mark as an unsecure external URL
255
+ $this->addUnsecureExternalUrl($updated->toString());
256
+ }
257
+ } else if ( in_array($updated->toString(), $this->getSetting('secure_external_urls')) ) {
258
+ $updated->setScheme('https');
259
+ }
260
+ if ( $url->toString() != $updated->toString() ) {
261
+ $string = str_replace($url, $updated, $string);
262
+ }
263
+ }
264
+ unset($test);
265
+ unset($updated);
266
+ unset($url);
267
+ }
268
+ return $string;
269
+ }
270
+
271
+ /**
272
+ * Replaces HTTPS Host with HTTP Host
273
+ *
274
+ * @param string $string
275
+ * @return string $string
276
+ */
277
+ public function makeUrlHttp( $string ) {
278
+ if ( (string)$string == '' ) {
279
+ return false;
280
+ }
281
+
282
+ $url = WordPressHTTPS_Url::fromString( $string );
283
+ if ( $url ) {
284
+ if ( $this->isUrlLocal($url) ) {
285
+ if ( $url->getScheme() == 'https' ) {
286
+ $updated = clone $url;
287
+ $updated->setScheme('http');
288
+ $updated->setHost($this->getHttpUrl()->getHost());
289
+ $updated->setPort($this->getHttpUrl()->getPort());
290
+ if ( $this->getSetting('ssl_host_diff') && strpos($updated->getPath(), $this->getHttpsUrl()->getPath()) !== false ) {
291
+ $updated->setPath(str_replace($this->getHttpsUrl()->getPath(), $this->getHttpUrl()->getPath(), $updated->getPath()));
292
+ }
293
+ if ( strpos($url, 'wp-admin') !== false && preg_match('/redirect_to=([^&]+)/i', $url, $redirect) && isset($redirect[1]) ) {
294
+ $redirect_url = $redirect[1];
295
+ $url = str_replace($redirect_url, urlencode($this->makeUrlHttp(urldecode($redirect_url))), $url);
296
+ }
297
+ $string = str_replace($url, $updated, $string);
298
+ }
299
+ } else {
300
+ $updated = apply_filters('http_external_url', str_replace('https://', 'http://', $url));
301
+ $string = str_replace($url, $updated, $string);
302
+ }
303
+ }
304
+ unset($updated);
305
+ unset($url);
306
+ return $string;
307
+ }
308
+
309
+ /**
310
+ * Add Secure External URL
311
+ *
312
+ * @param string $value
313
+ * @return $this
314
+ */
315
+ public function addSecureExternalUrl( $value ) {
316
+ if ( trim($value) == '' ) {
317
+ return $this;
318
+ }
319
+
320
+ $secure_external_urls = (array) $this->getSetting('secure_external_urls');
321
+ array_push($secure_external_urls, (string) $value);
322
+ $this->setSetting('secure_external_urls', $secure_external_urls);
323
+
324
+ return $this;
325
+ }
326
+
327
+ /**
328
+ * Add Unsecure External URL
329
+ *
330
+ * @param string $value
331
+ * @return $this
332
+ */
333
+ public function addUnsecureExternalUrl( $value ) {
334
+ if ( trim($value) == '' ) {
335
+ return $this;
336
+ }
337
+
338
+ $unsecure_external_urls = (array) $this->getSetting('unsecure_external_urls');
339
+ array_push($unsecure_external_urls, (string) $value);
340
+ $this->setSetting('unsecure_external_urls', $unsecure_external_urls);
341
+
342
+ return $this;
343
+ }
344
+
345
+ /**
346
+ * Checks if the current page is SSL
347
+ *
348
+ * @param none
349
+ * @return bool
350
+ */
351
+ public function isSsl() {
352
+ // Some extra checks for Shared SSL
353
+ if ( is_ssl() && strpos($_SERVER['HTTP_HOST'], $this->getHttpsUrl()->getHost()) === false && $_SERVER['SERVER_ADDR'] != $_SERVER['HTTP_HOST'] ) {
354
+ return false;
355
+ } else if ( isset($_SERVER['HTTP_CF_VISITOR']) && strpos($_SERVER['HTTP_CF_VISITOR'], 'https') ) {
356
+ return true;
357
+ } else if ( isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) == 'https' ) {
358
+ return true;
359
+ } else if ( $this->getSetting('ssl_host_diff') && !is_ssl() && isset($_SERVER['HTTP_X_FORWARDED_SERVER']) && $this->getHttpsUrl()->getHost() == $_SERVER['HTTP_X_FORWARDED_SERVER'] ) {
360
+ return true;
361
+ } else if ( $this->getSetting('ssl_host_diff') && !is_ssl() && $this->getHttpsUrl()->getHost() == $_SERVER['HTTP_HOST'] && ( $this->getHttpsUrl()->getPort() <= 0 || $_SERVER['SERVER_PORT'] == $this->getHttpsUrl()->getPort() ) && strpos($_SERVER['REQUEST_URI'], $this->getHttpsUrl()->getPath()) !== false ) {
362
+ return true;
363
+ }
364
+ return is_ssl();
365
+ }
366
+
367
+ /**
368
+ * Maintained for backwards compatibility.
369
+ *
370
+ * @param none
371
+ * @return bool
372
+ */
373
+ public function is_ssl() {
374
+ return $this->isSsl();
375
+ }
376
+
377
+ /**
378
+ * Redirects page to HTTP or HTTPS accordingly
379
+ *
380
+ * @param string $scheme Either http or https
381
+ * @return void
382
+ */
383
+ public function redirect( $scheme = 'https' ) {
384
+ $current_path = ( isset($_SERVER['REDIRECT_URL']) ? $_SERVER['REDIRECT_URL'] : $_SERVER['REQUEST_URI'] );
385
+ if ( strpos($_SERVER['REQUEST_URI'], '?') !== false && isset($_SERVER['REDIRECT_URL']) && strpos($_SERVER['REDIRECT_URL'], '?') === false ) {
386
+ $current_path .= substr($_SERVER['REQUEST_URI'], strpos($_SERVER['REQUEST_URI'], '?'));
387
+ }
388
+
389
+ $current_url = ( $this->isSsl() ? 'https' : 'http' ) . '://' . ( isset($_SERVER['HTTP_X_FORWARDED_SERVER']) ? $_SERVER['HTTP_X_FORWARDED_SERVER'] : $_SERVER['HTTP_HOST'] ) . $current_path;
390
+ if ( $scheme == 'https' ) {
391
+ $url = $this->makeUrlHttps($current_url);
392
  } else {
393
+ $url = $this->makeUrlHttp($current_url);
394
  }
395
+
396
+ if ( $current_url != $url ) {
397
+ // Use a cookie to detect redirect loops
398
+ $redirect_count = ( isset($_COOKIE['redirect_count']) && is_numeric($_COOKIE['redirect_count']) ? (int)$_COOKIE['redirect_count']+1 : 1 );
399
+ setcookie('redirect_count', $redirect_count, 0, '/');
400
+ // If redirect count is greater than 2, prevent redirect and log the redirect loop
401
+ if ( $redirect_count > 2 ) {
402
+ setcookie('redirect_count', null, -time(), '/');
403
+ $this->getLogger()->log('[ERROR] Redirect Loop!');
404
+ return;
405
+ }
406
+
407
+ // Redirect
408
+ if ( function_exists('wp_redirect') ) {
409
+ wp_redirect($url, 301);
410
+ } else {
411
+ // End all output buffering and redirect
412
+ while(@ob_end_clean());
413
+ header("Location: " . $url, true, 301);
414
+ }
415
+ exit();
416
+ }
417
+ }
418
+
419
+ /**
420
+ * Get relevent files and directories within WordPress
421
+ *
422
+ * @param none
423
+ * @return void
424
+ */
425
+ public function getDirectories() {
426
+ $directories = array();
427
+ $scannedDirectories = array();
428
+ $directories[] = get_theme_root() . '/' . get_template();
429
+
430
+ foreach( $directories as $directory ) {
431
+ $scannedDirectories[$directory]['name'] = $directory;
432
+ if ( is_readable($directory) && ($files = scandir($directory)) ) {
433
+ $scannedDirectories[$directory]['files'] = $files;
434
+ unset($files);
435
+ } else {
436
+ $scannedDirectories[$directory]['error'] = "Unable to read directory.";
437
+ }
438
+ }
439
+ return $scannedDirectories;
440
+ }
441
+
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
442
  }
lib/WordPressHTTPS/Logger.php CHANGED
@@ -7,8 +7,6 @@
7
  *
8
  */
9
 
10
- require_once('Mvied/Logger/Interface.php');
11
-
12
  class WordPressHTTPS_Logger implements Mvied_Logger_Interface {
13
 
14
  /**
7
  *
8
  */
9
 
 
 
10
  class WordPressHTTPS_Logger implements Mvied_Logger_Interface {
11
 
12
  /**
lib/WordPressHTTPS/Module/Admin.php CHANGED
@@ -9,7 +9,7 @@
9
  *
10
  */
11
 
12
- class WordPressHTTPS_Module_Admin extends Mvied_Plugin_Module implements Mvied_Plugin_Module_Interface {
13
 
14
  /**
15
  * Initialize Module
@@ -18,17 +18,13 @@ class WordPressHTTPS_Module_Admin extends Mvied_Plugin_Module implements Mvied_P
18
  * @return void
19
  */
20
  public function init() {
21
- // Add admin menus
22
- add_action('admin_menu', array(&$this, 'menu'));
23
-
24
  // Load on plugins page
25
- if ( $GLOBALS['pagenow'] == 'plugins.php' ) {
26
  add_filter( 'plugin_row_meta', array(&$this, 'plugin_links'), 10, 2);
27
  }
28
 
29
  // Add global admin scripts
30
  add_action('admin_enqueue_scripts', array(&$this, 'admin_enqueue_scripts'));
31
-
32
  }
33
 
34
  /**
@@ -39,22 +35,7 @@ class WordPressHTTPS_Module_Admin extends Mvied_Plugin_Module implements Mvied_P
39
  * @return void
40
  */
41
  public function admin_enqueue_scripts() {
42
- wp_enqueue_style($this->getPlugin()->getSlug() . '-admin-global', $this->getPlugin()->getPluginUrl() . '/admin/css/admin.css', $this->getPlugin()->getVersion(), true);
43
- }
44
-
45
- /**
46
- * Admin panel menu option
47
- * WordPress Hook - admin_menu
48
- *
49
- * @param none
50
- * @return void
51
- */
52
- public function menu() {
53
- if ( $this->getPlugin()->getSetting('admin_menu') === 'side' ) {
54
- add_menu_page('HTTPS', 'HTTPS', 'manage_options', $this->getPlugin()->getSlug(), array($this->getPlugin()->getModule('Admin\Settings'), 'dispatch'), '', 88);
55
- } else {
56
- add_options_page('HTTPS', 'HTTPS', 'manage_options', $this->getPlugin()->getSlug(), array($this->getPlugin()->getModule('Admin\Settings'), 'dispatch'));
57
- }
58
  }
59
 
60
  /**
@@ -66,7 +47,7 @@ class WordPressHTTPS_Module_Admin extends Mvied_Plugin_Module implements Mvied_P
66
  */
67
  public function meta_box_render( $module, $metabox = array() ) {
68
  if ( isset($metabox['args']['metabox']) ) {
69
- include('admin/templates/metabox/' . $metabox['args']['metabox'] . '.php');
70
  }
71
  }
72
 
9
  *
10
  */
11
 
12
+ class WordPressHTTPS_Module_Admin extends Mvied_Plugin_Module {
13
 
14
  /**
15
  * Initialize Module
18
  * @return void
19
  */
20
  public function init() {
 
 
 
21
  // Load on plugins page
22
+ if ( isset($GLOBALS['pagenow']) && $GLOBALS['pagenow'] == 'plugins.php' ) {
23
  add_filter( 'plugin_row_meta', array(&$this, 'plugin_links'), 10, 2);
24
  }
25
 
26
  // Add global admin scripts
27
  add_action('admin_enqueue_scripts', array(&$this, 'admin_enqueue_scripts'));
 
28
  }
29
 
30
  /**
35
  * @return void
36
  */
37
  public function admin_enqueue_scripts() {
38
+ wp_enqueue_style($this->getPlugin()->getSlug() . '-admin-global', $this->getPlugin()->getPluginUrl() . '/admin/css/admin.css', array(), $this->getPlugin()->getVersion());
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
39
  }
40
 
41
  /**
47
  */
48
  public function meta_box_render( $module, $metabox = array() ) {
49
  if ( isset($metabox['args']['metabox']) ) {
50
+ include($this->getPlugin()->getDirectory() . '/admin/templates/metabox/' . $metabox['args']['metabox'] . '.php');
51
  }
52
  }
53
 
lib/WordPressHTTPS/Module/Core.php ADDED
@@ -0,0 +1,634 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ /**
3
+ * Core Module
4
+ *
5
+ * @author Mike Ems
6
+ * @package WordPressHTTPS
7
+ *
8
+ */
9
+
10
+ class WordPressHTTPS_Module_Core extends Mvied_Plugin_Module {
11
+
12
+ /**
13
+ * Initialize
14
+ *
15
+ * @param none
16
+ * @return void
17
+ */
18
+ public function init() {
19
+ if ( $this->getPlugin()->getSetting('ssl_host_diff') && $this->getPlugin()->isSsl() ) {
20
+ // Prevent WordPress' canonical redirect when using a different SSL Host
21
+ remove_filter('template_redirect', 'redirect_canonical');
22
+ // Add SSL Host path to rewrite rules
23
+ add_filter('rewrite_rules_array', array(&$this, 'rewrite_rules'), 10, 1);
24
+ }
25
+
26
+ // Add SSL Host to allowed redirect hosts
27
+ add_filter('allowed_redirect_hosts' , array(&$this, 'allowed_redirect_hosts'), 10, 1);
28
+
29
+ // Filter URL's
30
+ add_filter('bloginfo_url', array(&$this, 'secure_url'), 10);
31
+ add_filter('logout_url', array(&$this, 'secure_url'), 10);
32
+ add_filter('login_url', array(&$this, 'secure_url'), 10);
33
+ add_filter('network_admin_url', array(&$this, 'secure_url'), 10);
34
+ add_filter('admin_url', array(&$this, 'secure_url'), 10);
35
+
36
+ // Filter Element URL's
37
+ add_filter('get_avatar', array(&$this, 'element_url'), 10);
38
+ add_filter('wp_get_attachment_url', array(&$this, 'element_url'), 10);
39
+ add_filter('template_directory_uri', array(&$this, 'element_url'), 10);
40
+ add_filter('stylesheet_directory_uri', array(&$this, 'element_url'), 10);
41
+ add_filter('plugins_url', array(&$this, 'element_url'), 10);
42
+ add_filter('includes_url', array(&$this, 'element_url'), 10);
43
+
44
+ // Filter site_url
45
+ add_filter('site_url', array(&$this, 'site_url'), 10, 4);
46
+
47
+ // Filter force_ssl
48
+ add_filter('force_ssl', array(&$this, 'secure_wordpress_forms'), 20, 3);
49
+ add_filter('force_ssl', array(&$this, 'secure_different_host_admin'), 20, 3);
50
+ add_filter('force_ssl', array(&$this, 'secure_child_post'), 30, 3);
51
+ add_filter('force_ssl', array(&$this, 'secure_admin'), 30, 3);
52
+ add_filter('force_ssl', array(&$this, 'secure_login'), 30, 3);
53
+ add_filter('force_ssl', array(&$this, 'secure_post'), 40, 3);
54
+ add_filter('force_ssl', array(&$this, 'secure_exclusive'), 50, 3);
55
+
56
+ $filters = array('page_link', 'preview_page_link', 'post_link', 'preview_page_link', 'post_type_link', 'attachment_link', 'day_link', 'month_link', 'year_link', 'comment_reply_link', 'category_link', 'author_link', 'archives_link', 'tag_link', 'search_link');
57
+ foreach( $filters as $filter ) {
58
+ add_filter($filter, array(&$this, 'secure_post_link'), 10);
59
+ }
60
+
61
+ if ( $this->getPlugin()->getSetting('ssl_host_diff') ) {
62
+ // Remove SSL Host authentication cookies on logout
63
+ add_action('clear_auth_cookie', array(&$this, 'clear_cookies'));
64
+
65
+ // Set authentication cookie
66
+ if ( $this->getPlugin()->isSsl() ) {
67
+ add_action('set_auth_cookie', array(&$this, 'set_cookie'), 10, 5);
68
+ add_action('set_logged_in_cookie', array(&$this, 'set_cookie'), 10, 5);
69
+ }
70
+ }
71
+
72
+ // Filter scripts
73
+ add_action('wp_print_scripts', array(&$this, 'fix_scripts'), 100, 0);
74
+ add_action('admin_print_scripts', array(&$this, 'fix_scripts'), 100, 0);
75
+
76
+ // Filter styles
77
+ add_action('wp_print_styles', array(&$this, 'fix_styles'), 100, 0);
78
+ add_action('admin_print_styles', array(&$this, 'fix_styles'), 100, 0);
79
+
80
+ // Run proxy check
81
+ if ( $this->getPlugin()->getSetting('ssl_proxy') === 'auto' ) {
82
+ // If page is not SSL and no proxy cookie is detected, run proxy check
83
+ if ( ! $this->getPlugin()->isSsl() && ! isset($_COOKIE['wp_proxy']) ) {
84
+ add_action('init', array(&$this, 'proxy_check'), 1);
85
+ add_action('admin_init', array(&$this, 'proxy_check'), 1);
86
+ // Update ssl_proxy setting if a proxy has been detected
87
+ } else if ( $this->getPlugin()->getSetting('ssl_proxy') !== true && isset($_COOKIE['wp_proxy']) && $_COOKIE['wp_proxy'] == 1 ) {
88
+ $this->getPlugin()->setSetting('ssl_proxy', 1);
89
+ // Update ssl_proxy if proxy is no longer detected
90
+ } else if ( $this->getPlugin()->getSetting('ssl_proxy') !== false && isset($_COOKIE['wp_proxy']) && $_COOKIE['wp_proxy'] != 1 ) {
91
+ $this->getPlugin()->setSetting('ssl_proxy', 0);
92
+ }
93
+ }
94
+
95
+ // Check if the page needs to be redirected
96
+ if ( is_admin() || ( isset($GLOBALS['pagenow']) && preg_match('/wp-login\.php/', $GLOBALS['pagenow']) === 1 ) ) {
97
+ add_action($this->getPlugin()->getSlug() . '_init', array(&$this, 'redirect_check'));
98
+ add_action($this->getPlugin()->getSlug() . '_init', array(&$this, 'clear_redirect_count_cookie'), 9, 1);
99
+ } else {
100
+ add_action('template_redirect', array(&$this, 'redirect_check'));
101
+ add_action('template_redirect', array(&$this, 'clear_redirect_count_cookie'), 9, 1);
102
+ }
103
+ }
104
+
105
+ /**
106
+ * Allowed Redirect Hosts
107
+ * WordPress Filter - aloowed_redirect_hosts
108
+ *
109
+ * @param array $content
110
+ * @return array $content
111
+ */
112
+ public function allowed_redirect_hosts( $content ) {
113
+ $content[] = $this->getPlugin()->getHttpsUrl()->getHost();
114
+ return $content;
115
+ }
116
+
117
+ /**
118
+ * Secure URL
119
+ *
120
+ * @param string $url
121
+ * @return string $url
122
+ */
123
+ public function secure_url( $url = '' ) {
124
+ $force_ssl = apply_filters('force_ssl', null, 0, $url);
125
+ if ( $force_ssl ) {
126
+ $url = $this->getPlugin()->makeUrlHttps($url);
127
+ } else if ( !is_null($force_ssl) && !$force_ssl ) {
128
+ $url = $this->getPlugin()->makeUrlHttp($url);
129
+ }
130
+ return $url;
131
+ }
132
+
133
+ /**
134
+ * Secure Element URL
135
+ *
136
+ * @param string $url
137
+ * @return string $url
138
+ */
139
+ public function element_url( $url = '' ) {
140
+ $force_ssl = apply_filters('force_ssl', null, 0, $url);
141
+ if ( $this->getPlugin()->isSsl() || $force_ssl ) {
142
+ $url = $this->getPlugin()->makeUrlHttps($url);
143
+ } else if ( !is_null($force_ssl) && !$force_ssl ) {
144
+ $url = $this->getPlugin()->makeUrlHttp($url);
145
+ }
146
+ return $url;
147
+ }
148
+
149
+ /**
150
+ * Add rewrite rule to recognize additional path information on SSL Host
151
+ *
152
+ * @param array $rules
153
+ * @return array $rules
154
+ */
155
+ public function rewrite_rules( $rules = array() ) {
156
+ $requestPath = str_replace($this->getPlugin()->getHttpsUrl()->getPath(), '', $_SERVER['REQUEST_URI']);
157
+ if ( $this->getPlugin()->getHttpUrl()->getPath() != '/' ) {
158
+ $httpsPath = str_replace($this->getPlugin()->getHttpUrl()->getPath(), '', $this->getPlugin()->getHttpsUrl()->getPath());
159
+ } else {
160
+ $httpsPath = $this->getPlugin()->getHttpsUrl()->getPath();
161
+ }
162
+ if ( $httpsPath != '/' ) {
163
+ $rules['^' . $httpsPath . '([^\'"]+)'] = 'index.php?pagename=$matches[1]';
164
+ }
165
+ return $rules;
166
+ }
167
+
168
+ /**
169
+ * Site URL
170
+ * WordPress Filter - site_url
171
+ *
172
+ * @param string $url
173
+ * @param string $path
174
+ * @param string $scheme
175
+ * @param int $blog_id
176
+ * @return string $url
177
+ */
178
+ public function site_url( $url, $path, $scheme, $blog_id ) {
179
+ $force_ssl = apply_filters('force_ssl', null, 0, $url);
180
+ if ( $scheme != 'http' && $force_ssl ) {
181
+ $url = $this->getPlugin()->makeUrlHttps($url);
182
+ } else if ( !is_null($force_ssl) && !$force_ssl ) {
183
+ $url = $this->getPlugin()->makeUrlHttp($url);
184
+ }
185
+ return $url;
186
+ }
187
+
188
+ /**
189
+ * Secure Post Link
190
+ *
191
+ * @param string $url
192
+ * @return string $url
193
+ */
194
+ public function secure_post_link( $url ) {
195
+ $force_ssl = apply_filters('force_ssl', null, 0, $url);
196
+ if ( $force_ssl ) {
197
+ $url = $this->getPlugin()->makeUrlHttps($url);
198
+ } else if ( !is_null($force_ssl) && !$force_ssl ) {
199
+ $url = $this->getPlugin()->makeUrlHttp($url);
200
+ }
201
+ return $url;
202
+ }
203
+
204
+ /**
205
+ * Secure Admin
206
+ * WordPress HTTPS Filter - force_ssl
207
+ *
208
+ * @param boolean $force_ssl
209
+ * @param int $post_id
210
+ * @param string $url
211
+ * @return boolean $force_ssl
212
+ */
213
+ public function secure_admin( $force_ssl, $post_id = 0, $url = '' ) {
214
+ if ( $url != '' && $this->getPlugin()->isUrlLocal($url) && ( strpos($url, 'wp-admin') !== false || strpos($url, 'wp-login') !== false ) ) {
215
+ if ( $this->getPlugin()->getSetting('exclusive_https') && !$this->getPlugin()->getSetting('ssl_admin') ) {
216
+ $force_ssl = false;
217
+ //TODO When logged in to HTTP and visiting an HTTPS page, admin links will always be forced to HTTPS, even if the user is not logged in via HTTPS. I need to find a way to detect this.
218
+ } else if ( ( ( $this->getPlugin()->isSsl() && !$this->getPlugin()->getSetting('exclusive_https') ) || $this->getPlugin()->getSetting('ssl_admin') ) ) {
219
+ $force_ssl = true;
220
+ }
221
+ }
222
+ return $force_ssl;
223
+ }
224
+
225
+ /**
226
+ * Secure Login
227
+ * WordPress HTTPS Filter - force_ssl
228
+ *
229
+ * @param boolean $force_ssl
230
+ * @param int $post_id
231
+ * @param string $url
232
+ * @return boolean $force_ssl
233
+ */
234
+ public function secure_login( $force_ssl, $post_id = 0, $url = '' ) {
235
+ if ( $url != '' && $this->getPlugin()->isUrlLocal($url) ) {
236
+ if ( force_ssl_login() && preg_match('/wp-login\.php$/', $url) === 1 ) {
237
+ $force_ssl = true;
238
+ }
239
+ }
240
+ return $force_ssl;
241
+ }
242
+
243
+ /**
244
+ * Secure Post
245
+ * WordPress HTTPS Filter - force_ssl
246
+ *
247
+ * @param boolean $force_ssl
248
+ * @param int $post_id
249
+ * @param string $url
250
+ * @return boolean $force_ssl
251
+ */
252
+ public function secure_post( $force_ssl, $post_id = 0, $url = '' ) {
253
+ global $wpdb;
254
+
255
+ if ( $url != '' && ($url_parts = parse_url($url)) ) {
256
+ if ( $this->getPlugin()->isUrlLocal($url) ) {
257
+ if ( $this->getPlugin()->getHttpsUrl()->getPath() != '/' ) {
258
+ if ( $this->getPlugin()->getSetting('ssl_host_diff') ) {
259
+ $url_parts['path'] = str_replace($this->getPlugin()->getHttpsUrl()->getPath(), '', $url_parts['path']);
260
+ }
261
+ if ( $this->getPlugin()->getHttpUrl()->getPath() != '/' ) {
262
+ $url_parts['path'] = str_replace($this->getPlugin()->getHttpUrl()->getPath(), '', $url_parts['path']);
263
+ }
264
+ }
265
+
266
+ // qTranslate integration - strips language from beginning of url path
267
+ if ( defined('QTRANS_INIT') && constant('QTRANS_INIT') == true ) {
268
+ global $q_config;
269
+ if ( isset($q_config['enabled_languages']) ) {
270
+ foreach($q_config['enabled_languages'] as $language) {
271
+ $url_parts['path'] = preg_replace('/^\/' . $language . '\//', '/', $url_parts['path']);
272
+ }
273
+ }
274
+ }
275
+
276
+ if ( isset($post_id) && $post_id > 0 ) {
277
+ $post = $post_id;
278
+ } else if ( preg_match("/page_id=([\d]+)/", parse_url($url, PHP_URL_QUERY), $postID) ) {
279
+ $post = $postID[1];
280
+ } else if ( isset($url_parts['path']) && ( $url_parts['path'] == '' || $url_parts['path'] == '/' ) ) {
281
+ if ( get_option('show_on_front') == 'page' ) {
282
+ $post = get_option('page_on_front');
283
+ }
284
+ } else if ( isset($url_parts['path']) && ($post = get_page_by_path($url_parts['path'])) ) {
285
+ $post = $post->ID;
286
+ }
287
+
288
+ if ( is_multisite() && isset($url_parts['host']) && isset($url_parts['path']) ) {
289
+ $blog_id = false;
290
+ $url_path = '/';
291
+ $url_path_segments = explode('/', $url_parts['path']);
292
+ if ( sizeof($url_path_segments) > 1 ) {
293
+ foreach( $url_path_segments as $url_path_segment ) {
294
+ if ( !$blog_id && $url_path_segment != '' ) {
295
+ $url_path .= '/' . $url_path_segment . '/';
296
+ if ( $blog_id = get_blog_id_from_url( $url_parts['host'], $url_path) ) {
297
+ break;
298
+ }
299
+ }
300
+ }
301
+ }
302
+ if ( !$blog_id ) {
303
+ $blog_id = get_blog_id_from_url( $url_parts['host'], '/');
304
+ }
305
+ if ( $blog_id && $blog_id != $wpdb->blogid ) {
306
+ if ( $this->getPlugin()->getSetting('ssl_admin', $blog_id) && ( ! $this->getPlugin()->getSetting('ssl_host_diff', $blog_id) || ( $this->getPlugin()->getSetting('ssl_host_diff', $blog_id) && function_exists('is_user_logged_in') && is_user_logged_in() ) ) ) {
307
+ $force_ssl = true;
308
+ } else {
309
+ $force_ssl = false;
310
+ }
311
+ }
312
+ }
313
+ }
314
+ }
315
+ if ( isset($post) && (int) $post > 0 ) {
316
+ $force_ssl = (( get_post_meta($post, 'force_ssl', true) == 1 ) ? true : $force_ssl);
317
+ }
318
+ return $force_ssl;
319
+ }
320
+
321
+ /**
322
+ * Always secure pages when using a different SSL Host.
323
+ * WordPress HTTPS Filter - force_ssl
324
+ *
325
+ * @param boolean $force_ssl
326
+ * @param int $post_id
327
+ * @param string $url
328
+ * @return boolean $force_ssl
329
+ */
330
+ public function secure_exclusive( $force_ssl, $post_id = 0, $url = '' ) {
331
+ if ( is_null($force_ssl) && $this->getPlugin()->isUrlLocal($url) && $this->getPlugin()->getSetting('exclusive_https') ) {
332
+ $force_ssl = false;
333
+ }
334
+ return $force_ssl;
335
+ }
336
+
337
+ /**
338
+ * Always secure pages when using a different SSL Host.
339
+ * WordPress HTTPS Filter - force_ssl
340
+ *
341
+ * @param boolean $force_ssl
342
+ * @param int $post_id
343
+ * @param string $url
344
+ * @return boolean $force_ssl
345
+ */
346
+ public function secure_different_host_admin( $force_ssl, $post_id = 0, $url = '' ) {
347
+ if ( $post_id > 0 || ( $url != '' && $this->getPlugin()->isUrlLocal($url) ) ) {
348
+ if ( !$this->getPlugin()->getSetting('exclusive_https') && !$this->getPlugin()->getSetting('ssl_host_subdomain') && $this->getPlugin()->getSetting('ssl_host_diff') && $this->getPlugin()->getSetting('ssl_admin') && function_exists('is_user_logged_in') && is_user_logged_in() ) {
349
+ $force_ssl = true;
350
+ }
351
+ }
352
+ return $force_ssl;
353
+ }
354
+
355
+ /**
356
+ * Secure WordPress forms
357
+ * WordPress HTTPS Filter - force_ssl
358
+ *
359
+ * @param boolean $force_ssl
360
+ * @param int $post_id
361
+ * @param string $url
362
+ * @return boolean $force_ssl
363
+ */
364
+ public function secure_wordpress_forms( $force_ssl, $post_id = 0, $url = '' ) {
365
+ if ( $this->getPlugin()->isSsl() && $this->getPlugin()->isUrlLocal($url) && ( strpos($url, 'wp-pass.php') !== false || strpos($url, 'wp-comments-post.php') !== false ) ) {
366
+ $force_ssl = true;
367
+ }
368
+ return $force_ssl;
369
+ }
370
+
371
+ /**
372
+ * Secure Child Post
373
+ * WordPress HTTPS Filter - force_ssl
374
+ *
375
+ * @param boolean $force_ssl
376
+ * @param int $post_id
377
+ * @param string $url
378
+ * @return boolean $force_ssl
379
+ */
380
+ public function secure_child_post( $force_ssl, $post_id = 0, $url = '' ) {
381
+ if ( $post_id > 0 ) {
382
+ $postParent = get_post($post_id);
383
+ while ( $postParent->post_parent ) {
384
+ $postParent = get_post( $postParent->post_parent );
385
+ if ( get_post_meta($postParent->ID, 'force_ssl_children', true) == 1 ) {
386
+ $force_ssl = true;
387
+ break;
388
+ }
389
+ }
390
+ }
391
+ return $force_ssl;
392
+ }
393
+
394
+ /**
395
+ * Fix Enqueued Scripts
396
+ *
397
+ * @param none
398
+ * @return void
399
+ */
400
+ public function fix_scripts() {
401
+ global $wp_scripts;
402
+ if ( isset($wp_scripts) && sizeof($wp_scripts->registered) > 0 ) {
403
+ foreach ( $wp_scripts->registered as $script ) {
404
+ if ( in_array($script->handle, $wp_scripts->queue) ) {
405
+ if ( strpos($script->src, 'http') === 0 ) {
406
+ if ( $this->getPlugin()->isSsl() ) {
407
+ $updated = $this->getPlugin()->makeUrlHttps($script->src);
408
+ $script->src = $updated;
409
+ } else {
410
+ $updated = $this->getPlugin()->makeUrlHttp($script->src);
411
+ $script->src = $updated;
412
+ }
413
+ if ( $script->src != $updated ) {
414
+ $log = '[FIXED] Element: <script> - ' . $url . ' => ' . $updated;
415
+ if ( ! in_array($log, $this->getPlugin()->getLogger()->getLog()) ) {
416
+ $this->getPlugin()->getLogger()->log($log);
417
+ }
418
+ }
419
+ }
420
+ }
421
+ }
422
+ }
423
+ }
424
+
425
+ /**
426
+ * Fix Enqueued Styles
427
+ *
428
+ * @param none
429
+ * @return void
430
+ */
431
+ public function fix_styles() {
432
+ global $wp_styles;
433
+ if ( isset($wp_styles) && sizeof($wp_styles->registered) > 0 ) {
434
+ foreach ( (array)$wp_styles->registered as $style ) {
435
+ if ( in_array($style->handle, $wp_styles->queue) ) {
436
+ if ( strpos($style->src, 'http') === 0 ) {
437
+ if ( $this->getPlugin()->isSsl() ) {
438
+ $updated = $this->getPlugin()->makeUrlHttps($style->src);
439
+ $style->src = $updated;
440
+ } else {
441
+ $updated = $this->getPlugin()->makeUrlHttp($style->src);
442
+ $style->src = $updated;
443
+ }
444
+ if ( $style->src != $updated ) {
445
+ $log = '[FIXED] Element: <link> - ' . $url . ' => ' . $updated;
446
+ if ( ! in_array($log, $this->getPlugin()->getLogger()->getLog()) ) {
447
+ $this->getPlugin()->getLogger()->log($log);
448
+ }
449
+ }
450
+ }
451
+ }
452
+ }
453
+ }
454
+ }
455
+
456
+ /**
457
+ * Proxy Check
458
+ *
459
+ * If the server is on a proxy and not correctly reporting HTTPS, this
460
+ * JavaScript makes sure that the correct redirect takes place.
461
+ *
462
+ * @param none
463
+ * @return void
464
+ */
465
+ public function proxy_check() {
466
+ if ( ! is_user_logged_in() ) {
467
+ return false;
468
+ }
469
+ $cookie_expiration = gmdate('D, d-M-Y H:i:s T', strtotime('now + 10 years'));
470
+ echo '<!-- WordPress HTTPS Proxy Check -->' . "\n";
471
+ echo '<script type="text/javascript">function getCookie(a){var b=document.cookie;var c=a+"=";var d=b.indexOf("; "+c);if(d==-1){d=b.indexOf(c);if(d!=0)return null}else{d+=2;var e=document.cookie.indexOf(";",d);if(e==-1){e=b.length}}return unescape(b.substring(d+c.length,e))}if(getCookie("wp_proxy")!=true){if(window.location.protocol=="https:"){document.cookie="wp_proxy=1; path=/; expires=' . $cookie_expiration . '"}else if(getCookie("wp_proxy")==null){document.cookie="wp_proxy=0; path=/; expires=' . $cookie_expiration . '"}if(getCookie("wp_proxy")!=null){window.location.reload()}else{document.write("You must enable cookies.")}}</script>' . "\n";
472
+ echo '<noscript>Your browser does not support JavaScript.</noscript>' . "\n";
473
+ exit();
474
+ }
475
+
476
+ /**
477
+ * Redirect Check
478
+ *
479
+ * Checks if the current page needs to be redirected
480
+ *
481
+ * @param none
482
+ * @return void
483
+ */
484
+ public function redirect_check() {
485
+ global $post;
486
+
487
+ $force_ssl = apply_filters('force_ssl', null, ( $post ? $post->ID : null ), ( $this->getPlugin()->isSsl() ? 'https' : 'http' ) . '://' . ( isset($_SERVER['HTTP_X_FORWARDED_SERVER']) ? $_SERVER['HTTP_X_FORWARDED_SERVER'] : $_SERVER['HTTP_HOST'] ) . $_SERVER['REQUEST_URI'] );
488
+
489
+ if ( ! $this->getPlugin()->isSsl() && isset($force_ssl) && $force_ssl ) {
490
+ $scheme = 'https';
491
+ } else if ( $this->getPlugin()->isSsl() && isset($force_ssl) && ! $force_ssl ) {
492
+ $scheme = 'http';
493
+ }
494
+
495
+ if ( isset($scheme) ) {
496
+ $this->getPlugin()->redirect($scheme);
497
+ }
498
+ }
499
+
500
+ /**
501
+ * Set Cookie
502
+ * WordPress Hook - set_auth_cookie, set_logged_in_cookie
503
+ *
504
+ * @param string $cookie
505
+ * @param string $expire
506
+ * @param int $expiration
507
+ * @param int $user_id
508
+ * @param string $scheme
509
+ * @return void
510
+ */
511
+ public function set_cookie($cookie, $expire, $expiration, $user_id, $scheme) {
512
+ if ( ( $scheme == 'secure_auth' && $this->getPlugin()->isSsl() ) || ( $this->getPlugin()->getSetting('ssl_admin') && ! $this->getPlugin()->getSetting('ssl_host_subdomain') ) ) {
513
+ $secure = true;
514
+ }
515
+ $secure = apply_filters('secure_auth_cookie', @$secure, $user_id);
516
+
517
+ if( $scheme == 'logged_in' ) {
518
+ $cookie_name = LOGGED_IN_COOKIE;
519
+ } elseif ( $secure ) {
520
+ $cookie_name = SECURE_AUTH_COOKIE;
521
+ $scheme = 'secure_auth';
522
+ } else {
523
+ $cookie_name = AUTH_COOKIE;
524
+ $scheme = 'auth';
525
+ $secure = false;
526
+ }
527
+
528
+ //$cookie_domain = COOKIE_DOMAIN;
529
+ $cookie_path = COOKIEPATH;
530
+ $cookie_path_site = SITECOOKIEPATH;
531
+ $cookie_path_plugins = PLUGINS_COOKIE_PATH;
532
+ $cookie_path_admin = ADMIN_COOKIE_PATH;
533
+
534
+ if ( $this->getPlugin()->isSsl() ) {
535
+ // If SSL Host is a subdomain, make cookie domain a wildcard
536
+ if ( $this->getPlugin()->getSetting('ssl_host_subdomain') ) {
537
+ $cookie_domain = '.' . $this->getPlugin()->getHttpsUrl()->getBaseHost();
538
+ // Otherwise, cookie domain set for different SSL Host
539
+ } else {
540
+ $cookie_domain = $this->getPlugin()->getHttpsUrl()->getHost();
541
+ }
542
+
543
+ if ( $this->getPlugin()->getHttpsUrl()->getPath() != '/' ) {
544
+ $cookie_path = str_replace($this->getPlugin()->getHttpsUrl()->getPath(), '', $cookie_path);
545
+ $cookie_path_site = str_replace($this->getPlugin()->getHttpsUrl()->getPath(), '', $cookie_path_site);
546
+ $cookie_path_plugins = str_replace($this->getPlugin()->getHttpsUrl()->getPath(), '', $cookie_path_plugins);
547
+ }
548
+
549
+ if ( $this->getPlugin()->getHttpUrl()->getPath() != '/' ) {
550
+ $cookie_path = str_replace($this->getPlugin()->getHttpUrl()->getPath(), '', $cookie_path);
551
+ $cookie_path_site = str_replace($this->getPlugin()->getHttpUrl()->getPath(), '', $cookie_path_site);
552
+ $cookie_path_plugins = str_replace($this->getPlugin()->getHttpUrl()->getPath(), '', $cookie_path_plugins);
553
+ }
554
+
555
+ $cookie_path = rtrim($this->getPlugin()->getHttpsUrl()->getPath(), '/') . $cookie_path;
556
+ $cookie_path_site = rtrim($this->getPlugin()->getHttpsUrl()->getPath(), '/') . $cookie_path_site;
557
+ $cookie_path_plugins = rtrim($this->getPlugin()->getHttpsUrl()->getPath(), '/') . $cookie_path_plugins;
558
+ $cookie_path_admin = rtrim($cookie_path_site, '/') . '/wp-admin';
559
+ }
560
+
561
+ if ( $scheme == 'logged_in' ) {
562
+ setcookie($cookie_name, $cookie, $expire, $cookie_path, $cookie_domain, $secure, true);
563
+ if ( $cookie_path != $cookie_path_site ) {
564
+ setcookie($cookie_name, $cookie, $expire, $cookie_path_site, $cookie_domain, $secure, true);
565
+ }
566
+ } else {
567
+ setcookie($cookie_name, $cookie, $expire, $cookie_path_plugins, $cookie_domain, false, true);
568
+ setcookie($cookie_name, $cookie, $expire, $cookie_path_admin, $cookie_domain, false, true);
569
+ }
570
+ }
571
+
572
+ /**
573
+ * Removes redirect_count cookie.
574
+ *
575
+ * @param none
576
+ * @return void
577
+ */
578
+ public function clear_redirect_count_cookie() {
579
+ if ( !headers_sent() && isset($_COOKIE['redirect_count']) ) {
580
+ setcookie('redirect_count', null, -time(), '/');
581
+ }
582
+ }
583
+
584
+ /**
585
+ * Clear Cookies
586
+ * WordPress Hook - clear_auth_cookie
587
+ *
588
+ * @param none
589
+ * @return void
590
+ */
591
+ public function clear_cookies() {
592
+ if ( $this->getPlugin()->getSetting('ssl_host_subdomain') ) {
593
+ $cookie_domain = '.' . $this->getPlugin()->getHttpsUrl()->getBaseHost();
594
+ } else {
595
+ $cookie_domain = $this->getPlugin()->getHttpsUrl()->getHost();
596
+ }
597
+
598
+ $cookie_path = COOKIEPATH;
599
+ $cookie_path_site = SITECOOKIEPATH;
600
+ $cookie_path_plugins = PLUGINS_COOKIE_PATH;
601
+
602
+ if ( $this->getPlugin()->getHttpsUrl()->getPath() != '/' ) {
603
+ $cookie_path = str_replace($this->getPlugin()->getHttpsUrl()->getPath(), '', $cookie_path);
604
+ $cookie_path_site = str_replace($this->getPlugin()->getHttpsUrl()->getPath(), '', $cookie_path_site);
605
+ $cookie_path_plugins = str_replace($this->getPlugin()->getHttpsUrl()->getPath(), '', $cookie_path_plugins);
606
+ }
607
+
608
+ if ( $this->getPlugin()->getHttpUrl()->getPath() != '/' ) {
609
+ $cookie_path = str_replace($this->getPlugin()->getHttpUrl()->getPath(), '', $cookie_path);
610
+ $cookie_path_site = str_replace($this->getPlugin()->getHttpUrl()->getPath(), '', $cookie_path_site);
611
+ $cookie_path_plugins = str_replace($this->getPlugin()->getHttpUrl()->getPath(), '', $cookie_path_plugins);
612
+ }
613
+
614
+ $cookie_path = rtrim($this->getPlugin()->getHttpsUrl()->getPath(), '/') . $cookie_path;
615
+ $cookie_path_site = rtrim($this->getPlugin()->getHttpsUrl()->getPath(), '/') . $cookie_path_site;
616
+ $cookie_path_plugins = rtrim($this->getPlugin()->getHttpsUrl()->getPath(), '/') . $cookie_path_plugins;
617
+ $cookie_path_admin = $cookie_path_site . 'wp-admin';
618
+
619
+ setcookie(AUTH_COOKIE, ' ', time() - 31536000, $cookie_path_admin, $cookie_domain);
620
+ setcookie(AUTH_COOKIE, ' ', time() - 31536000, $cookie_path_plugins, $cookie_domain);
621
+ setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, $cookie_path_admin, $cookie_domain);
622
+ setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, $cookie_path_plugins, $cookie_domain);
623
+ setcookie(LOGGED_IN_COOKIE, ' ', time() - 31536000, $cookie_path, $cookie_domain);
624
+ setcookie(LOGGED_IN_COOKIE, ' ', time() - 31536000, $cookie_path_site, $cookie_domain);
625
+
626
+ setcookie(AUTH_COOKIE, ' ', time() - 31536000, $cookie_path_admin);
627
+ setcookie(AUTH_COOKIE, ' ', time() - 31536000, $cookie_path_plugins);
628
+ setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, $cookie_path_admin);
629
+ setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, $cookie_path_plugins);
630
+ setcookie(LOGGED_IN_COOKIE, ' ', time() - 31536000, $cookie_path);
631
+ setcookie(LOGGED_IN_COOKIE, ' ', time() - 31536000, $cookie_path_site);
632
+ }
633
+
634
+ }
lib/WordPressHTTPS/Module/DomainMapping.php ADDED
@@ -0,0 +1,105 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ /**
3
+ * Admin Domain Mapping Module
4
+ *
5
+ * Adds the settings page.
6
+ *
7
+ * @author Mike Ems
8
+ * @package WordPressHTTPS
9
+ *
10
+ */
11
+
12
+ class WordPressHTTPS_Module_DomainMapping extends Mvied_Plugin_Module {
13
+
14
+ /**
15
+ * Initialize Module
16
+ *
17
+ * @param none
18
+ * @return void
19
+ */
20
+ public function init() {
21
+ if ( is_admin() && isset($_GET['page']) && strpos($_GET['page'], $this->getPlugin()->getSlug()) !== false ) {
22
+ if ( $_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['action']) && $_POST['action'] == 'wphttps-domain-mapping' ) {
23
+ add_action('plugins_loaded', array(&$this, 'save'), 1);
24
+ }
25
+
26
+ // Add meta boxes
27
+ add_action('admin_init', array(&$this, 'add_meta_boxes'));
28
+ }
29
+
30
+ // Custom filter https_external_url
31
+ add_filter('https_external_url', array(&$this, 'map_url'), 10);
32
+ }
33
+
34
+ /**
35
+ * Domain Mapping
36
+ *
37
+ * @param string $url
38
+ * @return string $url
39
+ */
40
+ public function map_url( $url ) {
41
+ if ( is_array($this->getPlugin()->getSetting('ssl_host_mapping')) && sizeof($this->getPlugin()->getSetting('ssl_host_mapping')) > 0 ) {
42
+ foreach( $this->getPlugin()->getSetting('ssl_host_mapping') as $http_domain => $https_domain ) {
43
+ preg_match('/' . $http_domain . '/', $url, $matches);
44
+ if ( sizeof($matches) > 0 ) {
45
+ $url = preg_replace('/' . $http_domain . '/', $https_domain, $url);
46
+ }
47
+ }
48
+ }
49
+ return $url;
50
+ }
51
+
52
+ /**
53
+ * Add meta boxes to WordPress HTTPS Settings page.
54
+ *
55
+ * @param none
56
+ * @return void
57
+ */
58
+ public function add_meta_boxes() {
59
+ add_meta_box(
60
+ $this->getPlugin()->getSlug() . '_domain_mapping',
61
+ __( 'Domain Mapping', $this->getPlugin()->getSlug() ),
62
+ array($this->getPlugin()->getModule('Admin'), 'meta_box_render'),
63
+ 'toplevel_page_' . $this->getPlugin()->getSlug(),
64
+ 'main',
65
+ 'core',
66
+ array( 'metabox' => 'domain_mapping' )
67
+ );
68
+ }
69
+
70
+ /**
71
+ * Save Domain Mapping
72
+ *
73
+ * @param array $settings
74
+ * @return void
75
+ */
76
+ public function save() {
77
+ if ( !wp_verify_nonce($_POST['_wpnonce'], $this->getPlugin()->getSlug() . '-options') ) {
78
+ return false;
79
+ }
80
+
81
+ $message = "Domain Mapping saved.";
82
+ $errors = array();
83
+ $reload = false;
84
+ $logout = false;
85
+ if ( isset($_POST['domain_mapping-save']) ) {
86
+ $ssl_host_mapping = array();
87
+ for( $i=0; $i<sizeof($_POST['http_domain']); $i++ ) {
88
+ if ( isset($_POST['http_domain'][$i]) && $_POST['http_domain'][$i] != '' && isset($_POST['https_domain'][$i]) && $_POST['https_domain'][$i] != '' ) {
89
+ $ssl_host_mapping[$_POST['http_domain'][$i]] = $_POST['https_domain'][$i];
90
+ }
91
+ }
92
+ $this->getPlugin()->setSetting('ssl_host_mapping', $ssl_host_mapping);
93
+ } else if ( isset($_POST['domain_mapping-reset']) ) {
94
+ $this->getPlugin()->setSetting('ssl_host_mapping', WordPressHTTPS::$ssl_host_mapping);
95
+ $reload = true;
96
+ }
97
+
98
+ if ( $logout ) {
99
+ wp_logout();
100
+ }
101
+
102
+ require_once($this->getPlugin()->getDirectory() . '/admin/templates/ajax_message.php');
103
+ }
104
+
105
+ }
lib/WordPressHTTPS/Module/Filters.php DELETED
@@ -1,324 +0,0 @@
1
- <?php
2
- /**
3
- * Filters Module
4
- *
5
- * @author Mike Ems
6
- * @package WordPressHTTPS
7
- *
8
- */
9
-
10
- class WordPressHTTPS_Module_Filters extends Mvied_Plugin_Module implements Mvied_Plugin_Module_Interface {
11
-
12
- /**
13
- * Initialize
14
- *
15
- * @param none
16
- * @return void
17
- */
18
- public function init() {
19
- // Prevent WordPress' canonical redirect when using a different SSL Host
20
- if ( $this->getPlugin()->getSetting('ssl_host_diff') && $this->getPlugin()->isSsl() ) {
21
- remove_filter('template_redirect', 'redirect_canonical');
22
- // Filter SSL Host path out of request
23
- add_filter('request', array(&$this, 'request'), 10, 1);
24
- // Add SSL Host path to rewrite rules
25
- add_filter('rewrite_rules_array', array(&$this, 'rewrite_rules'), 10, 1);
26
- }
27
-
28
- // Add SSL Host to allowed redirect hosts
29
- add_filter('allowed_redirect_hosts' , array(&$this, 'allowed_redirect_hosts'), 10, 1);
30
-
31
- // Filter get_avatar
32
- add_filter('get_avatar', array(&$this, 'get_avatar'), 10, 5);
33
-
34
- // Filter URL's
35
- add_filter('bloginfo_url', array(&$this, 'secure_url'), 10);
36
- add_filter('includes_url', array(&$this, 'secure_url'), 10);
37
- add_filter('plugins_url', array(&$this, 'secure_url'), 10);
38
- add_filter('logout_url', array(&$this, 'secure_url'), 10);
39
- add_filter('login_url', array(&$this, 'secure_url'), 10);
40
- add_filter('wp_get_attachment_url', array(&$this, 'secure_url'), 10);
41
- add_filter('template_directory_uri', array(&$this, 'secure_url'), 10);
42
- add_filter('stylesheet_directory_uri', array(&$this, 'secure_url'), 10);
43
-
44
- // Filter admin_url
45
- add_filter('admin_url', array(&$this, 'admin_url'), 10, 3);
46
-
47
- // Filter site_url
48
- add_filter('site_url', array(&$this, 'site_url'), 10, 4);
49
-
50
- // Filter force_ssl
51
- add_filter('force_ssl', array(&$this, 'secure_different_host_admin'), 20, 3);
52
- add_filter('force_ssl', array(&$this, 'secure_child_post'), 30, 3);
53
- add_filter('force_ssl', array(&$this, 'secure_post'), 40, 3);
54
- add_filter('force_ssl', array(&$this, 'secure_exclusive'), 50, 3);
55
-
56
- $filters = array('page_link', 'preview_page_link', 'post_link', 'preview_page_link', 'post_type_link', 'attachment_link', 'day_link', 'month_link', 'year_link', 'comment_reply_link', 'category_link', 'author_link', 'archives_link', 'tag_link', 'search_link');
57
- foreach( $filters as $filter ) {
58
- add_filter($filter, array(&$this, 'secure_post_link'), 10);
59
- }
60
- }
61
-
62
- /**
63
- * Admin URL
64
- * WordPress Filter - admin_url
65
- *
66
- * @param string $url
67
- * @param string $path
68
- * @param int $blog_id
69
- * @return string $url
70
- */
71
- public function admin_url( $url, $path, $blog_id ) {
72
- if ( ( $this->getPlugin()->getSetting('ssl_admin') || ( ( is_admin() || $GLOBALS['pagenow'] == 'wp-login.php' ) && $this->getPlugin()->isSsl() ) ) && ( ! is_multisite() || ( is_multisite() && parse_url($url, PHP_URL_HOST) == $this->getPlugin()->getHttpsUrl()->getHost() ) ) ) {
73
- $url = $this->getPlugin()->makeUrlHttps($url);
74
- }
75
- return $url;
76
- }
77
-
78
- /**
79
- * Site URL
80
- * WordPress Filter - site_url
81
- *
82
- * @param string $url
83
- * @param string $path
84
- * @param string $scheme
85
- * @param int $blog_id
86
- * @return string $url
87
- */
88
- public function site_url( $url, $path, $scheme, $blog_id ) {
89
- if ( $scheme == 'https' || ( $scheme != 'http' && $this->getPlugin()->isSsl() ) ) {
90
- $url = $this->getPlugin()->makeUrlHttps($url);
91
- }
92
- return $url;
93
- }
94
-
95
- /**
96
- * Allowed Redirect Hosts
97
- * WordPress Filter - aloowed_redirect_hosts
98
- *
99
- * @param array $content
100
- * @return array $content
101
- */
102
- public function allowed_redirect_hosts( $content ) {
103
- $content[] = $this->getPlugin()->getHttpsUrl()->getHost();
104
- return $content;
105
- }
106
-
107
- /**
108
- * Get Avatar
109
- * WordPress Filter - get_avatar
110
- *
111
- * @param string $avatar
112
- * @param string $id_or_email
113
- * @param int $size
114
- * @param string $alt
115
- * @return string $avatar
116
- */
117
- public function get_avatar( $avatar, $id_or_email, $size, $default, $alt ) {
118
- if ( $this->getPlugin()->isSsl() ) {
119
- // Set host to https://secure.gravatar.com
120
- if ( $avatar = preg_replace('/\d\.gravatar\.com/', 'secure.gravatar.com', $avatar) ) {
121
- $avatar = str_replace('http', 'https', str_replace('https', 'http', $avatar));
122
- }
123
- }
124
-
125
- return $avatar;
126
- }
127
-
128
- /**
129
- * Secure URL
130
- * WordPress Filter - bloginfo_url, includes_url
131
- *
132
- * @param string $url
133
- * @return string $url
134
- */
135
- public function secure_url( $url = '' ) {
136
- if ( $this->getPlugin()->isSsl() || ( $this->getPlugin()->getSetting('ssl_admin') && ( strpos($url, 'wp-admin') !== false || strpos($url, 'wp-login') !== false ) ) ) {
137
- $url = rtrim($this->getPlugin()->makeUrlHttps(rtrim($url, '/') . '/'), '/');
138
- } else if ( strpos(get_option('home'), 'https') !== 0 ) {
139
- $url = rtrim($this->getPlugin()->makeUrlHttp(rtrim($url, '/') . '/'), '/');
140
- }
141
- return $url;
142
- }
143
-
144
- /**
145
- * Filter Request
146
- * WordPress Filter - request
147
- *
148
- * @param array $request
149
- * @return array $request
150
- */
151
- public function request( $request ) {
152
- if ( !is_admin() && ( sizeof($request) == 1 || isset($request['pagename']) ) ) {
153
- $pagename = str_replace(trim($this->getPlugin()->getHttpsUrl()->getPath(), '/') . '/', '', ( isset($request['pagename']) ? $request['pagename'] : $_SERVER['REQUEST_URI'] ));
154
- $request['pagename'] = rtrim(rtrim($this->getPlugin()->getHttpUrl()->getPath(), '/') . '/' . $pagename, '/');
155
- }
156
- return $request;
157
- }
158
-
159
- /**
160
- * Add rewrite rule to recognize additional path information on SSL Host
161
- *
162
- * @param array $rules
163
- * @return array $rules
164
- */
165
- public function rewrite_rules( $rules = array() ) {
166
- $requestPath = str_replace($this->getPlugin()->getHttpsUrl()->getPath(), '', $_SERVER['REQUEST_URI']);
167
- if ( $this->getPlugin()->getHttpUrl()->getPath() != '/' ) {
168
- $httpsPath = str_replace($this->getPlugin()->getHttpUrl()->getPath(), '', $this->getPlugin()->getHttpsUrl()->getPath());
169
- } else {
170
- $httpsPath = $this->getPlugin()->getHttpsUrl()->getPath();
171
- }
172
- if ( $httpsPath != '/' ) {
173
- $rules['^' . $httpsPath . '([^\'"]+)'] = 'index.php?pagename=$matches[1]';
174
- }
175
- return $rules;
176
- }
177
-
178
- /**
179
- * Secure Post Link
180
- *
181
- * @param string $url
182
- * @return string $url
183
- */
184
- public function secure_post_link( $url ) {
185
- $force_ssl = apply_filters('force_ssl', null, 0, $url);
186
- if ( $force_ssl ) {
187
- $url = $this->getPlugin()->makeUrlHttps($url);
188
- } else if ( $this->getPlugin()->getSetting('exclusive_https') ) {
189
- $url = $this->getPlugin()->makeUrlHttp($url);
190
- }
191
- return $url;
192
- }
193
-
194
- /**
195
- * Secure Post
196
- * WordPress HTTPS Filter - force_ssl
197
- *
198
- * @param boolean $force_ssl
199
- * @param int $post_id
200
- * @param string $url
201
- * @return boolean $force_ssl
202
- */
203
- public function secure_post( $force_ssl, $post_id = 0, $url = '' ) {
204
- if ( $url != '' ) {
205
- $url_parts = parse_url($url);
206
- if ( $this->getPlugin()->isUrlLocal($url) ) {
207
- if ( $this->getPlugin()->getHttpsUrl()->getPath() != '/' ) {
208
- if ( $this->getPlugin()->getSetting('ssl_host_diff') ) {
209
- $url_parts['path'] = str_replace($this->getPlugin()->getHttpsUrl()->getPath(), '', $url_parts['path']);
210
- }
211
- if ( $this->getPlugin()->getHttpUrl()->getPath() != '/' ) {
212
- $url_parts['path'] = str_replace($this->getPlugin()->getHttpUrl()->getPath(), '', $url_parts['path']);
213
- }
214
- }
215
-
216
- // qTranslate integration - strips language from beginning of url path
217
- if ( defined('QTRANS_INIT') && constant('QTRANS_INIT') == true ) {
218
- global $q_config;
219
- if ( isset($q_config['enabled_languages']) ) {
220
- foreach($q_config['enabled_languages'] as $language) {
221
- $url_parts['path'] = preg_replace('/^\/' . $language . '\//', '/', $url_parts['path']);
222
- }
223
- }
224
- }
225
-
226
- // Check secure filters
227
- if ( sizeof($this->getPlugin()->getSetting('secure_filter')) > 0 ) {
228
- foreach( $this->getPlugin()->getSetting('secure_filter') as $filter ) {
229
- if ( strpos($url, $filter) !== false ) {
230
- $force_ssl = true;
231
- }
232
- }
233
- }
234
-
235
- if ( preg_match("/page_id=([\d]+)/", parse_url($url, PHP_URL_QUERY), $postID) ) {
236
- $post = $postID[1];
237
- } else if ( $url_parts['path'] == '' || $url_parts['path'] == '/' ) {
238
- if ( get_option('show_on_front') == 'page' ) {
239
- $post = get_option('page_on_front');
240
- }
241
- if ( $this->getPlugin()->getSetting('frontpage') ) {
242
- $force_ssl = true;
243
- }
244
- } else if ( $post = get_page_by_path($url_parts['path']) ) {
245
- $post = $post->ID;
246
- //TODO When logged in to HTTP and visiting an HTTPS page, admin links will always be forced to HTTPS, even if the user is not logged in via HTTPS. I need to find a way to detect this.
247
- } else if ( ( strpos($url_parts['path'], 'wp-admin') !== false || strpos($url_parts['path'], 'wp-login') !== false ) && ( $this->getPlugin()->isSsl() || $this->getPlugin()->getSetting('ssl_admin') ) ) {
248
- if ( ! is_multisite() || ( is_multisite() && strpos($url_parts['host'], $this->getPlugin()->getHttpsUrl()->getHost()) !== false ) ) {
249
- $force_ssl = true;
250
- }
251
- }
252
- } else if ( is_multisite() ) {
253
- // get_blog_details returns an object with a property of blog_id
254
- if ( $blog_details = get_blog_details( array( 'domain' => $url_parts['host'] )) ) {
255
- // set $blog_id using $blog_details->blog_id
256
- $blog_id = $blog_details->blog_id;
257
- if ( $this->getPlugin()->getSetting('ssl_admin', $blog_id) && $url_parts['scheme'] != 'https' && ( ! $this->getPlugin()->getSetting('ssl_host_diff', $blog_id) || ( $this->getPlugin()->getSetting('ssl_host_diff', $blog_id) && is_user_logged_in() ) ) ) {
258
- $force_ssl = true;
259
- }
260
- }
261
- }
262
- }
263
- if ( (int) $post > 0 ) {
264
- $force_ssl = (( get_post_meta($post, 'force_ssl', true) == 1 ) ? true : $force_ssl);
265
- }
266
- return $force_ssl;
267
- }
268
-
269
- /**
270
- * Always secure pages when using a different SSL Host.
271
- * WordPress HTTPS Filter - force_ssl
272
- *
273
- * @param boolean $force_ssl
274
- * @param int $post_id
275
- * @param string $url
276
- * @return boolean $force_ssl
277
- */
278
- public function secure_exclusive( $force_ssl, $post_id = 0, $url = '' ) {
279
- if ( is_null($force_ssl) && strpos(get_option('home'), 'https') !== 0 && $this->getPlugin()->getSetting('exclusive_https') ) {
280
- $force_ssl = false;
281
- }
282
- return $force_ssl;
283
- }
284
-
285
- /**
286
- * Always secure pages when using a different SSL Host.
287
- * WordPress HTTPS Filter - force_ssl
288
- *
289
- * @param boolean $force_ssl
290
- * @param int $post_id
291
- * @param string $url
292
- * @return boolean $force_ssl
293
- */
294
- public function secure_different_host_admin( $force_ssl, $post_id = 0, $url = '' ) {
295
- if ( ! $this->getPlugin()->getSetting('ssl_host_subdomain') && $this->getPlugin()->getSetting('ssl_host_diff') && $this->getPlugin()->getSetting('ssl_admin') && is_user_logged_in() ) {
296
- $force_ssl = true;
297
- }
298
- return $force_ssl;
299
- }
300
-
301
- /**
302
- * Secure Child Post
303
- * WordPress HTTPS Filter - force_ssl
304
- *
305
- * @param boolean $force_ssl
306
- * @param int $post_id
307
- * @param string $url
308
- * @return boolean $force_ssl
309
- */
310
- public function secure_child_post( $force_ssl, $post_id = 0, $url = '' ) {
311
- if ( $post_id > 0 ) {
312
- $postParent = get_post($post_id);
313
- while ( $postParent->post_parent ) {
314
- $postParent = get_post( $postParent->post_parent );
315
- if ( get_post_meta($postParent->ID, 'force_ssl_children', true) == 1 ) {
316
- $force_ssl = true;
317
- break;
318
- }
319
- }
320
- }
321
- return $force_ssl;
322
- }
323
-
324
- }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
lib/WordPressHTTPS/Module/Hooks.php DELETED
@@ -1,293 +0,0 @@
1
- <?php
2
- /**
3
- * Hooks Module
4
- *
5
- * @author Mike Ems
6
- * @package WordPressHTTPS
7
- *
8
- */
9
-
10
- class WordPressHTTPS_Module_Hooks extends Mvied_Plugin_Module implements Mvied_Plugin_Module_Interface {
11
-
12
- /**
13
- * Initialize
14
- *
15
- * @param none
16
- * @return void
17
- */
18
- public function init() {
19
- if ( $this->getPlugin()->getSetting('ssl_host_diff') ) {
20
- // Remove SSL Host authentication cookies on logout
21
- add_action('clear_auth_cookie', array(&$this, 'clear_cookies'));
22
-
23
- // Set authentication cookie
24
- if ( $this->getPlugin()->isSsl() ) {
25
- add_action('set_auth_cookie', array(&$this, 'set_cookie'), 10, 5);
26
- add_action('set_logged_in_cookie', array(&$this, 'set_cookie'), 10, 5);
27
- }
28
- }
29
-
30
- // Filter scripts
31
- add_action('wp_print_scripts', array(&$this, 'fix_scripts'), 100, 0);
32
-
33
- // Filter styles
34
- add_action('wp_print_styles', array(&$this, 'fix_styles'), 100, 0);
35
-
36
- // Filter redirects in admin panel
37
- if ( is_admin() && ( $this->getPlugin()->getSetting('ssl_admin') || $this->getPlugin()->isSsl() ) ) {
38
- add_action('wp_redirect', array($this->getPlugin(), 'redirectAdmin'), 10, 1);
39
- }
40
-
41
- // Run proxy check
42
- if ( $this->getPlugin()->getSetting('ssl_proxy') === 'auto' ) {
43
- // If page is not SSL and no proxy cookie is detected, run proxy check
44
- if ( ! $this->getPlugin()->isSsl() && ! isset($_COOKIE['wp_proxy']) ) {
45
- add_action('init', array(&$this, 'proxy_check'), 1);
46
- add_action('admin_init', array(&$this, 'proxy_check'), 1);
47
- // Update ssl_proxy setting if a proxy has been detected
48
- } else if ( $this->getPlugin()->getSetting('ssl_proxy') !== true && isset($_COOKIE['wp_proxy']) && $_COOKIE['wp_proxy'] == 1 ) {
49
- $this->getPlugin()->setSetting('ssl_proxy', 1);
50
- // Update ssl_proxy if proxy is no longer detected
51
- } else if ( $this->getPlugin()->getSetting('ssl_proxy') !== false && isset($_COOKIE['wp_proxy']) && $_COOKIE['wp_proxy'] != 1 ) {
52
- $this->getPlugin()->setSetting('ssl_proxy', 0);
53
- }
54
- }
55
-
56
- // Check if the page needs to be redirected
57
- add_action('template_redirect', array(&$this, 'redirect_check'), 10, 1);
58
- add_action('template_redirect', array(&$this, 'clear_redirect_count_cookie'), 9, 1);
59
- }
60
-
61
- /**
62
- * Fix Enqueued Scripts
63
- *
64
- * @param none
65
- * @return void
66
- */
67
- public function fix_scripts() {
68
- global $wp_scripts;
69
- if ( isset($wp_scripts) && sizeof($wp_scripts->registered) > 0 ) {
70
- foreach ( $wp_scripts->registered as $script ) {
71
- if ( strpos($script->src, 'http') !== 0 ) {
72
- $script->src = site_url($script->src);
73
- }
74
- if ( $this->getPlugin()->isSsl() ) {
75
- $script->src = $this->getPlugin()->makeUrlHttps($script->src);
76
- } else {
77
- $script->src = $this->getPlugin()->makeUrlHttp($script->src);
78
- }
79
- }
80
- }
81
- }
82
-
83
- /**
84
- * Fix Enqueued Styles
85
- *
86
- * @param none
87
- * @return void
88
- */
89
- public function fix_styles() {
90
- global $wp_styles;
91
- if ( isset($wp_styles) && sizeof($wp_styles->registered) > 0 ) {
92
- foreach ( (array)$wp_styles->registered as $style ) {
93
- if ( strpos($style->src, 'http') !== 0 ) {
94
- $style->src = site_url($style->src);
95
- }
96
- if ( $this->getPlugin()->isSsl() ) {
97
- $style->src = $this->getPlugin()->makeUrlHttps($style->src);
98
- } else {
99
- $style->src = $this->getPlugin()->makeUrlHttp($style->src);
100
- }
101
- }
102
- }
103
- }
104
-
105
- /**
106
- * Proxy Check
107
- *
108
- * If the server is on a proxy and not correctly reporting HTTPS, this
109
- * JavaScript makes sure that the correct redirect takes place.
110
- *
111
- * @param none
112
- * @return void
113
- */
114
- public function proxy_check() {
115
- if ( ! is_user_logged_in() ) {
116
- return false;
117
- }
118
- $cookie_expiration = gmdate('D, d-M-Y H:i:s T', strtotime('now + 10 years'));
119
- echo '<!-- WordPress HTTPS Proxy Check -->' . "\n";
120
- echo '<script type="text/javascript">function getCookie(a){var b=document.cookie;var c=a+"=";var d=b.indexOf("; "+c);if(d==-1){d=b.indexOf(c);if(d!=0)return null}else{d+=2;var e=document.cookie.indexOf(";",d);if(e==-1){e=b.length}}return unescape(b.substring(d+c.length,e))}if(getCookie("wp_proxy")!=true){if(window.location.protocol=="https:"){document.cookie="wp_proxy=1; path=/; expires=' . $cookie_expiration . '"}else if(getCookie("wp_proxy")==null){document.cookie="wp_proxy=0; path=/; expires=' . $cookie_expiration . '"}if(getCookie("wp_proxy")!=null){window.location.reload()}else{document.write("You must enable cookies.")}}</script>' . "\n";
121
- echo '<noscript>Your browser does not support JavaScript.</noscript>' . "\n";
122
- exit();
123
- }
124
-
125
- /**
126
- * Redirect Check
127
- *
128
- * Checks if the current page needs to be redirected
129
- *
130
- * @param none
131
- * @return void
132
- */
133
- public function redirect_check() {
134
- global $post;
135
-
136
- // Force SSL Admin
137
- if ( ( is_admin() || $GLOBALS['pagenow'] == 'wp-login.php' ) && $this->getPlugin()->getSetting('ssl_admin') && ! $this->getPlugin()->isSsl() ) {
138
- $this->getPlugin()->redirect('https');
139
- }
140
-
141
- if ( ! (is_single() || is_page() || is_front_page() || is_home()) ) {
142
- return false;
143
- }
144
-
145
- if ( $post->ID > 0 ) {
146
- $force_ssl = apply_filters('force_ssl', null, $post->ID, ( $this->getPlugin()->isSsl() ? 'https' : 'http' ) . '://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
147
- }
148
-
149
- if ( ! $this->getPlugin()->isSsl() && isset($force_ssl) && $force_ssl ) {
150
- $scheme = 'https';
151
- } else if ( $this->getPlugin()->isSsl() && isset($force_ssl) && ! $force_ssl ) {
152
- $scheme = 'http';
153
- }
154
-
155
-
156
- if ( isset($scheme) ) {
157
- $this->getPlugin()->redirect($scheme);
158
- }
159
- }
160
-
161
- /**
162
- * Set Cookie
163
- * WordPress Hook - set_auth_cookie, set_logged_in_cookie
164
- *
165
- * @param string $cookie
166
- * @param string $expire
167
- * @param int $expiration
168
- * @param int $user_id
169
- * @param string $scheme
170
- * @return void
171
- */
172
- public function set_cookie($cookie, $expire, $expiration, $user_id, $scheme) {
173
- if ( ( $scheme == 'secure_auth' && $this->getPlugin()->isSsl() ) || ( $this->getPlugin()->getSetting('ssl_admin') && ! $this->getPlugin()->getSetting('ssl_host_subdomain') ) ) {
174
- $secure = true;
175
- }
176
- $secure = apply_filters('secure_auth_cookie', @$secure, $user_id);
177
-
178
- if( $scheme == 'logged_in' ) {
179
- $cookie_name = LOGGED_IN_COOKIE;
180
- } elseif ( $secure ) {
181
- $cookie_name = SECURE_AUTH_COOKIE;
182
- $scheme = 'secure_auth';
183
- } else {
184
- $cookie_name = AUTH_COOKIE;
185
- $scheme = 'auth';
186
- $secure = false;
187
- }
188
-
189
- //$cookie_domain = COOKIE_DOMAIN;
190
- $cookie_path = COOKIEPATH;
191
- $cookie_path_site = SITECOOKIEPATH;
192
- $cookie_path_plugins = PLUGINS_COOKIE_PATH;
193
- $cookie_path_admin = ADMIN_COOKIE_PATH;
194
-
195
- if ( $this->getPlugin()->isSsl() ) {
196
- // If SSL Host is a subdomain, make cookie domain a wildcard
197
- if ( $this->getPlugin()->getSetting('ssl_host_subdomain') ) {
198
- $cookie_domain = '.' . $this->getPlugin()->getHttpsUrl()->getBaseHost();
199
- // Otherwise, cookie domain set for different SSL Host
200
- } else {
201
- $cookie_domain = $this->getPlugin()->getHttpsUrl()->getHost();
202
- }
203
-
204
- if ( $this->getPlugin()->getHttpsUrl()->getPath() != '/' ) {
205
- $cookie_path = str_replace($this->getPlugin()->getHttpsUrl()->getPath(), '', $cookie_path);
206
- $cookie_path_site = str_replace($this->getPlugin()->getHttpsUrl()->getPath(), '', $cookie_path_site);
207
- $cookie_path_plugins = str_replace($this->getPlugin()->getHttpsUrl()->getPath(), '', $cookie_path_plugins);
208
- }
209
-
210
- if ( $this->getPlugin()->getHttpUrl()->getPath() != '/' ) {
211
- $cookie_path = str_replace($this->getPlugin()->getHttpUrl()->getPath(), '', $cookie_path);
212
- $cookie_path_site = str_replace($this->getPlugin()->getHttpUrl()->getPath(), '', $cookie_path_site);
213
- $cookie_path_plugins = str_replace($this->getPlugin()->getHttpUrl()->getPath(), '', $cookie_path_plugins);
214
- }
215
-
216
- $cookie_path = rtrim($this->getPlugin()->getHttpsUrl()->getPath(), '/') . $cookie_path;
217
- $cookie_path_site = rtrim($this->getPlugin()->getHttpsUrl()->getPath(), '/') . $cookie_path_site;
218
- $cookie_path_plugins = rtrim($this->getPlugin()->getHttpsUrl()->getPath(), '/') . $cookie_path_plugins;
219
- $cookie_path_admin = rtrim($cookie_path_site, '/') . '/wp-admin';
220
- }
221
-
222
- if ( $scheme == 'logged_in' ) {
223
- setcookie($cookie_name, $cookie, $expire, $cookie_path, $cookie_domain, $secure, true);
224
- if ( $cookie_path != $cookie_path_site ) {
225
- setcookie($cookie_name, $cookie, $expire, $cookie_path_site, $cookie_domain, $secure, true);
226
- }
227
- } else {
228
- setcookie($cookie_name, $cookie, $expire, $cookie_path_plugins, $cookie_domain, false, true);
229
- setcookie($cookie_name, $cookie, $expire, $cookie_path_admin, $cookie_domain, false, true);
230
- }
231
- }
232
-
233
- /**
234
- * Removes redirect_count cookie.
235
- *
236
- * @param none
237
- * @return void
238
- */
239
- public function clear_redirect_count_cookie() {
240
- setcookie('redirect_count', null, -time(), '/');
241
- }
242
-
243
- /**
244
- * Clear Cookies
245
- * WordPress Hook - clear_auth_cookie
246
- *
247
- * @param none
248
- * @return void
249
- */
250
- public function clear_cookies() {
251
- if ( $this->getPlugin()->getSetting('ssl_host_subdomain') ) {
252
- $cookie_domain = '.' . $this->getPlugin()->getHttpsUrl()->getBaseHost();
253
- } else {
254
- $cookie_domain = $this->getPlugin()->getHttpsUrl()->getHost();
255
- }
256
-
257
- $cookie_path = COOKIEPATH;
258
- $cookie_path_site = SITECOOKIEPATH;
259
- $cookie_path_plugins = PLUGINS_COOKIE_PATH;
260
-
261
- if ( $this->getPlugin()->getHttpsUrl()->getPath() != '/' ) {
262
- $cookie_path = str_replace($this->getPlugin()->getHttpsUrl()->getPath(), '', $cookie_path);
263
- $cookie_path_site = str_replace($this->getPlugin()->getHttpsUrl()->getPath(), '', $cookie_path_site);
264
- $cookie_path_plugins = str_replace($this->getPlugin()->getHttpsUrl()->getPath(), '', $cookie_path_plugins);
265
- }
266
-
267
- if ( $this->getPlugin()->getHttpUrl()->getPath() != '/' ) {
268
- $cookie_path = str_replace($this->getPlugin()->getHttpUrl()->getPath(), '', $cookie_path);
269
- $cookie_path_site = str_replace($this->getPlugin()->getHttpUrl()->getPath(), '', $cookie_path_site);
270
- $cookie_path_plugins = str_replace($this->getPlugin()->getHttpUrl()->getPath(), '', $cookie_path_plugins);
271
- }
272
-
273
- $cookie_path = rtrim($this->getPlugin()->getHttpsUrl()->getPath(), '/') . $cookie_path;
274
- $cookie_path_site = rtrim($this->getPlugin()->getHttpsUrl()->getPath(), '/') . $cookie_path_site;
275
- $cookie_path_plugins = rtrim($this->getPlugin()->getHttpsUrl()->getPath(), '/') . $cookie_path_plugins;
276
- $cookie_path_admin = $cookie_path_site . 'wp-admin';
277
-
278
- setcookie(AUTH_COOKIE, ' ', time() - 31536000, $cookie_path_admin, $cookie_domain);
279
- setcookie(AUTH_COOKIE, ' ', time() - 31536000, $cookie_path_plugins, $cookie_domain);
280
- setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, $cookie_path_admin, $cookie_domain);
281
- setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, $cookie_path_plugins, $cookie_domain);
282
- setcookie(LOGGED_IN_COOKIE, ' ', time() - 31536000, $cookie_path, $cookie_domain);
283
- setcookie(LOGGED_IN_COOKIE, ' ', time() - 31536000, $cookie_path_site, $cookie_domain);
284
-
285
- setcookie(AUTH_COOKIE, ' ', time() - 31536000, $cookie_path_admin);
286
- setcookie(AUTH_COOKIE, ' ', time() - 31536000, $cookie_path_plugins);
287
- setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, $cookie_path_admin);
288
- setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, $cookie_path_plugins);
289
- setcookie(LOGGED_IN_COOKIE, ' ', time() - 31536000, $cookie_path);
290
- setcookie(LOGGED_IN_COOKIE, ' ', time() - 31536000, $cookie_path_site);
291
- }
292
-
293
- }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
lib/WordPressHTTPS/Module/Network.php ADDED
@@ -0,0 +1,144 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ /**
3
+ * Network admin Settings Module
4
+ *
5
+ * Adds the network settings page.
6
+ *
7
+ * @author Mike Ems
8
+ * @package WordPressHTTPS
9
+ *
10
+ */
11
+
12
+ class WordPressHTTPS_Module_Network extends Mvied_Plugin_Module {
13
+
14
+ /**
15
+ * Initialize Module
16
+ *
17
+ * @param none
18
+ * @return void
19
+ */
20
+ public function init() {
21
+ if ( is_admin() && isset($_GET['page']) && strpos($_GET['page'], $this->getPlugin()->getSlug()) !== false ) {
22
+ // Network admin
23
+ if ( strpos($_SERVER['REQUEST_URI'], 'wp-admin/network') !== false ) {
24
+ if ( $_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['action']) && $_POST['action'] == 'wphttps-network' ) {
25
+ add_action('plugins_loaded', array(&$this, 'save'), 1);
26
+ }
27
+
28
+ // Add meta boxes
29
+ add_action('admin_init', array(&$this, 'add_meta_boxes'));
30
+ }
31
+ }
32
+
33
+ if ( is_multisite() ) {
34
+ //add_action('network_admin_menu', array(&$this, 'network_admin_menu'));
35
+ }
36
+ }
37
+
38
+ /**
39
+ * Network admin panel menu option
40
+ * WordPress Hook - network_admin_menu
41
+ *
42
+ * @param none
43
+ * @return void
44
+ */
45
+ public function network_admin_menu() {
46
+ add_menu_page('HTTPS', 'HTTPS', 'manage_options', $this->getPlugin()->getSlug(), array(&$this, 'dispatch'), '', 88);
47
+ }
48
+
49
+ /**
50
+ * Add meta boxes to WordPress HTTPS Settings page.
51
+ *
52
+ * @param none
53
+ * @return void
54
+ */
55
+ public function add_meta_boxes() {
56
+ add_meta_box(
57
+ $this->getPlugin()->getSlug() . '_settings',
58
+ __( 'Network Settings', $this->getPlugin()->getSlug() ),
59
+ array($this->getPlugin()->getModule('Admin'), 'meta_box_render'),
60
+ 'toplevel_page_' . $this->getPlugin()->getSlug() . '_network',
61
+ 'main',
62
+ 'core',
63
+ array( 'metabox' => 'network' )
64
+ );
65
+ add_meta_box(
66
+ $this->getPlugin()->getSlug() . '_donate2',
67
+ __( 'Loading...', $this->getPlugin()->getSlug() ),
68
+ array($this->getPlugin()->getModule('Admin'), 'meta_box_render'),
69
+ 'toplevel_page_' . $this->getPlugin()->getSlug() . '_network',
70
+ 'main',
71
+ 'low',
72
+ array( 'metabox' => 'ajax', 'url' => 'http://wordpresshttps.com/client/donate2.php' )
73
+ );
74
+ }
75
+
76
+ /**
77
+ * Dispatch request for settings page
78
+ *
79
+ * @param none
80
+ * @return void
81
+ */
82
+ public function dispatch() {
83
+ if ( !current_user_can('manage_network_options') ) {
84
+ wp_die( __('You do not have sufficient permissions to access this page.') );
85
+ }
86
+
87
+ self::render();
88
+ }
89
+
90
+ /**
91
+ * Render settings page
92
+ *
93
+ * @param none
94
+ * @return void
95
+ */
96
+ public function render() {
97
+ require_once($this->getPlugin()->getDirectory() . '/admin/templates/network.php');
98
+ }
99
+
100
+ /**
101
+ * Save Settings
102
+ *
103
+ * @param array $settings
104
+ * @return void
105
+ */
106
+ public function save() {
107
+ if ( !wp_verify_nonce($_POST['_wpnonce'], $this->getPlugin()->getSlug() . '-options') ) {
108
+ return false;
109
+ }
110
+
111
+ $message = "Network settings saved.";
112
+ $errors = array();
113
+ $reload = false;
114
+ $logout = false;
115
+ if ( isset($_POST['network-settings-reset']) ) {
116
+
117
+ } else if ( isset($_POST['network-settings-save']) ) {
118
+
119
+ }
120
+
121
+ if ( $logout ) {
122
+ wp_logout();
123
+ }
124
+
125
+ if ( array_key_exists('ajax', $_POST) ) {
126
+ error_reporting(0);
127
+ while(@ob_end_clean());
128
+ if ( sizeof( $errors ) > 0 ) {
129
+ echo "<div class=\"error below-h2 fade wphttps-message\" id=\"message\">\n\t<ul>\n";
130
+ foreach ( $errors as $error ) {
131
+ echo "\t\t<li><p>".$error."</p></li>\n";
132
+ }
133
+ echo "\t</ul>\n</div>\n";
134
+ } else {
135
+ echo "<div class=\"updated below-h2 fade wphttps-message\" id=\"message\"><p>" . $message . "</p></div>\n";
136
+ if ( $logout || $reload ) {
137
+ echo "<script type=\"text/javascript\">window.location.reload();</script>";
138
+ }
139
+ }
140
+ exit();
141
+ }
142
+ }
143
+
144
+ }
lib/WordPressHTTPS/Module/Parser.php CHANGED
@@ -7,7 +7,7 @@
7
  *
8
  */
9
 
10
- class WordPressHTTPS_Module_Parser extends Mvied_Plugin_Module implements Mvied_Plugin_Module_Interface {
11
 
12
  /**
13
  * HTML
@@ -53,7 +53,7 @@ class WordPressHTTPS_Module_Parser extends Mvied_Plugin_Module implements Mvied_
53
  $this->fixElements();
54
  $this->fixCssElements();
55
  $this->fixRelativeElements();
56
-
57
  // Output logger contents to browsers console if in Debug Mode
58
  if ( $this->getPlugin()->getSetting('debug') == true ) {
59
  $this->consoleLog();
@@ -81,23 +81,35 @@ class WordPressHTTPS_Module_Parser extends Mvied_Plugin_Module implements Mvied_
81
  */
82
  public function secureElement( $url, $type = '' ) {
83
  $updated = false;
 
84
  $upload_dir = wp_upload_dir();
85
  $upload_path = str_replace($this->getPlugin()->getHttpsUrl()->getPath(), $this->getPlugin()->getHttpUrl()->getPath(), parse_url($upload_dir['baseurl'], PHP_URL_PATH));
86
 
87
  if ( ! is_admin() || ( is_admin() && strpos($url, $upload_path) === false ) ) {
88
  $updated = $this->getPlugin()->makeUrlHttps($url);
89
- $this->_html = str_replace($url, $updated, $this->_html);
 
 
 
 
90
  }
91
-
92
  // Add log entry if this change hasn't been logged
93
- if ( $updated && $url != $updated ) {
94
  $log = '[FIXED] Element: ' . ( $type != '' ? '<' . $type . '> ' : '' ) . $url . ' => ' . $updated;
95
- } else if ( $updated == false && strpos($url, 'http://') == 0 ) {
96
- $log = '[WARNING] Unsecure Element: <' . $type . '> - ' . $url;
 
 
 
 
 
97
  }
98
  if ( isset($log) && ! in_array($log, $this->getPlugin()->getLogger()->getLog()) ) {
99
  $this->getPlugin()->getLogger()->log($log);
100
  }
 
 
101
  }
102
 
103
  /**
@@ -133,22 +145,20 @@ class WordPressHTTPS_Module_Parser extends Mvied_Plugin_Module implements Mvied_
133
  public function normalizeElements() {
134
  $httpMatches = array();
135
  $httpsMatches = array();
136
- if ( $this->getPlugin()->getSetting('ssl_host_diff') && !is_admin() && $GLOBALS['pagenow'] != 'wp-login.php' ) {
137
  $url = clone $this->getPlugin()->getHttpsUrl();
138
  $url->setScheme('http');
139
- preg_match_all('/(' . str_replace('/', '\/', preg_quote($url->toString())) . '[^\'"\)]*)[\'"]?/im', $this->_html, $httpsMatches);
140
 
141
- if ( $this->getPlugin()->isSsl() ) {
142
- $url = clone $this->getPlugin()->getHttpUrl();
143
- $url->setScheme('https');
144
- preg_match_all('/(' . str_replace('/', '\/', preg_quote($url->toString())) . '[^\'"\)]*)[\'"]?/im', $this->_html, $httpMatches);
145
- }
146
 
147
  $matches = array_merge($httpMatches, $httpsMatches);
148
  for ($i = 0; $i < sizeof($matches[0]); $i++) {
149
  if ( isset($matches[1][$i]) ) {
150
  $url_parts = parse_url($matches[1][$i]);
151
- if ( $url_parts && strpos($url_parts['path'], $this->getPlugin()->getHttpsUrl()) !== false && strpos($url_parts['path'], 'wp-admin') === false && strpos($url_parts['path'], 'wp-login') === false ) {
152
  $this->_html = str_replace($url, $this->getPlugin()->makeUrlHttp($url), $this->_html);
153
  }
154
  }
@@ -164,9 +174,9 @@ class WordPressHTTPS_Module_Parser extends Mvied_Plugin_Module implements Mvied_
164
  */
165
  public function fixElements() {
166
  if ( is_admin() ) {
167
- preg_match_all('/\<(script|link|img)[^>]+[\'"]((http|https):\/\/[^\'"\)]+)[\'"\)][^>]*>/im', $this->_html, $matches);
168
  } else {
169
- preg_match_all('/\<(script|link|img|input|embed|param)[^>]+[\'"]((http|https):\/\/[^\'"\)]+)[\'"\)][^>]*>/im', $this->_html, $matches);
170
  }
171
 
172
  for ($i = 0; $i < sizeof($matches[0]); $i++) {
@@ -176,7 +186,7 @@ class WordPressHTTPS_Module_Parser extends Mvied_Plugin_Module implements Mvied_
176
  $scheme = $matches[3][$i];
177
  $updated = false;
178
 
179
- if ( $type == 'img' || $type == 'script' || $type == 'embed' ||
180
  ( $type == 'link' && ( strpos($html, 'stylesheet') !== false || strpos($html, 'pingback') !== false ) ) ||
181
  ( $type == 'form' && strpos($html, 'wp-pass.php') !== false ) ||
182
  ( $type == 'form' && strpos($html, 'commentform') !== false ) ||
@@ -184,7 +194,9 @@ class WordPressHTTPS_Module_Parser extends Mvied_Plugin_Module implements Mvied_
184
  ( $type == 'param' && strpos($html, 'movie') !== false )
185
  ) {
186
  if ( $this->getPlugin()->isSsl() && ( $this->getPlugin()->getSetting('ssl_host_diff') || ( !$this->getPlugin()->getSetting('ssl_host_diff') && strpos($url, 'http://') === 0 ) ) ) {
187
- $this->secureElement($url, $type);
 
 
188
  } else if ( !$this->getPlugin()->isSsl() && strpos($url, 'https://') === 0 ) {
189
  $this->unsecureElement($url, $type);
190
  }
@@ -231,10 +243,12 @@ class WordPressHTTPS_Module_Parser extends Mvied_Plugin_Module implements Mvied_
231
  ( $type == 'input' && $attr == 'image' ) ||
232
  ( $type == 'input' && strpos($html, '_wp_http_referer') !== false )
233
  ) {
234
- $updated = clone $this->getPlugin()->getHttpsUrl();
235
- $updated->setPath($url_path);
236
- $this->_html = str_replace($html, str_replace($url_path, $updated, $html), $this->_html);
237
- $this->getPlugin()->getLogger()->log('[FIXED] Element: <' . $type . '> - ' . $url_path . ' => ' . $updated);
 
 
238
  }
239
  }
240
  }
@@ -247,11 +261,11 @@ class WordPressHTTPS_Module_Parser extends Mvied_Plugin_Module implements Mvied_
247
  * @return void
248
  */
249
  public function fixExtensions() {
250
- @preg_match_all('/(http|https):\/\/[^\'"\)\s]+[\'"\)]+/i', $this->_html, $matches);
251
- for ($i = 0; $i < sizeof($matches[0]); $i++) {
252
- $url = $matches[0][$i];
253
  $filename = basename($url);
254
- $scheme = $matches[1][$i];
255
 
256
  foreach( $this->_extensions as $extension ) {
257
  if ( $extension == 'js' ) {
@@ -261,7 +275,7 @@ class WordPressHTTPS_Module_Parser extends Mvied_Plugin_Module implements Mvied_
261
  } else if ( in_array($extension, array('jpg', 'jpeg', 'png', 'gif')) ) {
262
  $type = 'img';
263
  } else {
264
- $type = '';
265
  }
266
 
267
  if ( strpos($filename, '.' . $extension) !== false ) {
@@ -292,12 +306,16 @@ class WordPressHTTPS_Module_Parser extends Mvied_Plugin_Module implements Mvied_
292
  $scheme = $matches[3][$i];
293
  $updated = false;
294
 
 
 
 
 
295
  $force_ssl = apply_filters('force_ssl', null, 0, $url );
296
 
297
  if ( $force_ssl == true ) {
298
  $updated = $this->getPlugin()->makeUrlHttps($url);
299
  $this->_html = str_replace($html, str_replace($url, $updated, $html), $this->_html);
300
- } else if ( $this->getPlugin()->isUrlLocal($url) && $this->getPlugin()->getSetting('exclusive_https') ) {
301
  $updated = $this->getPlugin()->makeUrlHttp($url);
302
  $this->_html = str_replace($html, str_replace($url, $updated, $html), $this->_html);
303
  }
7
  *
8
  */
9
 
10
+ class WordPressHTTPS_Module_Parser extends Mvied_Plugin_Module {
11
 
12
  /**
13
  * HTML
53
  $this->fixElements();
54
  $this->fixCssElements();
55
  $this->fixRelativeElements();
56
+
57
  // Output logger contents to browsers console if in Debug Mode
58
  if ( $this->getPlugin()->getSetting('debug') == true ) {
59
  $this->consoleLog();
81
  */
82
  public function secureElement( $url, $type = '' ) {
83
  $updated = false;
84
+ $result = false;
85
  $upload_dir = wp_upload_dir();
86
  $upload_path = str_replace($this->getPlugin()->getHttpsUrl()->getPath(), $this->getPlugin()->getHttpUrl()->getPath(), parse_url($upload_dir['baseurl'], PHP_URL_PATH));
87
 
88
  if ( ! is_admin() || ( is_admin() && strpos($url, $upload_path) === false ) ) {
89
  $updated = $this->getPlugin()->makeUrlHttps($url);
90
+ if ( $url != $updated ) {
91
+ $this->_html = str_replace($url, $updated, $this->_html);
92
+ } else {
93
+ $updated = false;
94
+ }
95
  }
96
+
97
  // Add log entry if this change hasn't been logged
98
+ if ( $updated ) {
99
  $log = '[FIXED] Element: ' . ( $type != '' ? '<' . $type . '> ' : '' ) . $url . ' => ' . $updated;
100
+ $result = true;
101
+ } else if ( strpos($url, 'http://') === 0 ) {
102
+ if ( $this->getPlugin()->getSetting('remove_unsecure') ) {
103
+ $log = '[FIXED] Removed Unsecure Element: <' . $type . '> - ' . $url;
104
+ } else {
105
+ $log = '[WARNING] Unsecure Element: <' . $type . '> - ' . $url;
106
+ }
107
  }
108
  if ( isset($log) && ! in_array($log, $this->getPlugin()->getLogger()->getLog()) ) {
109
  $this->getPlugin()->getLogger()->log($log);
110
  }
111
+
112
+ return $result;
113
  }
114
 
115
  /**
145
  public function normalizeElements() {
146
  $httpMatches = array();
147
  $httpsMatches = array();
148
+ if ( $this->getPlugin()->getSetting('ssl_host_diff') && !is_admin() ) {
149
  $url = clone $this->getPlugin()->getHttpsUrl();
150
  $url->setScheme('http');
151
+ preg_match_all('/(' . str_replace('/', '\/', preg_quote($url->toString())) . '[^\'"]*)[\'"]?/im', $this->_html, $httpsMatches);
152
 
153
+ $url = clone $this->getPlugin()->getHttpUrl();
154
+ $url->setScheme('https');
155
+ preg_match_all('/(' . str_replace('/', '\/', preg_quote($url->toString())) . '[^\'"]*)[\'"]?/im', $this->_html, $httpMatches);
 
 
156
 
157
  $matches = array_merge($httpMatches, $httpsMatches);
158
  for ($i = 0; $i < sizeof($matches[0]); $i++) {
159
  if ( isset($matches[1][$i]) ) {
160
  $url_parts = parse_url($matches[1][$i]);
161
+ if ( $url_parts && strpos($url_parts['path'], 'wp-admin') === false && strpos($url_parts['path'], 'wp-login') === false ) {
162
  $this->_html = str_replace($url, $this->getPlugin()->makeUrlHttp($url), $this->_html);
163
  }
164
  }
174
  */
175
  public function fixElements() {
176
  if ( is_admin() ) {
177
+ preg_match_all('/\<(script|link|img)[^>]+[\'"]((http|https):\/\/[^\'"]+)[\'"][^>]*>(<\/(script|link|img|input|embed|param|iframe)>\s*)?/im', $this->_html, $matches);
178
  } else {
179
+ preg_match_all('/\<(script|link|img|input|embed|param|iframe)[^>]+[\'"]((http|https):\/\/[^\'"]+)[\'"][^>]*>(<\/(script|link|img|input|embed|param|iframe)>\s*)?/im', $this->_html, $matches);
180
  }
181
 
182
  for ($i = 0; $i < sizeof($matches[0]); $i++) {
186
  $scheme = $matches[3][$i];
187
  $updated = false;
188
 
189
+ if ( $type == 'img' || $type == 'script' || $type == 'embed' || $type == 'iframe' ||
190
  ( $type == 'link' && ( strpos($html, 'stylesheet') !== false || strpos($html, 'pingback') !== false ) ) ||
191
  ( $type == 'form' && strpos($html, 'wp-pass.php') !== false ) ||
192
  ( $type == 'form' && strpos($html, 'commentform') !== false ) ||
194
  ( $type == 'param' && strpos($html, 'movie') !== false )
195
  ) {
196
  if ( $this->getPlugin()->isSsl() && ( $this->getPlugin()->getSetting('ssl_host_diff') || ( !$this->getPlugin()->getSetting('ssl_host_diff') && strpos($url, 'http://') === 0 ) ) ) {
197
+ if ( !$this->secureElement($url, $type) && $this->getPlugin()->getSetting('remove_unsecure') ) {
198
+ $this->_html = str_replace($html, '', $this->_html);
199
+ }
200
  } else if ( !$this->getPlugin()->isSsl() && strpos($url, 'https://') === 0 ) {
201
  $this->unsecureElement($url, $type);
202
  }
243
  ( $type == 'input' && $attr == 'image' ) ||
244
  ( $type == 'input' && strpos($html, '_wp_http_referer') !== false )
245
  ) {
246
+ if ( strpos($url_path, '//') !== 0 ) {
247
+ $updated = clone $this->getPlugin()->getHttpsUrl();
248
+ $updated->setPath($url_path);
249
+ $this->_html = str_replace($html, str_replace($url_path, $updated, $html), $this->_html);
250
+ $this->getPlugin()->getLogger()->log('[FIXED] Element: <' . $type . '> - ' . $url_path . ' => ' . $updated);
251
+ }
252
  }
253
  }
254
  }
261
  * @return void
262
  */
263
  public function fixExtensions() {
264
+ @preg_match_all('/((http|https):\/\/[^\'"\)\s]+)[\'"\)]?/i', $this->_html, $matches);
265
+ for ($i = 0; $i < sizeof($matches[1]); $i++) {
266
+ $url = $matches[1][$i];
267
  $filename = basename($url);
268
+ $scheme = $matches[2][$i];
269
 
270
  foreach( $this->_extensions as $extension ) {
271
  if ( $extension == 'js' ) {
275
  } else if ( in_array($extension, array('jpg', 'jpeg', 'png', 'gif')) ) {
276
  $type = 'img';
277
  } else {
278
+ continue;
279
  }
280
 
281
  if ( strpos($filename, '.' . $extension) !== false ) {
306
  $scheme = $matches[3][$i];
307
  $updated = false;
308
 
309
+ if ( !$this->getPlugin()->isUrlLocal($url) ) {
310
+ continue;
311
+ }
312
+
313
  $force_ssl = apply_filters('force_ssl', null, 0, $url );
314
 
315
  if ( $force_ssl == true ) {
316
  $updated = $this->getPlugin()->makeUrlHttps($url);
317
  $this->_html = str_replace($html, str_replace($url, $updated, $html), $this->_html);
318
+ } else if ( !is_null($force_ssl) && !$force_ssl ) {
319
  $updated = $this->getPlugin()->makeUrlHttp($url);
320
  $this->_html = str_replace($html, str_replace($url, $updated, $html), $this->_html);
321
  }
lib/WordPressHTTPS/Module/{Admin/Post.php → Post.php} RENAMED
@@ -1,6 +1,6 @@
1
  <?php
2
  /**
3
- * Admin Post Module
4
  *
5
  * Adds settings to the edit post screen.
6
  *
@@ -9,7 +9,7 @@
9
  *
10
  */
11
 
12
- class WordPressHTTPS_Module_Admin_Post extends Mvied_Plugin_Module implements Mvied_Plugin_Module_Interface {
13
 
14
  /**
15
  * Initialize Module
1
  <?php
2
  /**
3
+ * Post Module
4
  *
5
  * Adds settings to the edit post screen.
6
  *
9
  *
10
  */
11
 
12
+ class WordPressHTTPS_Module_Post extends Mvied_Plugin_Module {
13
 
14
  /**
15
  * Initialize Module
lib/WordPressHTTPS/Module/{Admin/Settings.php → Settings.php} RENAMED
@@ -9,7 +9,7 @@
9
  *
10
  */
11
 
12
- class WordPressHTTPS_Module_Admin_Settings extends Mvied_Plugin_Module implements Mvied_Plugin_Module_Interface {
13
 
14
  /**
15
  * Initialize Module
@@ -19,16 +19,34 @@ class WordPressHTTPS_Module_Admin_Settings extends Mvied_Plugin_Module implement
19
  */
20
  public function init() {
21
  if ( is_admin() && isset($_GET['page']) && strpos($_GET['page'], $this->getPlugin()->getSlug()) !== false ) {
22
- if ( $_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['action']) && $_POST['action'] == 'save' ) {
23
  add_action('plugins_loaded', array(&$this, 'save'), 1);
24
  }
25
-
 
26
  add_action('admin_init', array(&$this, 'add_meta_boxes'));
27
 
28
  // Add scripts
29
- add_action('admin_enqueue_scripts', array(&$this, 'enqueue_scripts'));
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
30
  }
31
-
32
  }
33
 
34
  /**
@@ -44,26 +62,26 @@ class WordPressHTTPS_Module_Admin_Settings extends Mvied_Plugin_Module implement
44
  array($this->getPlugin()->getModule('Admin'), 'meta_box_render'),
45
  'toplevel_page_' . $this->getPlugin()->getSlug(),
46
  'main',
47
- 'core',
48
  array( 'metabox' => 'settings' )
49
  );
50
  add_meta_box(
51
- $this->getPlugin()->getSlug() . '_filters',
52
- __( 'URL Filters', $this->getPlugin()->getSlug() ),
53
  array($this->getPlugin()->getModule('Admin'), 'meta_box_render'),
54
  'toplevel_page_' . $this->getPlugin()->getSlug(),
55
- 'main',
56
- 'core',
57
- array( 'metabox' => 'filters' )
58
  );
59
  add_meta_box(
60
- $this->getPlugin()->getSlug() . '_updates',
61
- __( 'Developer Updates', $this->getPlugin()->getSlug() ),
62
  array($this->getPlugin()->getModule('Admin'), 'meta_box_render'),
63
  'toplevel_page_' . $this->getPlugin()->getSlug(),
64
  'side',
65
- 'core',
66
- array( 'metabox' => 'ajax', 'url' => 'http://wordpresshttps.com/client/updates.php' )
67
  );
68
  add_meta_box(
69
  $this->getPlugin()->getSlug() . '_rate',
@@ -83,22 +101,13 @@ class WordPressHTTPS_Module_Admin_Settings extends Mvied_Plugin_Module implement
83
  'core',
84
  array( 'metabox' => 'ajax', 'url' => 'http://wordpresshttps.com/client/donate.php' )
85
  );
86
- add_meta_box(
87
- $this->getPlugin()->getSlug() . '_support',
88
- __( 'Support', $this->getPlugin()->getSlug() ),
89
- array($this->getPlugin()->getModule('Admin'), 'meta_box_render'),
90
- 'toplevel_page_' . $this->getPlugin()->getSlug(),
91
- 'side',
92
- 'core',
93
- array( 'metabox' => 'ajax', 'url' => 'http://wordpresshttps.com/client/support.php' )
94
- );
95
  add_meta_box(
96
  $this->getPlugin()->getSlug() . '_donate2',
97
  __( 'Loading...', $this->getPlugin()->getSlug() ),
98
  array($this->getPlugin()->getModule('Admin'), 'meta_box_render'),
99
  'toplevel_page_' . $this->getPlugin()->getSlug(),
100
  'main',
101
- 'core',
102
  array( 'metabox' => 'ajax', 'url' => 'http://wordpresshttps.com/client/donate2.php' )
103
  );
104
  }
@@ -124,8 +133,8 @@ class WordPressHTTPS_Module_Admin_Settings extends Mvied_Plugin_Module implement
124
  * @param none
125
  * @return void
126
  */
127
- public function enqueue_scripts() {
128
- wp_enqueue_style($this->getPlugin()->getSlug() . '-admin-page', $this->getPlugin()->getPluginUrl() . '/admin/css/settings.css', $this->getPlugin()->getVersion(), true);
129
  wp_enqueue_script('jquery-form');
130
  wp_enqueue_script('post');
131
 
@@ -141,7 +150,7 @@ class WordPressHTTPS_Module_Admin_Settings extends Mvied_Plugin_Module implement
141
  * @return void
142
  */
143
  public function render() {
144
- require_once('admin/templates/settings.php');
145
  }
146
 
147
  /**
@@ -151,16 +160,15 @@ class WordPressHTTPS_Module_Admin_Settings extends Mvied_Plugin_Module implement
151
  * @return void
152
  */
153
  public function save() {
 
 
 
 
 
154
  $errors = array();
155
  $reload = false;
156
  $logout = false;
157
- if ( isset($_POST['settings-reset']) ) {
158
- foreach ($this->getPlugin()->getSettings() as $key => $default) {
159
- $this->getPlugin()->setSetting($key, $default);
160
- }
161
- $this->getPlugin()->install();
162
- $reload = true;
163
- } else if ( isset($_POST['settings-save']) ) {
164
  foreach ($this->getPlugin()->getSettings() as $key => $default) {
165
  if ( !array_key_exists($key, $_POST) && $default == 0 ) {
166
  $_POST[$key] = 0;
@@ -173,6 +181,7 @@ class WordPressHTTPS_Module_Admin_Settings extends Mvied_Plugin_Module implement
173
  if ( strpos($_POST[$key], 'http://') === false && strpos($_POST[$key], 'https://') === false ) {
174
  $_POST[$key] = 'https://' . $_POST[$key];
175
  }
 
176
  $ssl_host = WordPressHTTPS_Url::fromString($_POST[$key]);
177
 
178
  // Add Port
@@ -194,7 +203,7 @@ class WordPressHTTPS_Module_Admin_Settings extends Mvied_Plugin_Module implement
194
  if ( $this->getPlugin()->isSsl() ) {
195
  $logout = true;
196
  }
197
- $_POST[$key] = $ssl_host->setPort('');
198
  /*} else {
199
  $errors[] = '<strong>SSL Host</strong> - Invalid WordPress installation at ' . $ssl_host;
200
  $_POST[$key] = get_option($key);
@@ -211,9 +220,8 @@ class WordPressHTTPS_Module_Admin_Settings extends Mvied_Plugin_Module implement
211
  $reload = true;
212
  }
213
  } else if ( $key == 'ssl_admin' ) {
214
- if ( force_ssl_admin() || force_ssl_login() ) {
215
- $errors[] = '<strong>SSL Admin</strong> - FORCE_SSL_ADMIN and FORCE_SSL_LOGIN can not be set to true in your wp-config.php.';
216
- $_POST[$key] = 0;
217
  // If forcing SSL Admin and currently not SSL, logout user
218
  } else if ( $_POST[$key] == 1 && !$this->getPlugin()->isSsl() ) {
219
  $logout = true;
@@ -233,12 +241,11 @@ class WordPressHTTPS_Module_Admin_Settings extends Mvied_Plugin_Module implement
233
  $this->getPlugin()->setSetting($key, $_POST[$key]);
234
  }
235
  }
236
- } else if ( isset($_POST['filters-save']) ) {
237
- $filters = array_map('trim', explode("\n", $_POST['secure_filter']));
238
- $filters = array_filter($filters); // Removes blank array items
239
- $this->getPlugin()->setSetting('secure_filter', $filters);
240
- } else if ( isset($_POST['filters-reset']) ) {
241
- $this->getPlugin()->setSetting('secure_filter', array());
242
  $reload = true;
243
  }
244
 
@@ -246,23 +253,7 @@ class WordPressHTTPS_Module_Admin_Settings extends Mvied_Plugin_Module implement
246
  wp_logout();
247
  }
248
 
249
- if ( array_key_exists('ajax', $_POST) ) {
250
- error_reporting(0);
251
- while(@ob_end_clean());
252
- if ( sizeof( $errors ) > 0 ) {
253
- echo "<div class=\"error below-h2 fade wphttps-message\" id=\"message\">\n\t<ul>\n";
254
- foreach ( $errors as $error ) {
255
- echo "\t\t<li><p>".$error."</p></li>\n";
256
- }
257
- echo "\t</ul>\n</div>\n";
258
- } else {
259
- echo "<div class=\"updated below-h2 fade wphttps-message\" id=\"message\"><p>Settings saved.</p></div>\n";
260
- if ( $logout || $reload ) {
261
- echo "<script type=\"text/javascript\">window.location.reload();</script>";
262
- }
263
- }
264
- exit();
265
- }
266
  }
267
 
268
  }
9
  *
10
  */
11
 
12
+ class WordPressHTTPS_Module_Settings extends Mvied_Plugin_Module {
13
 
14
  /**
15
  * Initialize Module
19
  */
20
  public function init() {
21
  if ( is_admin() && isset($_GET['page']) && strpos($_GET['page'], $this->getPlugin()->getSlug()) !== false ) {
22
+ if ( $_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['action']) && $_POST['action'] == 'wphttps-settings' ) {
23
  add_action('plugins_loaded', array(&$this, 'save'), 1);
24
  }
25
+
26
+ // Add meta boxes
27
  add_action('admin_init', array(&$this, 'add_meta_boxes'));
28
 
29
  // Add scripts
30
+ add_action('admin_enqueue_scripts', array(&$this, 'admin_enqueue_scripts'));
31
+ }
32
+
33
+ // Add admin menus
34
+ add_action('admin_menu', array(&$this, 'admin_menu'));
35
+ }
36
+
37
+ /**
38
+ * Admin panel menu option
39
+ * WordPress Hook - admin_menu
40
+ *
41
+ * @param none
42
+ * @return void
43
+ */
44
+ public function admin_menu() {
45
+ if ( $this->getPlugin()->getSetting('admin_menu') === 'side' ) {
46
+ add_menu_page('HTTPS', 'HTTPS', 'manage_options', $this->getPlugin()->getSlug(), array($this->getPlugin()->getModule('Settings'), 'dispatch'), '', 88);
47
+ } else {
48
+ add_options_page('HTTPS', 'HTTPS', 'manage_options', $this->getPlugin()->getSlug(), array($this->getPlugin()->getModule('Settings'), 'dispatch'));
49
  }
 
50
  }
51
 
52
  /**
62
  array($this->getPlugin()->getModule('Admin'), 'meta_box_render'),
63
  'toplevel_page_' . $this->getPlugin()->getSlug(),
64
  'main',
65
+ 'high',
66
  array( 'metabox' => 'settings' )
67
  );
68
  add_meta_box(
69
+ $this->getPlugin()->getSlug() . '_updates',
70
+ __( 'Developer Updates', $this->getPlugin()->getSlug() ),
71
  array($this->getPlugin()->getModule('Admin'), 'meta_box_render'),
72
  'toplevel_page_' . $this->getPlugin()->getSlug(),
73
+ 'side',
74
+ 'high',
75
+ array( 'metabox' => 'ajax', 'url' => 'http://wordpresshttps.com/client/updates.php' )
76
  );
77
  add_meta_box(
78
+ $this->getPlugin()->getSlug() . '_support',
79
+ __( 'Support', $this->getPlugin()->getSlug() ),
80
  array($this->getPlugin()->getModule('Admin'), 'meta_box_render'),
81
  'toplevel_page_' . $this->getPlugin()->getSlug(),
82
  'side',
83
+ 'high',
84
+ array( 'metabox' => 'ajax', 'url' => 'http://wordpresshttps.com/client/support.php' )
85
  );
86
  add_meta_box(
87
  $this->getPlugin()->getSlug() . '_rate',
101
  'core',
102
  array( 'metabox' => 'ajax', 'url' => 'http://wordpresshttps.com/client/donate.php' )
103
  );
 
 
 
 
 
 
 
 
 
104
  add_meta_box(
105
  $this->getPlugin()->getSlug() . '_donate2',
106
  __( 'Loading...', $this->getPlugin()->getSlug() ),
107
  array($this->getPlugin()->getModule('Admin'), 'meta_box_render'),
108
  'toplevel_page_' . $this->getPlugin()->getSlug(),
109
  'main',
110
+ 'low',
111
  array( 'metabox' => 'ajax', 'url' => 'http://wordpresshttps.com/client/donate2.php' )
112
  );
113
  }
133
  * @param none
134
  * @return void
135
  */
136
+ public function admin_enqueue_scripts() {
137
+ wp_enqueue_style($this->getPlugin()->getSlug() . '-admin-page', $this->getPlugin()->getPluginUrl() . '/admin/css/settings.css', array(), $this->getPlugin()->getVersion());
138
  wp_enqueue_script('jquery-form');
139
  wp_enqueue_script('post');
140
 
150
  * @return void
151
  */
152
  public function render() {
153
+ require_once($this->getPlugin()->getDirectory() . '/admin/templates/settings.php');
154
  }
155
 
156
  /**
160
  * @return void
161
  */
162
  public function save() {
163
+ if ( !wp_verify_nonce($_POST['_wpnonce'], $this->getPlugin()->getSlug() . '-options') ) {
164
+ return false;
165
+ }
166
+
167
+ $message = "Settings saved.";
168
  $errors = array();
169
  $reload = false;
170
  $logout = false;
171
+ if ( isset($_POST['settings-save']) ) {
 
 
 
 
 
 
172
  foreach ($this->getPlugin()->getSettings() as $key => $default) {
173
  if ( !array_key_exists($key, $_POST) && $default == 0 ) {
174
  $_POST[$key] = 0;
181
  if ( strpos($_POST[$key], 'http://') === false && strpos($_POST[$key], 'https://') === false ) {
182
  $_POST[$key] = 'https://' . $_POST[$key];
183
  }
184
+
185
  $ssl_host = WordPressHTTPS_Url::fromString($_POST[$key]);
186
 
187
  // Add Port
203
  if ( $this->getPlugin()->isSsl() ) {
204
  $logout = true;
205
  }
206
+ $_POST[$key] = $ssl_host->setPort('')->toString();
207
  /*} else {
208
  $errors[] = '<strong>SSL Host</strong> - Invalid WordPress installation at ' . $ssl_host;
209
  $_POST[$key] = get_option($key);
220
  $reload = true;
221
  }
222
  } else if ( $key == 'ssl_admin' ) {
223
+ if ( force_ssl_admin() && $this->getPlugin()->getSetting('ssl_host_diff') ) {
224
+ $errors[] = '<strong>SSL Admin</strong> - FORCE_SSL_ADMIN should not be set to true in your wp-config.php while using a non-default SSL Host.';
 
225
  // If forcing SSL Admin and currently not SSL, logout user
226
  } else if ( $_POST[$key] == 1 && !$this->getPlugin()->isSsl() ) {
227
  $logout = true;
241
  $this->getPlugin()->setSetting($key, $_POST[$key]);
242
  }
243
  }
244
+ } else if ( isset($_POST['settings-reset']) ) {
245
+ foreach ($this->getPlugin()->getSettings() as $key => $default) {
246
+ $this->getPlugin()->setSetting($key, $default);
247
+ }
248
+ $this->getPlugin()->install();
 
249
  $reload = true;
250
  }
251
 
253
  wp_logout();
254
  }
255
 
256
+ require_once($this->getPlugin()->getDirectory() . '/admin/templates/ajax_message.php');
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
257
  }
258
 
259
  }
lib/WordPressHTTPS/Module/UrlFilters.php ADDED
@@ -0,0 +1,103 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ /**
3
+ * Admin Url Filters Module
4
+ *
5
+ * Adds the settings page.
6
+ *
7
+ * @author Mike Ems
8
+ * @package WordPressHTTPS
9
+ *
10
+ */
11
+
12
+ class WordPressHTTPS_Module_UrlFilters extends Mvied_Plugin_Module {
13
+
14
+ /**
15
+ * Initialize Module
16
+ *
17
+ * @param none
18
+ * @return void
19
+ */
20
+ public function init() {
21
+ if ( is_admin() && isset($_GET['page']) && strpos($_GET['page'], $this->getPlugin()->getSlug()) !== false ) {
22
+ if ( $_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['action']) && $_POST['action'] == 'wphttps-filters' ) {
23
+ add_action('plugins_loaded', array(&$this, 'save'), 1);
24
+ }
25
+
26
+ // Add meta boxes
27
+ add_action('admin_init', array(&$this, 'add_meta_boxes'));
28
+ }
29
+
30
+ add_filter('force_ssl', array(&$this, 'secure_filter_url'), 10, 3);
31
+ }
32
+
33
+ /**
34
+ * Secure Filter URL
35
+ * WordPress HTTPS Filter - force_ssl
36
+ *
37
+ * @param boolean $force_ssl
38
+ * @param int $post_id
39
+ * @param string $url
40
+ * @return boolean $force_ssl
41
+ */
42
+ public function secure_filter_url( $force_ssl, $post_id = 0, $url = '' ) {
43
+ // Check secure filters
44
+ if ( is_null($force_ssl) && sizeof((array)$this->getPlugin()->getSetting('secure_filter')) > 0 ) {
45
+ foreach( $this->getPlugin()->getSetting('secure_filter') as $filter ) {
46
+ if ( preg_match('/' . str_replace('/', '\/', $filter) . '/', $url) === 1 ) {
47
+ $force_ssl = true;
48
+ }
49
+ }
50
+ }
51
+ return $force_ssl;
52
+ }
53
+
54
+ /**
55
+ * Add meta boxes to WordPress HTTPS Settings page.
56
+ *
57
+ * @param none
58
+ * @return void
59
+ */
60
+ public function add_meta_boxes() {
61
+ add_meta_box(
62
+ $this->getPlugin()->getSlug() . '_filters',
63
+ __( 'URL Filters', $this->getPlugin()->getSlug() ),
64
+ array($this->getPlugin()->getModule('Admin'), 'meta_box_render'),
65
+ 'toplevel_page_' . $this->getPlugin()->getSlug(),
66
+ 'main',
67
+ 'default',
68
+ array( 'metabox' => 'filters' )
69
+ );
70
+ }
71
+
72
+ /**
73
+ * Save Url Filters
74
+ *
75
+ * @param array $settings
76
+ * @return void
77
+ */
78
+ public function save() {
79
+ if ( !wp_verify_nonce($_POST['_wpnonce'], $this->getPlugin()->getSlug() . '-options') ) {
80
+ return false;
81
+ }
82
+
83
+ $message = "URL Filters saved.";
84
+ $errors = array();
85
+ $reload = false;
86
+ $logout = false;
87
+ if ( isset($_POST['filters-save']) ) {
88
+ $filters = array_map('trim', explode("\n", $_POST['secure_filter']));
89
+ $filters = array_filter($filters); // Removes blank array items
90
+ $this->getPlugin()->setSetting('secure_filter', $filters);
91
+ } else if ( isset($_POST['filters-reset']) ) {
92
+ $this->getPlugin()->setSetting('secure_filter', array());
93
+ $reload = true;
94
+ }
95
+
96
+ if ( $logout ) {
97
+ wp_logout();
98
+ }
99
+
100
+ require_once($this->getPlugin()->getDirectory() . '/admin/templates/ajax_message.php');
101
+ }
102
+
103
+ }
lib/WordPressHTTPS/Url.php CHANGED
@@ -376,7 +376,7 @@ class WordPressHTTPS_Url {
376
  if ( function_exists('curl_init') ) {
377
  $ch = curl_init();
378
 
379
- curl_setopt($ch, CURLOPT_URL, rtrim($this->toString(), '\'"'));
380
  curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER["HTTP_USER_AGENT"]);
381
  curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, $verify_ssl);
382
  curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
@@ -413,7 +413,7 @@ class WordPressHTTPS_Url {
413
  if ( function_exists('curl_init') ) {
414
  $ch = curl_init();
415
 
416
- curl_setopt($ch, CURLOPT_URL, rtrim($this->toString(), '\'"'));
417
  curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER["HTTP_USER_AGENT"]);
418
  curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, $verify_ssl);
419
  curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
@@ -479,7 +479,7 @@ class WordPressHTTPS_Url {
479
  public static function fromString( $string ) {
480
  $url = new WordPressHTTPS_Url;
481
 
482
- @preg_match_all('/((http|https):\/\/[^\'"]+[\'"]?)/i', $string, $url_parts);
483
  if ( isset($url_parts[1][0]) ) {
484
  if ( $url_parts = parse_url( $url_parts[1][0] ) ) {
485
  foreach( $url_parts as $key => $value ) {
376
  if ( function_exists('curl_init') ) {
377
  $ch = curl_init();
378
 
379
+ curl_setopt($ch, CURLOPT_URL, $this->toString());
380
  curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER["HTTP_USER_AGENT"]);
381
  curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, $verify_ssl);
382
  curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
413
  if ( function_exists('curl_init') ) {
414
  $ch = curl_init();
415
 
416
+ curl_setopt($ch, CURLOPT_URL, $this->toString());
417
  curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER["HTTP_USER_AGENT"]);
418
  curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, $verify_ssl);
419
  curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
479
  public static function fromString( $string ) {
480
  $url = new WordPressHTTPS_Url;
481
 
482
+ @preg_match_all('/((http|https):\/\/[^\'"]+)[\'"\)]?/i', $string, $url_parts);
483
  if ( isset($url_parts[1][0]) ) {
484
  if ( $url_parts = parse_url( $url_parts[1][0] ) ) {
485
  foreach( $url_parts as $key => $value ) {
readme.txt CHANGED
@@ -4,7 +4,8 @@ Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_i
4
  Tags: security, encryption, ssl, shared ssl, private ssl, public ssl, private ssl, http, https
5
  Requires at least: 3.0
6
  Tested up to: 3.4
7
- Stable tag: 3.1.2
 
8
 
9
  WordPress HTTPS is intended to be an all-in-one solution to using SSL on WordPress sites.
10
 
@@ -16,19 +17,6 @@ If you're having partially encrypted/mixed content errors or other problems, ple
16
  1. Activate the plugin through the 'Plugins' menu in WordPress.
17
 
18
  == Frequently Asked Questions ==
19
- = I can't get into my admin panel after updating. How do I fix it? =
20
- Go to /wp-content/plugins/wordpress-https/wordpress-https.php and uncomment (remove the two forward slashes before) the line below, or go to your wp-config.php file and add this line. Hit any page on your site, and then remove it or comment it out again.
21
- `define('WPHTTPS_RESET', true);`
22
-
23
- = How do I make my whole website secure? =
24
- To make your entire website secure, you simply need to change your site url to use HTTPS instead of HTTP. Please read <a href="http://codex.wordpress.org/Changing_The_Site_URL" target="_blank">how to change the site url</a>.
25
-
26
- = How do I make only certain pages secure? =
27
- The plugin adds a meta box to the add/edit post screen entitled HTTPS. In that meta box, a checkbox for 'Secure Post' has been added to make this process easy. See Screenshots if you're having a hard time finding it.
28
-
29
- = I'm getting 404 errors on all of my pages. Why? =
30
- If you're using a public/shared SSL, try disabling your custom permalink structure. Some public/shared SSL's have issues with WordPress' permalinks because of the way they are configured. If you continue to recieve 404 errors, there is no way to use WordPress with that particular public/shared SSL with WordPress.
31
-
32
  = How do I fix partially encrypted/mixed content errors? =
33
  To identify what is causing your page(s) to be insecure, please follow the instructions below.
34
  <ol>
@@ -39,19 +27,38 @@ To identify what is causing your page(s) to be insecure, please follow the instr
39
  </ol>
40
  For each item that is making your page partially encrypted, you should see an entry in the console similar to "The page at https://www.example.com/ displayed insecure content from http://www.example.com/." Note that the URL that is loading insecure content is HTTP and not HTTPS.
41
 
42
- Most insecure content warnings can generally be resolved by changing absolute references to elements, or removing the insecure elements from the page completely. Although WordPress HTTPS does its best to fix all insecure content, there are a few cases that are impossible to fix.
43
  <ul>
44
- <li>Elements loaded via JavaScript that are hard-coded to HTTP. Usually this can be fixed by altering the JavaScript calling these elements.</li>
45
- <li>External elements that can not be delivered over HTTPS. These elements will have to be removed from the page, or hosted locally so that they can be loaded over HTTPS.</li>
46
- <li>YouTube videos - YouTube allows videos to use HTTPS. <a href="http://support.google.com/youtube/bin/answer.py?hl=en&answer=171780&expand=UseHTTPS">How to embed a YouTube video</a>.</li>
47
- <li>Google Maps - Using Google Maps API V3, you can use HTTPS. Using V2, HTTPS requires a Google Maps API Premiere account. (<a href="http://code.google.com/apis/maps/faq.html#ssl" target="_blank">source</a>)</li>
48
  </ul>
49
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
50
  = Is there a hook or filter to force pages to be secure? =
51
  Yes! Here is an example of how to use the 'force_ssl' filter to force a page to be secure.
52
  `function custom_force_ssl( $force_ssl, $post_id = 0, $url = '' ) {
53
  if ( $post_id == 5 ) {
54
- return true
55
  }
56
  return $force_ssl;
57
  }
@@ -72,10 +79,17 @@ add_filter('force_ssl', 'store_force_ssl', 10, 3);`
72
  1. WordPress HTTPS Settings screen
73
  2. Force SSL checkbox added to add/edit posts screen
74
 
75
- == To Do ==
76
- * SSL Domain Mapping
77
-
78
  == Changelog ==
 
 
 
 
 
 
 
 
 
 
79
  = 3.1.2 =
80
  * Bug Fix - Redirects should no longer remove URL parameters.
81
  * Bug Fix - Removed loginout filter that was changing links to plain text.
@@ -233,17 +247,5 @@ add_filter('force_ssl', 'store_force_ssl', 10, 3);`
233
  * Initial Release.
234
 
235
  == Upgrade Notice ==
236
- = 1.7 =
237
- 1.6.5 created a bug in which external elements were no longer forced to HTTPS. Please update to fix this.
238
- = 1.6.1 =
239
- Version 1.6.1 fixes a bug with using a static page for the posts page.
240
- = 1.0.1 =
241
- Version 1.0.1 fixes a bug in 1.0 that made it to release. Apologies!
242
- = 1.0 =
243
- Version 1.0 gives you the ability to disable WordPress 3.0+ from changing all of your page, category and post links to HTTPS.
244
- = 0.5.1 =
245
- Fixes `PHP Warning: Invalid argument supplied for foreach()` error.
246
- = 0.3 =
247
- Version 0.3 gives you the option to change external elements to HTTPS if the external server allows the elements to be accessed via HTTPS.
248
- = 0.2 =
249
- Version 0.1 did not correctly detect HTTPS on IIS and possibly other servers. Please update to version 0.2 to fix this issue.
4
  Tags: security, encryption, ssl, shared ssl, private ssl, public ssl, private ssl, http, https
5
  Requires at least: 3.0
6
  Tested up to: 3.4
7
+ Stable tag: 3.2
8
+ License: GPLv3
9
 
10
  WordPress HTTPS is intended to be an all-in-one solution to using SSL on WordPress sites.
11
 
17
  1. Activate the plugin through the 'Plugins' menu in WordPress.
18
 
19
  == Frequently Asked Questions ==
 
 
 
 
 
 
 
 
 
 
 
 
 
20
  = How do I fix partially encrypted/mixed content errors? =
21
  To identify what is causing your page(s) to be insecure, please follow the instructions below.
22
  <ol>
27
  </ol>
28
  For each item that is making your page partially encrypted, you should see an entry in the console similar to "The page at https://www.example.com/ displayed insecure content from http://www.example.com/." Note that the URL that is loading insecure content is HTTP and not HTTPS.
29
 
30
+ Once you have identified the insecure elements, you need to figure out what theme or plugin is causing these elements to be loaded. Although WordPress HTTPS does its best to fix all insecure content, there are a few cases that are impossible to fix. Here are some typical examples.
31
  <ul>
32
+ <li>The element is external (not hosted on your server) and is not available over HTTPS. These elements will have to be removed from the page by disabling or modifying the theme or plugin that is adding the element.</li>
33
+ <li>The element is internal (hosted on your server) but does not get changed to HTTPS. This is often due to a background image in CSS or an image or file path in JavaScript being hard-coded to HTTP inside of a CSS file. The plugin can not fix these. The image paths must be changed to relative links. For example `http://www.example.com/wp-content/themes/mytheme/images/background.jpg` to simply `/wp-content/themes/mytheme/images/background.jpg`. Ensure you copy the entire path, including the prepended slash (very important).</li>
 
 
34
  </ul>
35
 
36
+ = I can't get into my admin panel. How do I fix it? =
37
+ Go to /wp-content/plugins/wordpress-https/wordpress-https.php and uncomment (remove the two forward slashes before) the line below, or go to your wp-config.php file and add this line. Hit any page on your site, and then remove it or comment it out again.
38
+ `define('WPHTTPS_RESET', true);`
39
+
40
+ = How do I make my whole website secure? =
41
+ To make your entire website secure, you simply need to change your site url to use HTTPS instead of HTTP. Please read <a href="http://codex.wordpress.org/Changing_The_Site_URL" target="_blank">how to change the site url</a>.
42
+ Alternatively, you can use URL Filters in the WordPress HTTPS Settings to secure your entire site by putting just '/' as a filter. This will cause any URL with a forward slash to be secure (all of them).
43
+
44
+ = How do I make only certain pages secure? =
45
+ The plugin adds a meta box to the add/edit post screen entitled HTTPS. In that meta box, a checkbox for 'Secure Post' has been added to make this process easy. See Screenshots if you're having a hard time finding it.
46
+ Alternatively, you can use URL Filters to secure post and pages by their permalink.
47
+
48
+ = I'm using Force SSL Administration and all of the links to the front-end of my site are HTTPS. Why? =
49
+ For many users this behavior is desirable. If you would like links the the front-end of your site to be HTTP, enable Force SSL Exclusively and do not secure your front-end pages.
50
+
51
+ = I'm getting 404 errors on all of my pages. Why? =
52
+ If you're using a public/shared SSL, try disabling your custom permalink structure. Some public/shared SSL's have issues with WordPress' permalinks because of the way they are configured. If you continue to recieve 404 errors, there may be no way to use WordPress with that particular public/shared SSL.
53
+
54
+ = I'm receiving a blank page with no error. What gives? =
55
+ This is most commonly due to PHP's memory limit being too low. Check your Apache error logs just to be sure. Talk to your hosting provider about increading PHP's memory limit.
56
+
57
  = Is there a hook or filter to force pages to be secure? =
58
  Yes! Here is an example of how to use the 'force_ssl' filter to force a page to be secure.
59
  `function custom_force_ssl( $force_ssl, $post_id = 0, $url = '' ) {
60
  if ( $post_id == 5 ) {
61
+ $force_ssl = true;
62
  }
63
  return $force_ssl;
64
  }
79
  1. WordPress HTTPS Settings screen
80
  2. Force SSL checkbox added to add/edit posts screen
81
 
 
 
 
82
  == Changelog ==
83
+ = 3.2 =
84
+ * Added domain mapping. Domain mapping allows you to map external domains that host their HTTPS content on a different domain.
85
+ * Added Remove Unsecure Elements option. If possible, this option removes external elements from the page that can not be loaded over HTTPS, preventing insecure content errors without modifying any code.
86
+ * ClouldFlare support.
87
+ * Substantial memory optimization.
88
+ * Removed Secure Front Page option. This can now be achieved through URL Filters.
89
+ * Bug Fix - Visiting the admin panel over HTTP when using Shared SSL should no longer log the user out, but will now redirect accordingly.
90
+ * Bug Fix - Random 404 errors should be gone.
91
+ * Bug Fix - Fixed bug where a bad setting for ssl_host would cause the code to fail.
92
+ * Bug Fix - CSS backgrounds that do not have quotes should no longer break debug output.
93
  = 3.1.2 =
94
  * Bug Fix - Redirects should no longer remove URL parameters.
95
  * Bug Fix - Removed loginout filter that was changing links to plain text.
247
  * Initial Release.
248
 
249
  == Upgrade Notice ==
250
+ = 3.2 =
251
+ You may lose your SSL Host setting upon upgrading if it is not default (matching your Site URL).
 
 
 
 
 
 
 
 
 
 
 
 
screenshot-1.png CHANGED
Binary file
uninstall.php CHANGED
@@ -6,22 +6,42 @@ if ( !defined('WP_UNINSTALL_PLUGIN') ) {
6
  die();
7
  }
8
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
9
  // Delete WordPress HTTPS options
10
- delete_option('wordpress-https_external_urls');
11
- delete_option('wordpress-https_secure_external_urls');
12
- delete_option('wordpress-https_unsecure_external_urls');
13
- delete_option('wordpress-https_ssl_host');
14
- delete_option('wordpress-https_ssl_host_diff');
15
- delete_option('wordpress-https_ssl_port');
16
- delete_option('wordpress-https_exclusive_https');
17
- delete_option('wordpress-https_frontpage');
18
- delete_option('wordpress-https_ssl_admin');
19
- delete_option('wordpress-https_ssl_proxy');
20
- delete_option('wordpress-https_ssl_host_subdomain');
21
- delete_option('wordpress-https_version');
22
- delete_option('wordpress-https_debug');
23
- delete_option('wordpress-https_admin_menu');
24
- delete_option('wordpress-https_secure_filter');
25
 
26
  // Delete force_ssl custom_field from posts and pages
27
  delete_metadata('post', null, 'force_ssl', null, true);
6
  die();
7
  }
8
 
9
+ $options = array(
10
+ 'wordpress-https_external_urls',
11
+ 'wordpress-https_secure_external_urls',
12
+ 'wordpress-https_unsecure_external_urls',
13
+ 'wordpress-https_ssl_host',
14
+ 'wordpress-https_ssl_host_diff',
15
+ 'wordpress-https_ssl_port',
16
+ 'wordpress-https_exclusive_https',
17
+ 'wordpress-https_frontpage',
18
+ 'wordpress-https_ssl_login',
19
+ 'wordpress-https_ssl_admin',
20
+ 'wordpress-https_ssl_proxy',
21
+ 'wordpress-https_ssl_host_subdomain',
22
+ 'wordpress-https_version',
23
+ 'wordpress-https_debug',
24
+ 'wordpress-https_admin_menu',
25
+ 'wordpress-https_secure_filter',
26
+ 'wordpress-https_ssl_host_mapping'
27
+ );
28
+
29
+ if ( is_multisite() && is_network_admin() ) {
30
+ $blogs = $wpdb->get_col($wpdb->prepare("SELECT blog_id FROM " . $wpdb->blogs));
31
+ } else {
32
+ $blogs = array($wpdb->blogid);
33
+ }
34
+
35
  // Delete WordPress HTTPS options
36
+ foreach ( $blogs as $blog_id ) {
37
+ foreach( $options as $option ) {
38
+ if ( is_multisite() ) {
39
+ delete_blog_option($blog_id, $option);
40
+ } else {
41
+ delete_option($option);
42
+ }
43
+ }
44
+ }
 
 
 
 
 
 
45
 
46
  // Delete force_ssl custom_field from posts and pages
47
  delete_metadata('post', null, 'force_ssl', null, true);
wordpress-https.php CHANGED
@@ -4,7 +4,7 @@
4
  Plugin URI: http://mvied.com/projects/wordpress-https/
5
  Description: WordPress HTTPS is intended to be an all-in-one solution to using SSL on WordPress sites.
6
  Author: Mike Ems
7
- Version: 3.1.2
8
  Author URI: http://mvied.com/
9
  */
10
 
@@ -25,16 +25,9 @@
25
  along with this program. If not, see <http://www.gnu.org/licenses/>.
26
  */
27
 
28
- $include_paths = array(
29
- get_include_path(),
30
- dirname(__FILE__),
31
- dirname(__FILE__) . '/lib'
32
- );
33
- set_include_path(implode(PATH_SEPARATOR, $include_paths));
34
-
35
  function wphttps_autoloader($class) {
36
- $filename = str_replace('_', '/', $class) . '.php';
37
- @include $filename;
38
  }
39
  spl_autoload_register('wphttps_autoloader');
40
 
@@ -48,13 +41,12 @@ spl_autoload_register('wphttps_autoloader');
48
  if ( function_exists('get_bloginfo') && ! defined('WP_UNINSTALL_PLUGIN') ) {
49
  $wordpress_https = new WordPressHTTPS;
50
  $wordpress_https->setSlug('wordpress-https');
51
- $wordpress_https->setVersion('3.1.2');
52
  $wordpress_https->setLogger(WordPressHTTPS_Logger::getInstance());
53
- $wordpress_https->setPluginUrl(plugins_url('', __FILE__));
54
  $wordpress_https->setDirectory(dirname(__FILE__));
55
  $wordpress_https->setModuleDirectory(dirname(__FILE__) . '/lib/WordPressHTTPS/Module/');
56
 
57
- //Load Modules
58
  $wordpress_https->loadModules();
59
 
60
  // If WPHTTPS_RESET global is defined, reset settings
@@ -66,6 +58,7 @@ if ( function_exists('get_bloginfo') && ! defined('WP_UNINSTALL_PLUGIN') ) {
66
 
67
  // Initialize Plugin
68
  $wordpress_https->init();
 
69
 
70
  // Register activation hook. Must be called outside of a class.
71
  register_activation_hook(__FILE__, array($wordpress_https, 'install'));
4
  Plugin URI: http://mvied.com/projects/wordpress-https/
5
  Description: WordPress HTTPS is intended to be an all-in-one solution to using SSL on WordPress sites.
6
  Author: Mike Ems
7
+ Version: 3.2
8
  Author URI: http://mvied.com/
9
  */
10
 
25
  along with this program. If not, see <http://www.gnu.org/licenses/>.
26
  */
27
 
 
 
 
 
 
 
 
28
  function wphttps_autoloader($class) {
29
+ $filename = str_replace('_', DIRECTORY_SEPARATOR, $class) . '.php';
30
+ @include dirname(__FILE__) . DIRECTORY_SEPARATOR . 'lib' . DIRECTORY_SEPARATOR . $filename;
31
  }
32
  spl_autoload_register('wphttps_autoloader');
33
 
41
  if ( function_exists('get_bloginfo') && ! defined('WP_UNINSTALL_PLUGIN') ) {
42
  $wordpress_https = new WordPressHTTPS;
43
  $wordpress_https->setSlug('wordpress-https');
44
+ $wordpress_https->setVersion('3.2');
45
  $wordpress_https->setLogger(WordPressHTTPS_Logger::getInstance());
 
46
  $wordpress_https->setDirectory(dirname(__FILE__));
47
  $wordpress_https->setModuleDirectory(dirname(__FILE__) . '/lib/WordPressHTTPS/Module/');
48
 
49
+ // Load Modules
50
  $wordpress_https->loadModules();
51
 
52
  // If WPHTTPS_RESET global is defined, reset settings
58
 
59
  // Initialize Plugin
60
  $wordpress_https->init();
61
+ $wordpress_https->setPluginUrl(plugins_url('', __FILE__));
62
 
63
  // Register activation hook. Must be called outside of a class.
64
  register_activation_hook(__FILE__, array($wordpress_https, 'install'));