Permalink
Browse files

Removed secure front page option. Added Force SSL Login.

  • Loading branch information...
1 parent 047ca04 commit 4bc9a120573fcb6ba9bb7fa36898a04cfb200585 @mvied committed Jul 23, 2012
@@ -24,14 +24,38 @@
</fieldset>
</td>
</tr>
+ <tr valign="top" id="ssl_login_row">
+ <th scope="row">Force SSL Login</th>
+ <td>
+ <fieldset>
+ <label for="ssl_login">
+ <input type="hidden" name="ssl_login" value="0" />
+ <input name="ssl_login" type="checkbox" id="ssl_login" value="1"<?php echo ((force_ssl_login()) ? ' checked="checked" disabled="disabled" title="FORCE_SSL_LOGIN is true in wp-config.php"' : (($this->getPlugin()->getSetting('ssl_login')) ? ' checked="checked"' : '') ); ?> />
+ <p class="description">Always use HTTPS when logging in.</p>
+ </label>
+ </fieldset>
+ </td>
+ </tr>
+ <tr valign="top" id="ssl_admin_row">
+ <th scope="row">Force SSL Administration</th>
+ <td>
+ <fieldset>
+ <label for="ssl_admin">
+ <input type="hidden" name="ssl_admin" value="0" />
+ <input name="ssl_admin" type="checkbox" id="ssl_admin" value="1"<?php echo ((force_ssl_admin()) ? ' disabled="disabled" title="FORCE_SSL_ADMIN is true in wp-config.php"' : (($this->getPlugin()->getSetting('ssl_admin')) ? ' checked="checked"' : '') ); ?> />
+ <p class="description">Always use HTTPS while in the admin panel.</p>
+ </label>
+ </fieldset>
+ </td>
+ </tr>
<tr valign="top" id="exclusive_https_row">
<th scope="row">Force SSL Exclusively</th>
<td>
<fieldset>
<label for="exclusive_https">
<input type="hidden" name="exclusive_https" value="0" />
<input name="exclusive_https" type="checkbox" id="exclusive_https" value="1"<?php echo (($this->getPlugin()->getSetting('exclusive_https')) ? ' checked="checked"' : ''); ?> />
- Any page that is not secured via <a href="<?php echo parse_url($this->getPlugin()->getPluginUrl(), PHP_URL_PATH); ?>/screenshot-2.png" class="thickbox">Force SSL</a> or URL Filters will be redirected to HTTP.
+ <p class="description">Any page that is not secured via <a href="<?php echo parse_url($this->getPlugin()->getPluginUrl(), PHP_URL_PATH); ?>/screenshot-2.png" class="thickbox">Force SSL</a> or URL Filters will be redirected to HTTP.</p>
</label>
</fieldset>
</td>
@@ -43,29 +67,19 @@
<label for="remove_unsecure">
<input type="hidden" name="remove_unsecure" value="0" />
<input name="remove_unsecure" type="checkbox" id="remove_unsecure" value="1"<?php echo (($this->getPlugin()->getSetting('remove_unsecure')) ? ' checked="checked"' : ''); ?> />
- If possible, remove external elements that can not be loaded over HTTPS. This may prevent other plugins' features from working. This can not always catch everything. Read the <a href="http://wordpress.org/extend/plugins/wordpress-https/faq/" target="_blank">FAQ</a>.
- </label>
- </fieldset>
- </td>
- </tr>
- <tr valign="top" id="ssl_admin_row">
- <th scope="row">Force SSL Administration</th>
- <td>
- <fieldset>
- <label for="ssl_admin">
- <input type="hidden" name="ssl_admin" value="0" />
- <input name="ssl_admin" type="checkbox" id="ssl_admin" value="1"<?php echo (($this->getPlugin()->getSetting('ssl_admin')) ? ' checked="checked"' : ''); ?><?php echo ((force_ssl_admin()) ? ' disabled="disabled" title="FORCE_SSL_ADMIN is true in wp-config.php"' : ''); ?> />
+ <p class="description">Remove elements inaccessible over HTTPS. May break other plugins' functionality.</p>
</label>
</fieldset>
</td>
</tr>
- <tr valign="top" id="frontpage_row">
- <th scope="row">Secure Front Page</th>
+ <tr valign="top" id="debug_row">
+ <th scope="row">Debug Mode</th>
<td>
<fieldset>
- <label for="frontpage">
- <input type="hidden" name="frontpage" value="0" />
- <input name="frontpage" type="checkbox" id="frontpage" value="1"<?php echo (($this->getPlugin()->getSetting('frontpage')) ? ' checked="checked"' : ''); ?> />
+ <label for="debug">
+ <input type="hidden" name="debug" value="0" />
+ <input name="debug" type="checkbox" id="debug" value="1"<?php echo (($this->getPlugin()->getSetting('debug')) ? ' checked="checked"' : ''); ?> />
+ <p class="description">Outputs debug information to the browser's console.</p>
</label>
</fieldset>
</td>
@@ -82,18 +96,6 @@
</fieldset>
</td>
</tr>
- <tr valign="top" id="debug_row">
- <th scope="row">Debug Mode</th>
- <td>
- <fieldset>
- <label for="debug">
- <input type="hidden" name="debug" value="0" />
- <input name="debug" type="checkbox" id="debug" value="1"<?php echo (($this->getPlugin()->getSetting('debug')) ? ' checked="checked"' : ''); ?> />
- Outputs debug information to the browser's console.
- </label>
- </fieldset>
- </td>
- </tr>
<tr valign="top" id="admin_menu_row">
<th scope="row">Admin Menu Location</th>
<td>
View
@@ -39,7 +39,6 @@ class WordPressHTTPS extends Mvied_Plugin {
'ssl_host_subdomain' => 0, // Is SSL Host a subdomain of WordPress host
'exclusive_https' => 0, // Redirect pages that are not secured to HTTP
'remove_unsecure' => 0, // Remove unsecure elements from HTML
- 'frontpage' => 0, // Force SSL on front page
'ssl_admin' => 0, // Force SSL Over Administration Panel (The same as FORCE_SSL_ADMIN)
'ssl_proxy' => 0, // Proxy detection
'debug' => 0, // Debug Mode
@@ -225,8 +225,8 @@ public function save() {
$reload = true;
}
} else if ( $key == 'ssl_admin' ) {
- if ( force_ssl_admin() || force_ssl_login() ) {
- $errors[] = '<strong>SSL Admin</strong> - FORCE_SSL_ADMIN and FORCE_SSL_LOGIN can not be set to true in your wp-config.php.';
+ if ( force_ssl_admin() && $this->getPlugin()->getSetting('ssl_host_diff') ) {
+ $errors[] = '<strong>SSL Admin</strong> - FORCE_SSL_ADMIN should not be set to true in your wp-config.php.';
$_POST[$key] = 0;
// If forcing SSL Admin and currently not SSL, logout user
} else if ( $_POST[$key] == 1 && !$this->getPlugin()->isSsl() ) {
@@ -232,7 +232,7 @@ public function secure_post( $force_ssl, $post_id = 0, $url = '' ) {
// Check secure filters
if ( sizeof((array)$this->getPlugin()->getSetting('secure_filter')) > 0 ) {
foreach( $this->getPlugin()->getSetting('secure_filter') as $filter ) {
- if ( strpos($url, $filter) !== false ) {
+ if ( preg_match('/' . str_replace('/', '\/', $filter) . '/', $url) === 1 ) {
$force_ssl = true;
}
}
@@ -244,9 +244,6 @@ public function secure_post( $force_ssl, $post_id = 0, $url = '' ) {
if ( get_option('show_on_front') == 'page' ) {
$post = get_option('page_on_front');
}
- if ( $this->getPlugin()->getSetting('frontpage') ) {
- $force_ssl = true;
- }
} else if ( $post = get_page_by_path($url_parts['path']) ) {
$post = $post->ID;
//TODO When logged in to HTTP and visiting an HTTPS page, admin links will always be forced to HTTPS, even if the user is not logged in via HTTPS. I need to find a way to detect this.
View
@@ -80,6 +80,7 @@ add_filter('force_ssl', 'store_force_ssl', 10, 3);`
* Added Remove Unsecure Elements option. If possible, this option removes external elements from the page that can not be loaded over HTTPS, preventing insecure content errors without modifying any code.
* ClouldFlare support.
* Substantial memory optimization.
+* Removed Secure Front Page option. This can now be achieved through URL Filters.
* Bug Fix - Visiting the admin panel over HTTP when using Shared SSL should no longer log the user out, but will not redirect accordingly.
* Bug Fix - Ranom 404 errors should be gone.
* Bug Fix - Fixed bug where a bad setting for ssl_host would cause the code to fail.

0 comments on commit 4bc9a12

Please sign in to comment.