Permalink
Browse files

Updated to version 3.1. Added URL to the force_ssl filter. Moved most…

… plugin logic into filters.
  • Loading branch information...
mvied committed Jul 8, 2012
1 parent 4932b06 commit db33f3e12b1993c25fa635da606344764a37ca3b
View
@@ -200,7 +200,7 @@ public function makeUrlHttps( $string ) {
}
}
$string = $url->toString();
- unset $url;
+ unset($url);
return $string;
} else {
return $string;
@@ -224,13 +224,49 @@ public function makeUrlHttp( $string ) {
$url->setPath(str_replace($this->getHttpsUrl()->getPath(), $this->getHttpUrl()->getPath(), $url->getPath()));
}
$string = $url->toString();
- unset $url;
+ unset($url);
return $string;
} else {
return $string;
}
}
+ /**
+ * Add Secure External URL
+ *
+ * @param string $value
+ * @return $this
+ */
+ public function addSecureExternalUrl( $value ) {
+ if ( trim($value) == '' ) {
+ return $this;
+ }
+
+ $secure_external_urls = (array) $this->getSetting('secure_external_urls');
+ array_push($secure_external_urls, (string) $value);
+ $this->setSetting('secure_external_urls', $secure_external_urls);
+
+ return $this;
+ }
+
+ /**
+ * Add Unsecure External URL
+ *
+ * @param string $value
+ * @return $this
+ */
+ public function addUnsecureExternalUrl( $value ) {
+ if ( trim($value) == '' ) {
+ return $this;
+ }
+
+ $unsecure_external_urls = (array) $this->getSetting('unsecure_external_urls');
+ array_push($unsecure_external_urls, (string) $value);
+ $this->setSetting('unsecure_external_urls', $unsecure_external_urls);
+
+ return $this;
+ }
+
/**
* Checks if the current page is SSL
*
@@ -279,7 +315,7 @@ public function redirect( $scheme = 'https' ) {
}
if ( $url ) {
- $path = $_SERVER['REQUEST_URI'];
+ $path = ( isset($_SERVER['REDIRECT_URL']) ? $_SERVER['REDIRECT_URL'] : $_SERVER['REQUEST_URI'] );
if ( $this->getHttpsUrl()->getPath() != '/' ) {
$path = str_replace($this->getHttpsUrl()->getPath(), '', $path);
}
@@ -299,6 +335,16 @@ public function redirect( $scheme = 'https' ) {
}
}
+ // Use a cookie to detect redirect loops
+ $redirect_count = ( isset($_COOKIE['redirect_count']) && is_numeric($_COOKIE['redirect_count']) ? (int)$_COOKIE['redirect_count']+1 : 1 );
+ setcookie('redirect_count', $redirect_count, 0, '/');
+ // If redirect count is greater than 2, prevent redirect and log the redirect loop
+ if ( $redirect_count > 2 ) {
+ setcookie('redirect_count', null, -time(), '/');
+ $this->getLogger()->log('[ERROR] Redirect Loop!');
+ return;
+ }
+
// Redirect
if ( function_exists('wp_redirect') ) {
wp_redirect($url, 301);
@@ -9,10 +9,7 @@
*
*/
-require_once('Mvied/Module.php');
-require_once('Mvied/Module/Interface.php');
-
-class WordPressHTTPS_Module_Admin extends Mvied_Module implements Mvied_Module_Interface {
+class WordPressHTTPS_Module_Admin extends Mvied_Plugin_Module implements Mvied_Plugin_Module_Interface {
/**
* Initialize Module
@@ -9,10 +9,7 @@
*
*/
-require_once('Mvied/Module.php');
-require_once('Mvied/Module/Interface.php');
-
-class WordPressHTTPS_Module_Admin_Post extends Mvied_Module implements Mvied_Module_Interface {
+class WordPressHTTPS_Module_Admin_Post extends Mvied_Plugin_Module implements Mvied_Plugin_Module_Interface {
/**
* Initialize Module
@@ -35,24 +32,21 @@ public function init() {
* @return void
*/
public function add_meta_box_post() {
- add_meta_box(
- $this->getPlugin()->getSlug(),
- __( 'HTTPS', $this->getPlugin()->getSlug() ),
- array($this->getPlugin()->getModule('Admin'), 'meta_box_render'),
- 'post',
- 'side',
- 'high',
- array( 'metabox' => 'post' )
- );
- add_meta_box(
- $this->getPlugin()->getSlug(),
- __( 'HTTPS', $this->getPlugin()->getSlug() ),
- array($this->getPlugin()->getModule('Admin'), 'meta_box_render'),
- 'page',
- 'side',
- 'high',
- array( 'metabox' => 'post' )
+ $args = array(
+ 'public' => true,
);
+ $post_types = get_post_types( $args );
+ foreach($post_types as $post_type ) {
+ add_meta_box(
+ $this->getPlugin()->getSlug(),
+ __( 'HTTPS', $this->getPlugin()->getSlug() ),
+ array($this->getPlugin()->getModule('Admin'), 'meta_box_render'),
+ $post_type,
+ 'side',
+ 'core',
+ array( 'metabox' => 'post' )
+ );
+ };
}
/**
@@ -9,10 +9,7 @@
*
*/
-require_once('Mvied/Module.php');
-require_once('Mvied/Module/Interface.php');
-
-class WordPressHTTPS_Module_Admin_Settings extends Mvied_Module implements Mvied_Module_Interface {
+class WordPressHTTPS_Module_Admin_Settings extends Mvied_Plugin_Module implements Mvied_Plugin_Module_Interface {
/**
* Initialize Module
@@ -7,10 +7,7 @@
*
*/
-require_once('Mvied/Module.php');
-require_once('Mvied/Module/Interface.php');
-
-class WordPressHTTPS_Module_Filters extends Mvied_Module implements Mvied_Module_Interface {
+class WordPressHTTPS_Module_Filters extends Mvied_Plugin_Module implements Mvied_Plugin_Module_Interface {
/**
* Initialize
@@ -37,8 +34,10 @@ public function init() {
add_filter('admin_url', array(&$this, 'admin_url'), 10, 3);
// Filter force_ssl
- add_filter('force_ssl', array(&$this, 'secure_child_post'), 10, 2);
- add_filter('force_ssl', array(&$this, 'secure_post'), 9, 2);
+ add_filter('force_ssl', array(&$this, 'secure_child_post'), 10, 3);
+ add_filter('force_ssl', array(&$this, 'secure_different_host_admin'), 9, 3);
+ add_filter('force_ssl', array(&$this, 'secure_post'), 8, 3);
+ add_filter('force_ssl', array(&$this, 'secure_exclusive'), 1, 3);
// Filter URL's on SSL pages
if ( $this->getPlugin()->isSsl() ) {
@@ -157,25 +156,107 @@ public function request( $request ) {
*
* @param boolean $force_ssl
* @param int $post_id
+ * @param string $url
* @return boolean $force_ssl
*/
- public function secure_post( $force_ssl, $post_id ) {
- if ( is_numeric($post_id) ) {
+ public function secure_post( $force_ssl, $post_id = 0, $url = '' ) {
+ if ( $url != '' ) {
+ $url_parts = parse_url($url);
+ if ( $this->getPlugin()->getHttpsUrl()->getPath() != '/' ) {
+ if ( $this->getPlugin()->getSetting('ssl_host_diff') ) {
+ $url_parts['path'] = str_replace($this->getPlugin()->getHttpsUrl()->getPath(), '', $url_parts['path']);
+ }
+ if ( $this->getPlugin()->getHttpUrl()->getPath() != '/' ) {
+ $url_parts['path'] = str_replace($this->getPlugin()->getHttpUrl()->getPath(), '', $url_parts['path']);
+ }
+ }
+
+ // qTranslate integration - strips language from beginning of url path
+ if ( defined('QTRANS_INIT') && constant('QTRANS_INIT') == true ) {
+ global $q_config;
+ if ( isset($q_config['enabled_languages']) ) {
+ foreach($q_config['enabled_languages'] as $language) {
+ $url_parts['path'] = preg_replace('/^\/' . $language . '\//', '/', $url_parts['path']);
+ }
+ }
+ }
+
+ if ( $this->getPlugin()->isUrlLocal($url) && preg_match("/page_id=([\d]+)/", parse_url($url, PHP_URL_QUERY), $postID) ) {
+ $post = $postID[1];
+ } else if ( $this->getPlugin()->isUrlLocal($url) && ( $url_parts['path'] == '' || $url_parts['path'] == '/' ) ) {
+ if ( get_option('show_on_front') == 'page' ) {
+ $post = get_option('page_on_front');
+ }
+ if ( $this->getPlugin()->getSetting('frontpage') ) {
+ $force_ssl = true;
+ }
+ } else if ( $this->getPlugin()->isUrlLocal($url) && ($post = get_page_by_path($url_parts['path'])) ) {
+ $post = $post->ID;
+ //TODO When logged in to HTTP and visiting an HTTPS page, admin links will always be forced to HTTPS, even if the user is not logged in via HTTPS. I need to find a way to detect this.
+ } else if ( ( strpos($url_parts['path'], 'wp-admin') !== false || strpos($url_parts['path'], 'wp-login') !== false ) && ( $this->getPlugin()->isSsl() || $this->getPlugin()->getSetting('ssl_admin') ) ) {
+ if ( ! is_multisite() || ( is_multisite() && strpos($url_parts['host'], $this->getPlugin()->getHttpsUrl()->getHost()) !== false ) ) {
+ $force_ssl = true;
+ } else if ( is_multisite() ) {
+ // get_blog_details returns an object with a property of blog_id
+ if ( $blog_details = get_blog_details( array( 'domain' => $url_parts['host'] )) ) {
+ // set $blog_id using $blog_details->blog_id
+ $blog_id = $blog_details->blog_id;
+ if ( $this->getPlugin()->getSetting('ssl_admin', $blog_id) && $url_parts['scheme'] != 'https' && ( ! $this->getPlugin()->getSetting('ssl_host_diff', $blog_id) || ( $this->getPlugin()->getSetting('ssl_host_diff', $blog_id) && is_user_logged_in() ) ) ) {
+ $force_ssl = true;
+ }
+ }
+ }
+ }
+ }
+ if ( (int) $post > 0 ) {
$force_ssl = (( get_post_meta($post_id, 'force_ssl', true) == 1 ) ? true : $force_ssl);
}
return $force_ssl;
}
+ /**
+ * Always secure pages when using a different SSL Host.
+ * WordPress HTTPS Filter - force_ssl
+ *
+ * @param boolean $force_ssl
+ * @param int $post_id
+ * @param string $url
+ * @return boolean $force_ssl
+ */
+ public function secure_exclusive( $force_ssl, $post_id = 0, $url = '' ) {
+ if ( is_null($force_ssl) && strpos(get_option('home'), 'https') != 0 && $this->getPlugin()->getSetting('exclusive_https') ) {
+ $force_ssl = false;
+ }
+ return $force_ssl;
+ }
+
+ /**
+ * Always secure pages when using a different SSL Host.
+ * WordPress HTTPS Filter - force_ssl
+ *
+ * @param boolean $force_ssl
+ * @param int $post_id
+ * @param string $url
+ * @return boolean $force_ssl
+ */
+ public function secure_different_host_admin( $force_ssl, $post_id = 0, $url = '' ) {
+ if ( ! $this->getPlugin()->getSetting('ssl_host_subdomain') && $this->getPlugin()->getSetting('ssl_host_diff') && $this->getPlugin()->getSetting('ssl_admin') && is_user_logged_in() ) {
+ $force_ssl = true;
+ }
+ return $force_ssl;
+ }
+
/**
* Secure Child Post
* WordPress HTTPS Filter - force_ssl
*
* @param boolean $force_ssl
* @param int $post_id
+ * @param string $url
* @return boolean $force_ssl
*/
- public function secure_child_post( $force_ssl, $post_id ) {
- if ( is_numeric($post_id) ) {
+ public function secure_child_post( $force_ssl, $post_id = 0, $url = '' ) {
+ if ( $post_id > 0 ) {
$postParent = get_post($post_id);
while ( $postParent->post_parent ) {
$postParent = get_post( $postParent->post_parent );
@@ -7,10 +7,7 @@
*
*/
-require_once('Mvied/Module.php');
-require_once('Mvied/Module/Interface.php');
-
-class WordPressHTTPS_Module_Hooks extends Mvied_Module implements Mvied_Module_Interface {
+class WordPressHTTPS_Module_Hooks extends Mvied_Plugin_Module implements Mvied_Plugin_Module_Interface {
/**
* Initialize
@@ -51,7 +48,18 @@ public function init() {
}
// Check if the page needs to be redirected
- add_action('template_redirect', array(&$this, 'redirect_check'));
+ add_action('template_redirect', array(&$this, 'redirect_check'), 10, 1);
+ add_action('template_redirect', array(&$this, 'clear_redirect_count_cookie'), 9, 1);
+ }
+
+ /**
+ * Removes redirect_count cookie.
+ *
+ * @param none
+ * @return void
+ */
+ public function clear_redirect_count_cookie() {
+ setcookie('redirect_count', null, -time(), '/');
}
/**
@@ -95,7 +103,7 @@ public function redirect_check() {
}
if ( $post->ID > 0 ) {
- $force_ssl = apply_filters('force_ssl', null, $post->ID );
+ $force_ssl = apply_filters('force_ssl', null, $post->ID, ( $this->getPlugin()->isSsl() ? 'https' : 'http' ) . '://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
}
// Secure Front Page
Oops, something went wrong.

0 comments on commit db33f3e

Please sign in to comment.