/**
* Save Settings
*
* @param array $settings
* @return void
*/
public function save()
{
if (!wp_verify_nonce($_POST['_wpnonce'], $this->getPlugin()->getSlug())) {
return false;
}
$message = "Network settings saved.";
$errors = array();
$reload = false;
$logout = false;
if (isset($_POST['blog']) && is_array($_POST['blog']) && sizeof($_POST['blog']) > 0) {
foreach ($_POST['blog'] as $blog_id => $setting) {
foreach ($setting as $key => $value) {
if ($key == 'ssl_host' && $value != '') {
$blog_url = WordPressHTTPS_Url::fromString(get_site_url($blog_id, '', 'https'));
$value = strtolower($value);
// Add Scheme
if (strpos($value, 'http://') === false && strpos($value, 'https://') === false) {
$value = 'https://' . $value;
}
$ssl_host = WordPressHTTPS_Url::fromString($value);
// Add Port
$port = $blog_url->getPort() && $blog_url->getPort() != 80 && $blog_url->getPort() != 443 ? $port : null;
$ssl_host->setPort($port);
// Add Path
if (strpos($ssl_host->getPath(), $blog_url->getPath()) !== true) {
$path = '/' . ltrim(str_replace(rtrim($blog_url->getPath(), '/'), '', $ssl_host->getPath()), '/');
$ssl_host->setPath(rtrim($path, '/') . $blog_url->getPath());
}
$ssl_host->setPath(rtrim($ssl_host->getPath(), '/') . '/');
$value = $ssl_host->toString();
}
$this->getPlugin()->setSetting($key, $value, $blog_id);
}
}
}
if (isset($_POST['blog_default']) && is_array($_POST['blog_default']) && sizeof($_POST['blog_default']) > 0) {
$this->getPlugin()->setSetting('network_defaults', $_POST['blog_default']);
}
if ($logout) {
wp_logout();
}
require_once $this->getPlugin()->getDirectory() . '/admin/templates/ajax_message.php';
}
/**
* Save Settings
*
* @param none
* @return void
*/
public function save()
{
if (!wp_verify_nonce($_POST['_wpnonce'], $this->getPlugin()->getSlug())) {
return false;
}
$message = "Settings saved.";
$errors = array();
$reload = false;
$logout = false;
foreach ($this->getPlugin()->getSettings() as $key => $default) {
if (!array_key_exists($key, $_POST) && $default == 0) {
$_POST[$key] = 0;
$this->getPlugin()->setSetting($key, $_POST[$key]);
} else {
if (array_key_exists($key, $_POST)) {
if ($key == 'ssl_host') {
if ($_POST[$key] != '') {
$_POST[$key] = strtolower($_POST[$key]);
// Add Scheme
if (strpos($_POST[$key], 'http://') === false && strpos($_POST[$key], 'https://') === false) {
$_POST[$key] = 'https://' . $_POST[$key];
}
$ssl_host = WordPressHTTPS_Url::fromString($_POST[$key]);
// Add Port
$_POST['ssl_port'] = $port = isset($_POST['ssl_port']) && is_int($_POST['ssl_port']) && $_POST['ssl_port'] != 443 ? $_POST['ssl_port'] : $ssl_host->getPort();
$ssl_host->setPort($port);
// Add Path
if (strpos($ssl_host->getPath(), $this->getPlugin()->getHttpUrl()->getPath()) !== true) {
$path = '/' . ltrim(str_replace(rtrim($this->getPlugin()->getHttpUrl()->getPath(), '/'), '', $ssl_host->getPath()), '/');
$ssl_host->setPath(rtrim($path, '/') . $this->getPlugin()->getHttpUrl()->getPath());
}
$ssl_host->setPath(rtrim($ssl_host->getPath(), '/') . '/');
if ($ssl_host->toString() != $this->getPlugin()->getHttpsUrl()->toString()) {
// Ensure that the WordPress installation is accessible at this host
//if ( $ssl_host->isValid() ) {
// If secure domain has changed and currently on SSL, logout user
if ($this->getPlugin()->isSsl()) {
$logout = true;
}
$_POST[$key] = $ssl_host->setPort('')->toString();
/*} else {
$errors[] = '<strong>SSL Host</strong> - Invalid WordPress installation at ' . $ssl_host;
$_POST[$key] = get_option($key);
}*/
} else {
$_POST[$key] = $this->getPlugin()->getHttpsUrl()->toString();
}
} else {
$_POST[$key] = get_option($key);
}
} else {
if ($key == 'ssl_proxy') {
// Reload if we're auto detecting the proxy and we're not in SSL
if ($_POST[$key] == 'auto' && !$this->getPlugin()->isSsl()) {
$reload = true;
}
} else {
if ($key == 'ssl_admin') {
if (force_ssl_admin() && $this->getPlugin()->getSetting('ssl_host_diff')) {
$errors[] = '<strong>SSL Admin</strong> - FORCE_SSL_ADMIN should not be set to true in your wp-config.php while using a non-default SSL Host.';
// If forcing SSL Admin and currently not SSL, logout user
} else {
if ($_POST[$key] == 1 && !$this->getPlugin()->isSsl()) {
$logout = true;
}
}
} else {
if ($key == 'ssl_host_subdomain') {
// Checks to see if the SSL Host is a subdomain
$is_subdomain = $this->getPlugin()->getHttpsUrl()->isSubdomain($this->getPlugin()->getHttpUrl());
if ($ssl_host->setScheme('http') != $this->getPlugin()->getHttpUrl() && $is_subdomain) {
$_POST[$key] = 1;
} else {
$_POST[$key] = 0;
}
}
}
}
}
$this->getPlugin()->setSetting($key, $_POST[$key]);
}
}
}
if ($logout) {
wp_logout();
}
require_once $this->getPlugin()->getDirectory() . '/admin/templates/ajax_message.php';
}
<?php
require_once realpath(dirname(__FILE__) . '/../../../../..') . '/wp-load.php';
// Disable errors
error_reporting(0);
// Set headers
header("Status: 200");
header("HTTP/1.1 200 OK");
header('Content-Type: text/html');
header('Cache-Control: no-store, no-cache, must-revalidate');
header('Cache-Control: post-check=0, pre-check=0', FALSE);
header('Pragma: no-cache');
header("Vary: Accept-Encoding");
if (!wp_verify_nonce($_POST['_nonce'], 'wordpress-https')) {
exit;
}
$content = WordPressHTTPS_Url::fromString($_POST['url'])->getContent();
if ($content) {
echo $content;
}
/**
* Factory object from a string that contains a URL
*
* Example of usage:
* $site_url = WordPressHTTPS_Url::fromString( site_url() );
*
* @param string $string
* @return $url WordPressHTTPS_Url
*/
public static function fromString($string)
{
$url = new WordPressHTTPS_Url();
@preg_match_all('/((http|https):\\/\\/[^\'"]+)[\'"\\)]?/i', $string, $url_parts);
if (isset($url_parts[1][0])) {
if ($url_parts = parse_url($url_parts[1][0])) {
$url->setScheme(@$url_parts['scheme']);
$url->setUser(@$url_parts['user']);
$url->setPass(@$url_parts['pass']);
$url->setHost(@$url_parts['host']);
$url->setPort(@$url_parts['port']);
$url->setPath(@$url_parts['path']);
$url->setQuery(@$url_parts['query']);
$url->setFragment(@$url_parts['fragment']);
return $url;
}
} else {
return false;
}
return $url;
}
/**
* Save Settings
*
* @param array $settings
* @return void
*/
public function save()
{
$errors = array();
$reload = false;
$logout = false;
if (@$_POST['Reset']) {
foreach ($this->getPlugin()->getSettings() as $key => $default) {
$this->getPlugin()->setSetting($key, $default);
}
$this->getPlugin()->install();
$reload = true;
} else {
foreach ($this->getPlugin()->getSettings() as $key => $default) {
if (!array_key_exists($key, $_POST) && $default == 0) {
$_POST[$key] = 0;
$this->getPlugin()->setSetting($key, $_POST[$key]);
} else {
if (array_key_exists($key, $_POST)) {
if ($key == 'ssl_host') {
if ($_POST[$key] != '') {
$_POST[$key] = strtolower($_POST[$key]);
// Add Scheme
if (strpos($_POST[$key], 'http://') === false && strpos($_POST[$key], 'https://') === false) {
$_POST[$key] = 'https://' . $_POST[$key];
}
$ssl_host = WordPressHTTPS_Url::fromString($_POST[$key]);
// Add Port
$port = isset($_POST['ssl_port']) && is_int($_POST['ssl_port']) ? $_POST['ssl_port'] : $ssl_host->getPort();
$port = $port != 80 && $port != 443 ? $port : null;
$ssl_host->setPort($port);
// Add Path
if (strpos($ssl_host->getPath(), $this->getPlugin()->getHttpUrl()->getPath()) !== true) {
$path = '/' . ltrim(str_replace(rtrim($this->getPlugin()->getHttpUrl()->getPath(), '/'), '', $ssl_host->getPath()), '/');
$ssl_host->setPath(rtrim($path, '/') . $this->getPlugin()->getHttpUrl()->getPath());
}
$ssl_host->setPath(rtrim($ssl_host->getPath(), '/') . '/');
if ($ssl_host->toString() != $this->getPlugin()->getHttpsUrl()->toString()) {
// Ensure that the WordPress installation is accessible at this host
if ($ssl_host->isValid()) {
// If secure domain has changed and currently on SSL, logout user
if ($this->getPlugin()->isSsl()) {
$logout = true;
}
$_POST[$key] = $ssl_host->setPort('');
} else {
$errors[] = '<strong>SSL Host</strong> - Invalid WordPress installation at ' . $ssl_host;
$_POST[$key] = get_option($key);
}
} else {
$_POST[$key] = $this->getPlugin()->getHttpsUrl()->toString();
}
} else {
$_POST[$key] = get_option($key);
}
} else {
if ($key == 'ssl_proxy') {
// Reload if we're auto detecting the proxy and we're not in SSL
if ($_POST[$key] == 'auto' && !$this->getPlugin()->isSsl()) {
$reload = true;
}
} else {
if ($key == 'ssl_admin') {
if (force_ssl_admin() || force_ssl_login()) {
$errors[] = '<strong>SSL Admin</strong> - FORCE_SSL_ADMIN and FORCE_SSL_LOGIN can not be set to true in your wp-config.php.';
$_POST[$key] = 0;
// If forcing SSL Admin and currently not SSL, logout user
} else {
if ($_POST[$key] == 1 && !$this->getPlugin()->isSsl()) {
$logout = true;
}
}
} else {
if ($key == 'ssl_host_subdomain') {
// Checks to see if the SSL Host is a subdomain
$http_domain = $this->getPlugin()->getHttpUrl()->getBaseHost();
$https_domain = $this->getPlugin()->getHttpsUrl()->getBaseHost();
if ($ssl_host->setScheme('http') != $this->getPlugin()->getHttpUrl() && $http_domain == $https_domain) {
$_POST[$key] = 1;
} else {
$_POST[$key] = 0;
}
}
}
}
}
$this->getPlugin()->setSetting($key, $_POST[$key]);
}
}
}
}
if ($logout) {
wp_logout();
}
if (array_key_exists('ajax', $_POST)) {
error_reporting(0);
while (@ob_end_clean()) {
}
if (sizeof($errors) > 0) {
echo "<div class=\"error below-h2 fade wphttps-message\" id=\"message\">\n\t<ul>\n";
foreach ($errors as $error) {
echo "\t\t<li><p>" . $error . "</p></li>\n";
}
echo "\t</ul>\n</div>\n";
} else {
echo "<div class=\"updated below-h2 fade wphttps-message\" id=\"message\"><p>Settings saved.</p></div>\n";
if ($logout || $reload) {
echo "<script type=\"text/javascript\">window.location.reload();</script>";
}
}
exit;
}
}
/**
* Replaces HTTPS Host with HTTP Host
*
* @param string $string
* @return string $string
*/
public function makeUrlHttp($string)
{
if ((string) $string == '') {
return false;
}
// If relative
if (strpos($string, '/') === 0) {
if ($this->getSetting('ssl_host_diff') && strpos($string, $this->getHttpsUrl()->getPath()) !== false) {
$string = str_replace($this->getHttpsUrl()->getPath(), $this->getHttpUrl()->getPath(), $string);
}
} else {
if ($url = WordPressHTTPS_Url::fromString($string)) {
if ($this->isUrlLocal($url)) {
if ($url->getScheme() == 'https') {
$updated = clone $url;
$updated->setScheme('http');
$updated->setHost($this->getHttpUrl()->getHost());
$updated->setPort($this->getHttpUrl()->getPort());
if ($this->getSetting('ssl_host_diff') && strpos($updated->getPath(), $this->getHttpsUrl()->getPath()) !== false) {
$updated->setPath(str_replace($this->getHttpsUrl()->getPath(), $this->getHttpUrl()->getPath(), $updated->getPath()));
}
if (strpos($url, 'wp-admin') !== false && preg_match('/redirect_to=([^&]+)/i', $url, $redirect) && isset($redirect[1])) {
$redirect_url = $redirect[1];
$url = str_replace($redirect_url, urlencode($this->makeUrlHttp(urldecode($redirect_url))), $url);
}
$string = str_replace($url, $updated, $string);
}
} else {
$updated = apply_filters('http_external_url', str_replace('https://', 'http://', $url));
$string = str_replace($url, $updated, $string);
}
}
}
unset($updated);
unset($url);
return $string;
}
/**
* Blog Info
* WordPress Filter - get_bloginfo, bloginfo
*
* @param string $result
* @param string $show
* @return string $result
*/
public function bloginfo($result = '', $show = '')
{
if ($show == 'stylesheet_url' || $show == 'template_url' || $show == 'wpurl' || $show == 'home' || $show == 'siteurl' || $show == 'Url') {
if (WordPressHTTPS_Url::fromString(get_bloginfo('wpurl'))->getScheme() != 'https') {
$result = $this->getPlugin()->makeUrlHttp($result);
}
}
return $result;
}
/**
* Redirects page to HTTP or HTTPS accordingly
*
* @param string $scheme Either http or https
* @return void
*/
public function redirect($scheme = 'https')
{
if (!$this->isSsl() && $scheme == 'https') {
$url = clone $this->getHttpsUrl();
$url->setScheme($scheme);
} else {
if ($this->isSsl() && $scheme == 'http') {
$url = clone $this->getHttpUrl();
$url->setScheme($scheme);
} else {
$url = false;
}
}
if ($url) {
$path = $_SERVER['REQUEST_URI'];
if ($this->getHttpsUrl()->getPath() != '/') {
$path = str_replace($this->getHttpsUrl()->getPath(), '', $path);
}
$path = ltrim($path, '/');
if ($scheme == 'https') {
if ($this->getSetting('ssl_host_diff') && $this->getHttpUrl()->getPath() != '/') {
$url->setPath(str_replace($this->getHttpUrl()->getPath(), $this->getHttpsUrl()->getPath(), $_SERVER['REQUEST_URI']));
} else {
$url->setPath(rtrim($this->getHttpsUrl()->getPath(), '/') . '/' . $path);
}
} else {
if ($scheme == 'http') {
if ($this->getSetting('ssl_host_diff') && $this->getHttpsUrl()->getPath() != '/') {
$url->setPath(str_replace($this->getHttpsUrl()->getPath(), $this->getHttpUrl()->getPath(), $_SERVER['REQUEST_URI']));
} else {
$url->setPath(rtrim($this->getHttpUrl()->getPath(), '/') . '/' . $path);
}
}
}
// Redirect
if (function_exists('wp_redirect')) {
wp_redirect($url, 301);
} else {
// End all output buffering and redirect
while (@ob_end_clean()) {
}
// If redirecting to an admin page
if (strpos($url->getPath(), 'wp-admin') !== false || strpos($url->getPath(), 'wp-login') !== false) {
$url = WordPressHTTPS_Url::fromString($this->redirectAdmin($url));
}
header("Location: " . $url, true, 301);
}
exit;
}
}
/**
* Redirects page to HTTP or HTTPS accordingly
*
* @param string $scheme Either http or https
* @return void
*/
public function redirect($scheme = 'https')
{
if (!$this->isSsl() && $scheme == 'https') {
$url = clone $this->getHttpsUrl();
$url->setScheme($scheme);
} else {
if ($this->isSsl() && $scheme == 'http') {
$url = clone $this->getHttpUrl();
$url->setScheme($scheme);
} else {
$url = false;
}
}
if ($url) {
$path = isset($_SERVER['REDIRECT_URL']) ? $_SERVER['REDIRECT_URL'] : $_SERVER['REQUEST_URI'];
if (strpos($_SERVER['REQUEST_URI'], '?') !== false && isset($_SERVER['REDIRECT_URL']) && strpos($_SERVER['REDIRECT_URL'], '?') === false) {
$path .= substr($_SERVER['REQUEST_URI'], strpos($_SERVER['REQUEST_URI'], '?'));
}
if ($this->getHttpsUrl()->getPath() != '/') {
$path = str_replace($this->getHttpsUrl()->getPath(), '', $path);
}
$path = ltrim($path, '/');
if ($scheme == 'https') {
if ($this->getSetting('ssl_host_diff') && $this->getHttpUrl()->getPath() != '/') {
$url->setPath(str_replace($this->getHttpUrl()->getPath(), $this->getHttpsUrl()->getPath(), $_SERVER['REQUEST_URI']));
} else {
$url->setPath(rtrim($this->getHttpsUrl()->getPath(), '/') . '/' . $path);
}
} else {
if ($scheme == 'http') {
if ($this->getSetting('ssl_host_diff') && $this->getHttpsUrl()->getPath() != '/') {
$url->setPath(str_replace($this->getHttpsUrl()->getPath(), $this->getHttpUrl()->getPath(), $_SERVER['REQUEST_URI']));
} else {
$url->setPath(rtrim($this->getHttpUrl()->getPath(), '/') . '/' . $path);
}
}
}
// Use a cookie to detect redirect loops
$redirect_count = isset($_COOKIE['redirect_count']) && is_numeric($_COOKIE['redirect_count']) ? (int) $_COOKIE['redirect_count'] + 1 : 1;
setcookie('redirect_count', $redirect_count, 0, '/');
// If redirect count is greater than 2, prevent redirect and log the redirect loop
if ($redirect_count > 2) {
setcookie('redirect_count', null, -time(), '/');
$this->getLogger()->log('[ERROR] Redirect Loop!');
return;
}
// Redirect
if (function_exists('wp_redirect')) {
wp_redirect($url, 301);
} else {
// End all output buffering and redirect
while (@ob_end_clean()) {
}
// If redirecting to an admin page
if (strpos($url->getPath(), 'wp-admin') !== false || strpos($url->getPath(), 'wp-login') !== false) {
$url = WordPressHTTPS_Url::fromString($this->redirectAdmin($url));
}
header("Location: " . $url, true, 301);
}
exit;
}
}
/**
* Fix links and forms
*
* @param none
* @return void
*/
public function fixLinksAndForms()
{
// Update anchor and form tags to appropriate URL's
preg_match_all('/\\<(a|form)[^>]+[\'"]((http|https):\\/\\/[^\'"]+)[\'"][^>]*>/im', $this->_html, $matches);
for ($i = 0; $i < sizeof($matches[0]); $i++) {
$html = $matches[0][$i];
$type = $matches[1][$i];
$url = $matches[2][$i];
$scheme = $matches[3][$i];
$updated = false;
unset($force_ssl);
$url_parts = parse_url($url);
if ($this->getPlugin()->getHttpsUrl()->getPath() != '/') {
if ($this->getPlugin()->getSetting('ssl_host_diff')) {
$url_parts['path'] = str_replace($this->getPlugin()->getHttpsUrl()->getPath(), '', $url_parts['path']);
}
if ($this->getPlugin()->getHttpUrl()->getPath() != '/') {
$url_parts['path'] = str_replace($this->getPlugin()->getHttpUrl()->getPath(), '', $url_parts['path']);
}
}
if ($this->getPlugin()->isUrlLocal($url) && preg_match("/page_id=([\\d]+)/", parse_url($url, PHP_URL_QUERY), $postID)) {
$post = $postID[1];
} else {
if ($this->getPlugin()->isUrlLocal($url) && ($url_parts['path'] == '' || $url_parts['path'] == '/')) {
if (get_option('show_on_front') == 'posts') {
$post = true;
} else {
$post = get_option('page_on_front');
}
if ($this->getPlugin()->getSetting('frontpage')) {
$force_ssl = true;
} else {
if ($this->getPlugin()->getSetting('exclusive_https')) {
$force_ssl = false;
}
}
} else {
if ($this->getPlugin()->isUrlLocal($url) && ($post = get_page_by_path($url_parts['path']))) {
$post = $post->ID;
//TODO When logged in to HTTP and visiting an HTTPS page, admin links will always be forced to HTTPS, even if the user is not logged in via HTTPS. I need to find a way to detect this.
} else {
if ((strpos($url_parts['path'], 'wp-admin') !== false || strpos($url_parts['path'], 'wp-login') !== false) && ($this->getPlugin()->isSsl() || $this->getPlugin()->getSetting('ssl_admin'))) {
if (!is_multisite() || is_multisite() && strpos($url_parts['host'], $this->getPlugin()->getHttpsUrl()->getHost()) !== false) {
$post = true;
$force_ssl = true;
} else {
if (is_multisite()) {
// get_blog_details returns an object with a property of blog_id
if ($blog_details = get_blog_details(array('domain' => $url_parts['host']))) {
// set $blog_id using $blog_details->blog_id
$blog_id = $blog_details->blog_id;
if ($this->getPlugin()->getSetting('ssl_admin', $blog_id) && $scheme != 'https' && (!$this->getPlugin()->getSetting('ssl_host_diff', $blog_id) || $this->getPlugin()->getSetting('ssl_host_diff', $blog_id) && is_user_logged_in())) {
$this->_html = str_replace($url, str_replace('http', 'https', $url), $this->_html);
}
}
}
}
}
}
}
}
if (isset($post)) {
// Always change links to HTTPS when logged in via different SSL Host
if ($type == 'a' && !$this->getPlugin()->getSetting('ssl_host_subdomain') && $this->getPlugin()->getSetting('ssl_host_diff') && $this->getPlugin()->getSetting('ssl_admin') && is_user_logged_in()) {
$force_ssl = true;
} else {
if ((int) $post > 0) {
$force_ssl = apply_filters('force_ssl', $force_ssl, $post);
}
}
if ($force_ssl == true || WordPressHTTPS_Url::fromString(get_bloginfo('wpurl'))->getScheme() == 'https') {
$updated = $this->getPlugin()->makeUrlHttps($url);
$this->_html = str_replace($html, str_replace($url, $updated, $html), $this->_html);
} else {
if ($this->getPlugin()->getSetting('exclusive_https')) {
$updated = $this->getPlugin()->makeUrlHttp($url);
$this->_html = str_replace($html, str_replace($url, $updated, $html), $this->_html);
}
}
}
// Add log entry if this change hasn't been logged
if ($updated && $url != $updated) {
$log = '[FIXED] Element: <' . $type . '> - ' . $url . ' => ' . $updated;
if (!in_array($log, $this->getPlugin()->getLogger()->getLog())) {
$this->getPlugin()->getLogger()->log($log);
}
}
}
}
