/** * Save Settings * * @param array $settings * @return void */ public function save() { if (!wp_verify_nonce($_POST['_wpnonce'], $this->getPlugin()->getSlug())) { return false; } $message = "Network settings saved."; $errors = array(); $reload = false; $logout = false; if (isset($_POST['blog']) && is_array($_POST['blog']) && sizeof($_POST['blog']) > 0) { foreach ($_POST['blog'] as $blog_id => $setting) { foreach ($setting as $key => $value) { if ($key == 'ssl_host' && $value != '') { $blog_url = WordPressHTTPS_Url::fromString(get_site_url($blog_id, '', 'https')); $value = strtolower($value); // Add Scheme if (strpos($value, 'http://') === false && strpos($value, 'https://') === false) { $value = 'https://' . $value; } $ssl_host = WordPressHTTPS_Url::fromString($value); // Add Port $port = $blog_url->getPort() && $blog_url->getPort() != 80 && $blog_url->getPort() != 443 ? $port : null; $ssl_host->setPort($port); // Add Path if (strpos($ssl_host->getPath(), $blog_url->getPath()) !== true) { $path = '/' . ltrim(str_replace(rtrim($blog_url->getPath(), '/'), '', $ssl_host->getPath()), '/'); $ssl_host->setPath(rtrim($path, '/') . $blog_url->getPath()); } $ssl_host->setPath(rtrim($ssl_host->getPath(), '/') . '/'); $value = $ssl_host->toString(); } $this->getPlugin()->setSetting($key, $value, $blog_id); } } } if (isset($_POST['blog_default']) && is_array($_POST['blog_default']) && sizeof($_POST['blog_default']) > 0) { $this->getPlugin()->setSetting('network_defaults', $_POST['blog_default']); } if ($logout) { wp_logout(); } require_once $this->getPlugin()->getDirectory() . '/admin/templates/ajax_message.php'; }
/** * Save Settings * * @param none * @return void */ public function save() { if (!wp_verify_nonce($_POST['_wpnonce'], $this->getPlugin()->getSlug())) { return false; } $message = "Settings saved."; $errors = array(); $reload = false; $logout = false; foreach ($this->getPlugin()->getSettings() as $key => $default) { if (!array_key_exists($key, $_POST) && $default == 0) { $_POST[$key] = 0; $this->getPlugin()->setSetting($key, $_POST[$key]); } else { if (array_key_exists($key, $_POST)) { if ($key == 'ssl_host') { if ($_POST[$key] != '') { $_POST[$key] = strtolower($_POST[$key]); // Add Scheme if (strpos($_POST[$key], 'http://') === false && strpos($_POST[$key], 'https://') === false) { $_POST[$key] = 'https://' . $_POST[$key]; } $ssl_host = WordPressHTTPS_Url::fromString($_POST[$key]); // Add Port $_POST['ssl_port'] = $port = isset($_POST['ssl_port']) && is_int($_POST['ssl_port']) && $_POST['ssl_port'] != 443 ? $_POST['ssl_port'] : $ssl_host->getPort(); $ssl_host->setPort($port); // Add Path if (strpos($ssl_host->getPath(), $this->getPlugin()->getHttpUrl()->getPath()) !== true) { $path = '/' . ltrim(str_replace(rtrim($this->getPlugin()->getHttpUrl()->getPath(), '/'), '', $ssl_host->getPath()), '/'); $ssl_host->setPath(rtrim($path, '/') . $this->getPlugin()->getHttpUrl()->getPath()); } $ssl_host->setPath(rtrim($ssl_host->getPath(), '/') . '/'); if ($ssl_host->toString() != $this->getPlugin()->getHttpsUrl()->toString()) { // Ensure that the WordPress installation is accessible at this host //if ( $ssl_host->isValid() ) { // If secure domain has changed and currently on SSL, logout user if ($this->getPlugin()->isSsl()) { $logout = true; } $_POST[$key] = $ssl_host->setPort('')->toString(); /*} else { $errors[] = '<strong>SSL Host</strong> - Invalid WordPress installation at ' . $ssl_host; $_POST[$key] = get_option($key); }*/ } else { $_POST[$key] = $this->getPlugin()->getHttpsUrl()->toString(); } } else { $_POST[$key] = get_option($key); } } else { if ($key == 'ssl_proxy') { // Reload if we're auto detecting the proxy and we're not in SSL if ($_POST[$key] == 'auto' && !$this->getPlugin()->isSsl()) { $reload = true; } } else { if ($key == 'ssl_admin') { if (force_ssl_admin() && $this->getPlugin()->getSetting('ssl_host_diff')) { $errors[] = '<strong>SSL Admin</strong> - FORCE_SSL_ADMIN should not be set to true in your wp-config.php while using a non-default SSL Host.'; // If forcing SSL Admin and currently not SSL, logout user } else { if ($_POST[$key] == 1 && !$this->getPlugin()->isSsl()) { $logout = true; } } } else { if ($key == 'ssl_host_subdomain') { // Checks to see if the SSL Host is a subdomain $is_subdomain = $this->getPlugin()->getHttpsUrl()->isSubdomain($this->getPlugin()->getHttpUrl()); if ($ssl_host->setScheme('http') != $this->getPlugin()->getHttpUrl() && $is_subdomain) { $_POST[$key] = 1; } else { $_POST[$key] = 0; } } } } } $this->getPlugin()->setSetting($key, $_POST[$key]); } } } if ($logout) { wp_logout(); } require_once $this->getPlugin()->getDirectory() . '/admin/templates/ajax_message.php'; }
<?php require_once realpath(dirname(__FILE__) . '/../../../../..') . '/wp-load.php'; // Disable errors error_reporting(0); // Set headers header("Status: 200"); header("HTTP/1.1 200 OK"); header('Content-Type: text/html'); header('Cache-Control: no-store, no-cache, must-revalidate'); header('Cache-Control: post-check=0, pre-check=0', FALSE); header('Pragma: no-cache'); header("Vary: Accept-Encoding"); if (!wp_verify_nonce($_POST['_nonce'], 'wordpress-https')) { exit; } $content = WordPressHTTPS_Url::fromString($_POST['url'])->getContent(); if ($content) { echo $content; }
/** * Factory object from a string that contains a URL * * Example of usage: * $site_url = WordPressHTTPS_Url::fromString( site_url() ); * * @param string $string * @return $url WordPressHTTPS_Url */ public static function fromString($string) { $url = new WordPressHTTPS_Url(); @preg_match_all('/((http|https):\\/\\/[^\'"]+)[\'"\\)]?/i', $string, $url_parts); if (isset($url_parts[1][0])) { if ($url_parts = parse_url($url_parts[1][0])) { $url->setScheme(@$url_parts['scheme']); $url->setUser(@$url_parts['user']); $url->setPass(@$url_parts['pass']); $url->setHost(@$url_parts['host']); $url->setPort(@$url_parts['port']); $url->setPath(@$url_parts['path']); $url->setQuery(@$url_parts['query']); $url->setFragment(@$url_parts['fragment']); return $url; } } else { return false; } return $url; }
/** * Save Settings * * @param array $settings * @return void */ public function save() { $errors = array(); $reload = false; $logout = false; if (@$_POST['Reset']) { foreach ($this->getPlugin()->getSettings() as $key => $default) { $this->getPlugin()->setSetting($key, $default); } $this->getPlugin()->install(); $reload = true; } else { foreach ($this->getPlugin()->getSettings() as $key => $default) { if (!array_key_exists($key, $_POST) && $default == 0) { $_POST[$key] = 0; $this->getPlugin()->setSetting($key, $_POST[$key]); } else { if (array_key_exists($key, $_POST)) { if ($key == 'ssl_host') { if ($_POST[$key] != '') { $_POST[$key] = strtolower($_POST[$key]); // Add Scheme if (strpos($_POST[$key], 'http://') === false && strpos($_POST[$key], 'https://') === false) { $_POST[$key] = 'https://' . $_POST[$key]; } $ssl_host = WordPressHTTPS_Url::fromString($_POST[$key]); // Add Port $port = isset($_POST['ssl_port']) && is_int($_POST['ssl_port']) ? $_POST['ssl_port'] : $ssl_host->getPort(); $port = $port != 80 && $port != 443 ? $port : null; $ssl_host->setPort($port); // Add Path if (strpos($ssl_host->getPath(), $this->getPlugin()->getHttpUrl()->getPath()) !== true) { $path = '/' . ltrim(str_replace(rtrim($this->getPlugin()->getHttpUrl()->getPath(), '/'), '', $ssl_host->getPath()), '/'); $ssl_host->setPath(rtrim($path, '/') . $this->getPlugin()->getHttpUrl()->getPath()); } $ssl_host->setPath(rtrim($ssl_host->getPath(), '/') . '/'); if ($ssl_host->toString() != $this->getPlugin()->getHttpsUrl()->toString()) { // Ensure that the WordPress installation is accessible at this host if ($ssl_host->isValid()) { // If secure domain has changed and currently on SSL, logout user if ($this->getPlugin()->isSsl()) { $logout = true; } $_POST[$key] = $ssl_host->setPort(''); } else { $errors[] = '<strong>SSL Host</strong> - Invalid WordPress installation at ' . $ssl_host; $_POST[$key] = get_option($key); } } else { $_POST[$key] = $this->getPlugin()->getHttpsUrl()->toString(); } } else { $_POST[$key] = get_option($key); } } else { if ($key == 'ssl_proxy') { // Reload if we're auto detecting the proxy and we're not in SSL if ($_POST[$key] == 'auto' && !$this->getPlugin()->isSsl()) { $reload = true; } } else { if ($key == 'ssl_admin') { if (force_ssl_admin() || force_ssl_login()) { $errors[] = '<strong>SSL Admin</strong> - FORCE_SSL_ADMIN and FORCE_SSL_LOGIN can not be set to true in your wp-config.php.'; $_POST[$key] = 0; // If forcing SSL Admin and currently not SSL, logout user } else { if ($_POST[$key] == 1 && !$this->getPlugin()->isSsl()) { $logout = true; } } } else { if ($key == 'ssl_host_subdomain') { // Checks to see if the SSL Host is a subdomain $http_domain = $this->getPlugin()->getHttpUrl()->getBaseHost(); $https_domain = $this->getPlugin()->getHttpsUrl()->getBaseHost(); if ($ssl_host->setScheme('http') != $this->getPlugin()->getHttpUrl() && $http_domain == $https_domain) { $_POST[$key] = 1; } else { $_POST[$key] = 0; } } } } } $this->getPlugin()->setSetting($key, $_POST[$key]); } } } } if ($logout) { wp_logout(); } if (array_key_exists('ajax', $_POST)) { error_reporting(0); while (@ob_end_clean()) { } if (sizeof($errors) > 0) { echo "<div class=\"error below-h2 fade wphttps-message\" id=\"message\">\n\t<ul>\n"; foreach ($errors as $error) { echo "\t\t<li><p>" . $error . "</p></li>\n"; } echo "\t</ul>\n</div>\n"; } else { echo "<div class=\"updated below-h2 fade wphttps-message\" id=\"message\"><p>Settings saved.</p></div>\n"; if ($logout || $reload) { echo "<script type=\"text/javascript\">window.location.reload();</script>"; } } exit; } }
/** * Replaces HTTPS Host with HTTP Host * * @param string $string * @return string $string */ public function makeUrlHttp($string) { if ((string) $string == '') { return false; } // If relative if (strpos($string, '/') === 0) { if ($this->getSetting('ssl_host_diff') && strpos($string, $this->getHttpsUrl()->getPath()) !== false) { $string = str_replace($this->getHttpsUrl()->getPath(), $this->getHttpUrl()->getPath(), $string); } } else { if ($url = WordPressHTTPS_Url::fromString($string)) { if ($this->isUrlLocal($url)) { if ($url->getScheme() == 'https') { $updated = clone $url; $updated->setScheme('http'); $updated->setHost($this->getHttpUrl()->getHost()); $updated->setPort($this->getHttpUrl()->getPort()); if ($this->getSetting('ssl_host_diff') && strpos($updated->getPath(), $this->getHttpsUrl()->getPath()) !== false) { $updated->setPath(str_replace($this->getHttpsUrl()->getPath(), $this->getHttpUrl()->getPath(), $updated->getPath())); } if (strpos($url, 'wp-admin') !== false && preg_match('/redirect_to=([^&]+)/i', $url, $redirect) && isset($redirect[1])) { $redirect_url = $redirect[1]; $url = str_replace($redirect_url, urlencode($this->makeUrlHttp(urldecode($redirect_url))), $url); } $string = str_replace($url, $updated, $string); } } else { $updated = apply_filters('http_external_url', str_replace('https://', 'http://', $url)); $string = str_replace($url, $updated, $string); } } } unset($updated); unset($url); return $string; }
/** * Blog Info * WordPress Filter - get_bloginfo, bloginfo * * @param string $result * @param string $show * @return string $result */ public function bloginfo($result = '', $show = '') { if ($show == 'stylesheet_url' || $show == 'template_url' || $show == 'wpurl' || $show == 'home' || $show == 'siteurl' || $show == 'Url') { if (WordPressHTTPS_Url::fromString(get_bloginfo('wpurl'))->getScheme() != 'https') { $result = $this->getPlugin()->makeUrlHttp($result); } } return $result; }
/** * Redirects page to HTTP or HTTPS accordingly * * @param string $scheme Either http or https * @return void */ public function redirect($scheme = 'https') { if (!$this->isSsl() && $scheme == 'https') { $url = clone $this->getHttpsUrl(); $url->setScheme($scheme); } else { if ($this->isSsl() && $scheme == 'http') { $url = clone $this->getHttpUrl(); $url->setScheme($scheme); } else { $url = false; } } if ($url) { $path = $_SERVER['REQUEST_URI']; if ($this->getHttpsUrl()->getPath() != '/') { $path = str_replace($this->getHttpsUrl()->getPath(), '', $path); } $path = ltrim($path, '/'); if ($scheme == 'https') { if ($this->getSetting('ssl_host_diff') && $this->getHttpUrl()->getPath() != '/') { $url->setPath(str_replace($this->getHttpUrl()->getPath(), $this->getHttpsUrl()->getPath(), $_SERVER['REQUEST_URI'])); } else { $url->setPath(rtrim($this->getHttpsUrl()->getPath(), '/') . '/' . $path); } } else { if ($scheme == 'http') { if ($this->getSetting('ssl_host_diff') && $this->getHttpsUrl()->getPath() != '/') { $url->setPath(str_replace($this->getHttpsUrl()->getPath(), $this->getHttpUrl()->getPath(), $_SERVER['REQUEST_URI'])); } else { $url->setPath(rtrim($this->getHttpUrl()->getPath(), '/') . '/' . $path); } } } // Redirect if (function_exists('wp_redirect')) { wp_redirect($url, 301); } else { // End all output buffering and redirect while (@ob_end_clean()) { } // If redirecting to an admin page if (strpos($url->getPath(), 'wp-admin') !== false || strpos($url->getPath(), 'wp-login') !== false) { $url = WordPressHTTPS_Url::fromString($this->redirectAdmin($url)); } header("Location: " . $url, true, 301); } exit; } }
/** * Redirects page to HTTP or HTTPS accordingly * * @param string $scheme Either http or https * @return void */ public function redirect($scheme = 'https') { if (!$this->isSsl() && $scheme == 'https') { $url = clone $this->getHttpsUrl(); $url->setScheme($scheme); } else { if ($this->isSsl() && $scheme == 'http') { $url = clone $this->getHttpUrl(); $url->setScheme($scheme); } else { $url = false; } } if ($url) { $path = isset($_SERVER['REDIRECT_URL']) ? $_SERVER['REDIRECT_URL'] : $_SERVER['REQUEST_URI']; if (strpos($_SERVER['REQUEST_URI'], '?') !== false && isset($_SERVER['REDIRECT_URL']) && strpos($_SERVER['REDIRECT_URL'], '?') === false) { $path .= substr($_SERVER['REQUEST_URI'], strpos($_SERVER['REQUEST_URI'], '?')); } if ($this->getHttpsUrl()->getPath() != '/') { $path = str_replace($this->getHttpsUrl()->getPath(), '', $path); } $path = ltrim($path, '/'); if ($scheme == 'https') { if ($this->getSetting('ssl_host_diff') && $this->getHttpUrl()->getPath() != '/') { $url->setPath(str_replace($this->getHttpUrl()->getPath(), $this->getHttpsUrl()->getPath(), $_SERVER['REQUEST_URI'])); } else { $url->setPath(rtrim($this->getHttpsUrl()->getPath(), '/') . '/' . $path); } } else { if ($scheme == 'http') { if ($this->getSetting('ssl_host_diff') && $this->getHttpsUrl()->getPath() != '/') { $url->setPath(str_replace($this->getHttpsUrl()->getPath(), $this->getHttpUrl()->getPath(), $_SERVER['REQUEST_URI'])); } else { $url->setPath(rtrim($this->getHttpUrl()->getPath(), '/') . '/' . $path); } } } // Use a cookie to detect redirect loops $redirect_count = isset($_COOKIE['redirect_count']) && is_numeric($_COOKIE['redirect_count']) ? (int) $_COOKIE['redirect_count'] + 1 : 1; setcookie('redirect_count', $redirect_count, 0, '/'); // If redirect count is greater than 2, prevent redirect and log the redirect loop if ($redirect_count > 2) { setcookie('redirect_count', null, -time(), '/'); $this->getLogger()->log('[ERROR] Redirect Loop!'); return; } // Redirect if (function_exists('wp_redirect')) { wp_redirect($url, 301); } else { // End all output buffering and redirect while (@ob_end_clean()) { } // If redirecting to an admin page if (strpos($url->getPath(), 'wp-admin') !== false || strpos($url->getPath(), 'wp-login') !== false) { $url = WordPressHTTPS_Url::fromString($this->redirectAdmin($url)); } header("Location: " . $url, true, 301); } exit; } }
/** * Fix links and forms * * @param none * @return void */ public function fixLinksAndForms() { // Update anchor and form tags to appropriate URL's preg_match_all('/\\<(a|form)[^>]+[\'"]((http|https):\\/\\/[^\'"]+)[\'"][^>]*>/im', $this->_html, $matches); for ($i = 0; $i < sizeof($matches[0]); $i++) { $html = $matches[0][$i]; $type = $matches[1][$i]; $url = $matches[2][$i]; $scheme = $matches[3][$i]; $updated = false; unset($force_ssl); $url_parts = parse_url($url); if ($this->getPlugin()->getHttpsUrl()->getPath() != '/') { if ($this->getPlugin()->getSetting('ssl_host_diff')) { $url_parts['path'] = str_replace($this->getPlugin()->getHttpsUrl()->getPath(), '', $url_parts['path']); } if ($this->getPlugin()->getHttpUrl()->getPath() != '/') { $url_parts['path'] = str_replace($this->getPlugin()->getHttpUrl()->getPath(), '', $url_parts['path']); } } if ($this->getPlugin()->isUrlLocal($url) && preg_match("/page_id=([\\d]+)/", parse_url($url, PHP_URL_QUERY), $postID)) { $post = $postID[1]; } else { if ($this->getPlugin()->isUrlLocal($url) && ($url_parts['path'] == '' || $url_parts['path'] == '/')) { if (get_option('show_on_front') == 'posts') { $post = true; } else { $post = get_option('page_on_front'); } if ($this->getPlugin()->getSetting('frontpage')) { $force_ssl = true; } else { if ($this->getPlugin()->getSetting('exclusive_https')) { $force_ssl = false; } } } else { if ($this->getPlugin()->isUrlLocal($url) && ($post = get_page_by_path($url_parts['path']))) { $post = $post->ID; //TODO When logged in to HTTP and visiting an HTTPS page, admin links will always be forced to HTTPS, even if the user is not logged in via HTTPS. I need to find a way to detect this. } else { if ((strpos($url_parts['path'], 'wp-admin') !== false || strpos($url_parts['path'], 'wp-login') !== false) && ($this->getPlugin()->isSsl() || $this->getPlugin()->getSetting('ssl_admin'))) { if (!is_multisite() || is_multisite() && strpos($url_parts['host'], $this->getPlugin()->getHttpsUrl()->getHost()) !== false) { $post = true; $force_ssl = true; } else { if (is_multisite()) { // get_blog_details returns an object with a property of blog_id if ($blog_details = get_blog_details(array('domain' => $url_parts['host']))) { // set $blog_id using $blog_details->blog_id $blog_id = $blog_details->blog_id; if ($this->getPlugin()->getSetting('ssl_admin', $blog_id) && $scheme != 'https' && (!$this->getPlugin()->getSetting('ssl_host_diff', $blog_id) || $this->getPlugin()->getSetting('ssl_host_diff', $blog_id) && is_user_logged_in())) { $this->_html = str_replace($url, str_replace('http', 'https', $url), $this->_html); } } } } } } } } if (isset($post)) { // Always change links to HTTPS when logged in via different SSL Host if ($type == 'a' && !$this->getPlugin()->getSetting('ssl_host_subdomain') && $this->getPlugin()->getSetting('ssl_host_diff') && $this->getPlugin()->getSetting('ssl_admin') && is_user_logged_in()) { $force_ssl = true; } else { if ((int) $post > 0) { $force_ssl = apply_filters('force_ssl', $force_ssl, $post); } } if ($force_ssl == true || WordPressHTTPS_Url::fromString(get_bloginfo('wpurl'))->getScheme() == 'https') { $updated = $this->getPlugin()->makeUrlHttps($url); $this->_html = str_replace($html, str_replace($url, $updated, $html), $this->_html); } else { if ($this->getPlugin()->getSetting('exclusive_https')) { $updated = $this->getPlugin()->makeUrlHttp($url); $this->_html = str_replace($html, str_replace($url, $updated, $html), $this->_html); } } } // Add log entry if this change hasn't been logged if ($updated && $url != $updated) { $log = '[FIXED] Element: <' . $type . '> - ' . $url . ' => ' . $updated; if (!in_array($log, $this->getPlugin()->getLogger()->getLog())) { $this->getPlugin()->getLogger()->log($log); } } } }