function as_siteurl_cookie($action) { global $cookie_value, $cookie_expire, $dir, $plugins_dir, $secure_url; // // continue only if action is 'set' and there is a cookie value, // or if action is 'clear' // $continue = false; if ($action === "set" && $cookie_value) { $continue = true; } elseif ($action === "clear") { $cookie_value = " "; $cookie_expire = 1; $continue = true; } // // redirect to cookie script - only ever called from wp-login.php // if ($continue) { $path = "/" . content_dir() . "{$plugins_dir}/{$dir}/admin-ssl-cookie.php"; $file = str_replace("/wp-login.php", "", $_SERVER["SCRIPT_FILENAME"]) . $path; as_log("as_siteurl_cookie()\nPath to admin-ssl-cookie.php: {$file}"); if (file_exists($file)) { // // build the URL to redirect to after setting the cookie // if (redirect_to() && redirect_to() !== "wp-admin/") { if (strpos(redirect_to(), "http") === 0) { $redirect = redirect_to(); } elseif (strpos(redirect_to(), "/") === 0) { $redirect = scheme($use_ssl) . host() . redirect_to(); } else { $redirect .= $secure_url . "/" . redirect_to(); } } else { $redirect = $secure_url . "/wp-login.php"; } // // build the URL to admin-ssl-cookie.php with the cookie data // $location = rtrim(get_option("siteurl"), "/"); $location .= "{$path}?name=" . AUTH_COOKIE . "&value={$cookie_value}"; $location .= "&expire={$cookie_expire}&path=" . COOKIEPATH . "&domain=" . COOKIE_DOMAIN; $location .= "&redirect=" . urlencode($redirect); as_log("as_siteurl_cookie()\nRedirecting to: {$location}"); as_redirect($location); } } }
function as_init() { global $use_ssl, $secure_url; // // check Admin SSL version and perform DB maintenance as required // $previous_version = as_option("get", "version"); if ($previous_version < 2.0) { // // remove old options from the database // as_option("delete", "use_shared"); as_option("delete", "shared_url"); // // reset use SSL when switching to the new version in case shared was being used before // as_option("update", "use_ssl", false); $use_ssl = false; } // // set the current version of the Admin SSL plugin so we know it's been migrated next time // as_option("update", "version", AS_VERSION); if ($use_ssl) { // // disable redirection if testing // $do_redirect = !defined("TEST"); // // check if any of the secure uris matches the current request uri // $match = false; foreach (as_secure_uris() as $uri) { if (strpos(req_uri(), $uri) !== false) { $match = true; } } // // get the HTTP hosts for secure and non-secure URLs // $tmp = parse_url($secure_url); $secure_host = $tmp["host"]; $tmp = parse_url(get_option("siteurl")); $siteurl_host = $tmp["host"]; $host_should_be = is_https() ? $secure_host : $siteurl_host; $host_match = host() === $host_should_be ? true : false; // // for redirection between Shared SSL URL and site URL we need the bit of the URL // AFTER either $secure_url or siteurl - as an example: // to redirect from http://your_blog.com/wp-admin/profile.php // to https://some_host.com/~username/wp-admin/profile.php // we need to get /wp-admin/profile.php from siteurl as the path to add to $secure_url // if (host() === $secure_host) { $url_info = parse_url($secure_url); } elseif (host() === $siteurl_host) { $url_info = parse_url(get_option("siteurl")); } else { as_log("as_init()\nThe host ('" . host() . "') is neither the " . "secure host ('{$secure_host}') or the siteurl host ('{$siteurl_host}') - " . "Redirecting to blog home page"); as_log("as_init()\nRedirecting to: " . get_option("siteurl")); if ($do_redirect) { as_redirect(get_option("siteurl")); } else { return get_option("siteurl"); } # return value for testing purposes } $url_path_len = strlen($url_info["path"]); $url_path = substr(req_uri(), $url_path_len); as_log("as_init()\nURL path: {$url_path}"); // // redirect as necessary - secure or de-secure page - ensure correct HTTP host is being used // if ($match) { as_log("as_init()\nMatched url"); // // parse the url we need to redirect to // $url = parse_url($use_ssl ? $secure_url : get_option("siteurl")); // // build and redirect to the correct URL // if (!is_https() && $use_ssl || is_https() && !$use_ssl || host() !== $url["host"]) { $location = scheme($use_ssl) . $url["host"] . rtrim($url["path"], "/") . $url_path; as_log("as_init()\nRedirecting to: {$location}"); if ($do_redirect) { as_redirect($location); } else { return $location; } # return value for testing purposes } elseif ($use_ssl && is_https() && redirect_to()) { $wp_admin = strpos(redirect_to(), "wp-admin"); if ($wp_admin !== 0) { $_REQUEST["redirect_to"] = substr(redirect_to(), $wp_admin); } } } elseif (is_https() || !$host_match) { as_log("as_init()\nDid not match url and either it's secure or the hosts don't match"); $location = get_option("siteurl") . $url_path; as_log("as_init()\nRedirecting to: {$location}"); if ($do_redirect) { as_redirect($location); } else { return $location; } # return value for testing purposes } // // start output buffering // if ($use_ssl && !defined("TEST")) { ob_start("as_ob_handler"); } } }
function as_conf() { global $use_ssl, $secure_url; global $additional_urls, $ignore_urls, $secure_users_only; global $config_page, $config_parent; global $https_key, $https_value; if (isset($_POST["submit"])) { // // make sure current user can set permissions, // and that the referer was a page from this site // if (!as_user_can("manage_options")) { exit("You don't have permission to change these options!"); } check_admin_referer(); // // get the posted configuration options // $use_ssl = "on" === _post("use_ssl") ? 1 : 0; $additional_urls = _post("additional_urls"); $ignore_urls = _post("ignore_urls"); $secure_users_only = "on" === _post("secure_users_only") ? 1 : 0; $redirect = true; # if different config parent page chosen, need to redirect later if ($config_parent === _post("config_parent")) { $redirect = false; } else { $config_parent = _post("config_parent"); } $https_key = _post("https_key"); $https_value = _post("https_value"); // // verify the selected options // // // $config_parent may only be one of two options // if ($config_parent !== "plugins.php" && $config_parent !== "options-general.php") { $message = "You submitted an invalid value ('{$config_parent}') for config parent."; } // // https key and value cannot be empty // if (trim($https_key) === "") { $https_key = "HTTPS"; } if (trim($https_value) === "") { $https_value = "on"; } // // if there has been an error, reset all the options // if (isset($message)) { $use_ssl = as_option("get", "ssl_use_ssl"); $additional_urls = as_option("get", "additional_urls"); $ignore_urls = as_option("get", "ignore_urls"); $secure_users_only = as_option("get", "secure_users_only"); $config_parent = as_option("get", "config_parent"); $https_key = as_option("get", "https_key"); $https_value = as_option("get", "https_value"); as_log("as_conf()\nError saving options: {$message}\nResetting options to previous values"); } else { as_log("as_conf()\nNew option values will be saved"); } // // update options in database // as_option("update", "use_ssl", $use_ssl); as_option("update", "additional_urls", $additional_urls); as_option("update", "ignore_urls", $ignore_urls); as_option("update", "secure_users_only", $secure_users_only); as_option("update", "config_parent", $config_parent); as_option("update", "https_key", $https_key); as_option("update", "https_value", $https_value); if (!isset($message)) { $message = "Options saved."; } // // if config parent has been changed, redirect // if ($redirect) { $location = $config_parent . "?page=admin-ssl-config"; as_log("as_conf():\nRedirecting to {$location}"); as_redirect($location); } } // // require configuration settings page // require_once $config_page; }