/wp-content/plugins/really-simple-ssl/class-admin.php
https://bitbucket.org/carloskikea/helpet · PHP · 2582 lines · 1602 code · 427 blank · 553 comment · 387 complexity · 6e7a5d1bfff3eb272f501b92aecef16c MD5 · raw file
Large files are truncated click here to view the full file
- <?php
- defined('ABSPATH') or die("you do not have access to this page!");
- class rsssl_admin extends rsssl_front_end {
- private static $_this;
- public $wpconfig_siteurl_not_fixed = FALSE;
- public $no_server_variable = FALSE;
- public $errors = Array();
- public $do_wpconfig_loadbalancer_fix = FALSE;
- public $site_has_ssl = FALSE;
- public $ssl_enabled = FALSE;
- //multisite variables
- public $sites = Array(); //for multisite, list of all activated sites.
- //general settings
- public $capability = 'activate_plugins';
- public $ssl_test_page_error;
- public $htaccess_test_success = FALSE;
- public $plugin_version = rsssl_version; //deprecated, but used in pro plugin until 1.0.25
- public $plugin_dir = "really-simple-ssl";
- public $plugin_filename = "rlrsssl-really-simple-ssl.php";
- public $ABSpath;
- public $do_not_edit_htaccess = FALSE;
- public $htaccess_redirect = FALSE;
- public $htaccess_warning_shown = FALSE;
- public $ssl_success_message_shown = FALSE;
- public $hsts = FALSE;
- public $debug = TRUE;
- public $debug_log;
- public $plugin_conflict = ARRAY();
- public $plugin_db_version;
- public $plugin_upgraded;
- public $mixed_content_fixer_status = "OK";
- public $ssl_type = "NA";
- private $pro_url = "https://www.really-simple-ssl.com/pro";
- function __construct() {
- if ( isset( self::$_this ) )
- wp_die( sprintf( __( '%s is a singleton class and you cannot create a second instance.','really-simple-ssl' ), get_class( $this ) ) );
- self::$_this = $this;
- $this->ABSpath = $this->getABSPATH();
- $this->get_options();
- $this->get_admin_options();
- $this->get_plugin_upgraded(); //call always, otherwise db version will not match anymore.
- register_deactivation_hook(dirname( __FILE__ )."/".$this->plugin_filename, array($this,'deactivate') );
- }
- static function this() {
- return self::$_this;
- }
- /**
- * Initializes the admin class
- *
- * @since 2.2
- *
- * @access public
- *
- */
- public function init() {
- if (!current_user_can($this->capability)) return;
- $is_on_settings_page = $this->is_settings_page();
- /*
- Detect configuration when:
- - SSL activation just confirmed.
- - on settings page
- - No SSL detected
- */
- //when configuration should run again
- if ($this->clicked_activate_ssl() || !$this->ssl_enabled || !$this->site_has_ssl || $is_on_settings_page || is_network_admin()) {
- if (is_multisite()) $this->build_domain_list();//has to come after clicked_activate_ssl, otherwise this domain won't get counted.
- $this->detect_configuration();
- //flush caches when just activated ssl
- //flush the permalinks
- if ($this->clicked_activate_ssl()) {
- if (isset($_POST["rsssl_flush_rewrite_rules"])) {
- add_action( 'shutdown', 'flush_rewrite_rules');
- }
- add_action('admin_init', array(RSSSL()->rsssl_cache,'flush'),40);
- }
- if (!$this->wpconfig_ok()) {
- //if we were to activate ssl, this could result in a redirect loop. So warn first.
- add_action("admin_notices", array($this, 'show_notice_wpconfig_needs_fixes'));
- if (is_multisite()) add_action('network_admin_notices', array($this, 'show_notice_wpconfig_needs_fixes'), 10);
- $this->ssl_enabled = false;
- $this->save_options();
- } elseif ($this->ssl_enabled) {
- add_action('init',array($this,'configure_ssl'),20);
- }
- }
- //when SSL is enabled, and not enabled by user, ask for activation.
- add_action("admin_notices", array($this, 'show_notice_activate_ssl'),10);
- add_action('plugins_loaded', array($this,'check_plugin_conflicts'),30);
- //add the settings page for the plugin
- add_action('admin_enqueue_scripts', array($this, 'enqueue_assets'));
- add_action('admin_init', array($this, 'load_translation'),20);
- add_action('rsssl_configuration_page', array($this, 'configuration_page_more'),10);
- //settings page, form and settings link in the plugins page
- add_action('admin_menu', array($this, 'add_settings_page'),40);
- add_action('admin_init', array($this, 'create_form'),40);
- $plugin = rsssl_plugin;
- add_filter("plugin_action_links_$plugin", array($this,'plugin_settings_link'));
- //check if the uninstallfile is safely renamed to php.
- $this->check_for_uninstall_file();
- //callbacks for the ajax dismiss buttons
- add_action('wp_ajax_dismiss_htaccess_warning', array($this,'dismiss_htaccess_warning_callback') );
- add_action('wp_ajax_dismiss_success_message', array($this,'dismiss_success_message_callback') );
- //handle notices
- add_action('admin_notices', array($this,'show_notices'));
- }
- //change deprecated function depending on version.
- public function get_sites_bw_compatible(){
- global $wp_version;
- $sites = ($wp_version >= 4.6 ) ? get_sites() : wp_get_sites();
- return $sites;
- }
- /*
- The new get_sites function returns an object.
- */
- public function switch_to_blog_bw_compatible($site){
- global $wp_version;
- if ($wp_version >= 4.6 ) {
- switch_to_blog( $site->blog_id );
- } else {
- switch_to_blog( $site[ 'blog_id' ] );
- }
- }
- /*
- checks if the user just clicked the "activate SSL" button.
- */
- private function clicked_activate_ssl() {
- if (!current_user_can($this->capability)) return;
- //if (!isset( $_POST['rsssl_nonce'] ) || !wp_verify_nonce( $_POST['rsssl_nonce'], 'rsssl_nonce' )) return false;
- if (isset($_POST['rsssl_do_activate_ssl'])) {
- $this->activate_ssl();
- return true;
- }
- return false;
- }
- /*
- Activate the SSL for this site
- */
- public function activate_ssl(){
- $this->ssl_enabled = true;
- $this->wp_redirect = true;
- $this->set_siteurl_to_ssl();
- $this->save_options();
- }
- public function deactivate_ssl(){
- $this->ssl_enabled = false;
- $this->wp_redirect = false;
- $this->htaccess_redirect = false;
- $this->remove_ssl_from_siteurl();
- $this->save_options();
- }
- public function wpconfig_ok(){
- if (($this->do_wpconfig_loadbalancer_fix || $this->no_server_variable || $this->wpconfig_siteurl_not_fixed) && !$this->wpconfig_is_writable() ) {
- $result = false;
- } else {
- $result = true;
- }
- return apply_filters('rsssl_wpconfig_ok_check', $result);
- }
- /*
- This message is shown when no SSL is not enabled by the user yet
- */
- public function show_notice_activate_ssl(){
- if ($this->ssl_enabled) return;
- if (defined("RSSSL_DISMISS_ACTIVATE_SSL_NOTICE") && RSSSL_DISMISS_ACTIVATE_SSL_NOTICE) return;
- //for multisite, show only activate when a choice has been made to activate networkwide or per site.
- if (is_multisite() && !RSSSL()->rsssl_multisite->selected_networkwide_or_per_site) return;
- //on multistie, only show this message on the network admin. Per site activated sites have to go to the settings page.
- //otherwise sites that do not need SSL possibly get to see this message.
- if (is_multisite() && !is_network_admin()) return;
- if (!$this->wpconfig_ok()) return;
- if (!current_user_can($this->capability)) return;
- if (!$this->site_has_ssl) {
- global $wp;
- $current_url = "https://".$_SERVER["HTTP_HOST"].$_SERVER["REQUEST_URI"];
- ?>
- <div id="message" class="error fade notice activate-ssl">
- <p><?php _e("No SSL was detected. If you do have an SSL certificate, try to reload this page over https by clicking this link:","really-simple-ssl");?> <a href="<?php echo $current_url?>"><?php _e("reload over https.","really-simple-ssl");?></a>
- <?php _e("You can check your certificate on","really-simple-ssl");?> <a target="_blank" href="https://www.ssllabs.com/ssltest/">Qualys SSL Labs</a>
- </p>
- </div>
- <?php } ?>
- <div id="message" class="updated fade notice activate-ssl">
- <?php if ($this->site_has_ssl) { ?>
- <h1><?php _e("Almost ready to migrate to SSL!","really-simple-ssl");?></h1>
- <?php } ?>
- <?php _e("Some things can't be done automatically. Before you migrate, please check for: ",'really-simple-ssl');?>
- <p>
- <ul>
- <li><?php _e('Http references in your .css and .js files: change any http:// into //','really-simple-ssl');?></li>
- <li><?php _e('Images, stylesheets or scripts from a domain without an SSL certificate: remove them or move to your own server.','really-simple-ssl');?></li><?php
- $backup_link = "https://really-simple-ssl.com/knowledge-base/backing-up-your-site/";
- $link_open = '<a target="_blank" href="'.$backup_link.'">';
- $link_close = '</a>';
- ?> <li> <?php printf(__("It is recommended to take a %sbackup%s of your site before activating SSL", 'really-simple-ssl'), $link_open, $link_close); ?> </li>
- </ul>
- </p>
- <?php $this->show_pro(); ?>
- <?php RSSSL()->really_simple_ssl->show_enable_ssl_button();?>
- </div>
- <?php }
- /**
- * @since 2.3
- * Returns button to enable SSL.
- */
- public function show_enable_ssl_button(){
- if ($this->site_has_ssl || (defined('rsssl_force_activate') && rsssl_force_activate)) {
- ?>
- <p>
- <form action="" method="post">
- <?php wp_nonce_field( 'rsssl_nonce', 'rsssl_nonce' );?>
- <div>
- <input type="checkbox" name="rsssl_flush_rewrite_rules" checked><label><?php _e("Flush rewrite rules on activation (deselect when you encounter errors)","really-simple-ssl")?></label>
- </div>
- <input type="submit" class='button button-primary' value="<?php _e("Go ahead, activate SSL!","really-simple-ssl");?>" id="rsssl_do_activate_ssl" name="rsssl_do_activate_ssl">
- <br><?php _e("You may need to login in again.", "really-simple-ssl")?>
- </form>
- </p>
- <?php
- }
- }
- /**
- * @since 2.3
- * Shows option to buy pro
- */
- public function show_pro(){
- if ( !defined("rsssl_pro_version") ) {
- ?>
- <p><?php _e('You can also let the automatic scan of the pro version handle this for you, and get premium support, increased security with HSTS and more!','really-simple-ssl');?> <a target="_blank" href="<?php echo $this->pro_url;?>"><?php _e("Check out Really Simple SSL Premium","really-simple-ssl");?></a></p>
- <?php
- }
- }
- public function wpconfig_is_writable() {
- $wpconfig_path = $this->find_wp_config_path();
- if (is_writable($wpconfig_path))
- return true;
- else
- return false;
- }
- /*
- * Check if the uninstall file is renamed to .php
- */
- protected function check_for_uninstall_file() {
- if (file_exists(dirname( __FILE__ ) . '/force-deactivate.php')) {
- $this->errors["DEACTIVATE_FILE_NOT_RENAMED"] = true;
- }
- }
- /**
- * Get the options for this plugin
- *
- * @since 2.0
- *
- * @access public
- *
- */
- public function get_admin_options(){
- $options = get_option('rlrsssl_options');
- if (isset($options)) {
- $this->site_has_ssl = isset($options['site_has_ssl']) ? $options['site_has_ssl'] : FALSE;
- $this->hsts = isset($options['hsts']) ? $options['hsts'] : FALSE;
- $this->htaccess_warning_shown = isset($options['htaccess_warning_shown']) ? $options['htaccess_warning_shown'] : FALSE;
- $this->ssl_success_message_shown = isset($options['ssl_success_message_shown']) ? $options['ssl_success_message_shown'] : FALSE;
- $this->plugin_db_version = isset($options['plugin_db_version']) ? $options['plugin_db_version'] : "1.0";
- $this->debug = isset($options['debug']) ? $options['debug'] : FALSE;
- $this->do_not_edit_htaccess = isset($options['do_not_edit_htaccess']) ? $options['do_not_edit_htaccess'] : FALSE;
- $this->htaccess_redirect = isset($options['htaccess_redirect']) ? $options['htaccess_redirect'] : FALSE;
- $this->switch_mixed_content_fixer_hook = isset($options['switch_mixed_content_fixer_hook']) ? $options['switch_mixed_content_fixer_hook'] : FALSE;
- $this->debug_log = isset($options['debug_log']) ? $options['debug_log'] : $this->debug_log;
- }
- if (is_multisite()) {
- $network_options = get_site_option('rlrsssl_network_options');
- $network_htaccess_redirect = isset($network_options["htaccess_redirect"]) ? $network_options["htaccess_redirect"] : false;
- $network_do_not_edit_htaccess = isset($network_options["do_not_edit_htaccess"]) ? $network_options["do_not_edit_htaccess"] : false;
- /*
- If multiste, and networkwide, only the networkwide setting counts.
- if multisite, and per site, only the networkwide setting counts if it is true.
- */
- $ssl_enabled_networkwide = isset($network_options["ssl_enabled_networkwide"]) ? $network_options["ssl_enabled_networkwide"] : false;
- if ($ssl_enabled_networkwide) {
- $this->htaccess_redirect = $network_htaccess_redirect;
- $this->do_not_edit_htaccess = $network_do_not_edit_htaccess;
- } else {
- if ($network_do_not_edit_htaccess) $this->do_not_edit_htaccess = $network_do_not_edit_htaccess;
- if ($network_htaccess_redirect) $this->htaccess_redirect = $network_htaccess_redirect;
- }
- }
- //if the define is true, it overrides the db setting.
- if (defined( 'RLRSSSL_DO_NOT_EDIT_HTACCESS')) {
- $this->do_not_edit_htaccess = RLRSSSL_DO_NOT_EDIT_HTACCESS;
- }
- }
- /**
- * Creates an array of all domains where the plugin is active AND SSL is active, only used for multisite.
- *
- * @since 2.1
- *
- * @access public
- *
- */
- public function build_domain_list() {
- if (!is_multisite()) return;
- //create list of all activated sites with SSL
- $this->sites = array();
- $sites = $this->get_sites_bw_compatible();
- if ($this->debug) $this->trace_log("building domain list for multisite...");
- foreach ( $sites as $site ) {
- $this->switch_to_blog_bw_compatible($site);
- $options = get_option('rlrsssl_options');
- $ssl_enabled = FALSE;
- if (isset($options)) {
- $site_has_ssl = isset($options['site_has_ssl']) ? $options['site_has_ssl'] : FALSE;
- $ssl_enabled = isset($options['ssl_enabled']) ? $options['ssl_enabled'] : $site_has_ssl;
- }
- if (is_plugin_active(rsssl_plugin) && $ssl_enabled) {
- if ($this->debug) $this->trace_log("adding: ".home_url());
- $this->sites[] = home_url();
- }
- restore_current_blog(); //switches back to previous blog, not current, so we have to do it each loop
- }
- $this->save_options();
- }
- /**
- * check if the plugin was upgraded to a new version
- *
- * @since 2.1
- *
- * @access public
- *
- */
- public function get_plugin_upgraded() {
- if ($this->plugin_db_version!= rsssl_version) {
- $this->plugin_db_version = rsssl_version;
- $this->plugin_upgraded = true;
- $this->save_options();
- }
- $this->plugin_upgraded = false;
- }
- /**
- * Log events during plugin execution
- *
- * @since 2.1
- *
- * @access public
- *
- */
- public function trace_log($msg) {
- if (!$this->debug) return;
- $this->debug_log = $this->debug_log."<br>".$msg;
- $this->debug_log = strstr($this->debug_log,'** Detecting configuration **');
- error_log($msg);
- }
- /**
- * Configures the site for SSL
- *
- * @since 2.2
- *
- * @access public
- *
- */
- public function configure_ssl() {
- if (!current_user_can($this->capability)) return;
- $safe_mode = FALSE;
- if (defined('RSSSL_SAFE_MODE') && RSSSL_SAFE_MODE) $safe_mode = RSSSL_SAFE_MODE;
- if (!current_user_can($this->capability)) return;
- $this->trace_log("** Configuring SSL **");
- if ($this->site_has_ssl) {
- //when one of the used server variables was found, test if the redirect works
- if (RSSSL()->rsssl_server->uses_htaccess() && $this->ssl_type != "NA")
- $this->test_htaccess_redirect();
- //in a configuration reverse proxy without a set server variable https, add code to wpconfig
- if ($this->do_wpconfig_loadbalancer_fix){
- $this->wpconfig_loadbalancer_fix();
- }
- if ($this->no_server_variable)
- $this->wpconfig_server_variable_fix();
- if (!$safe_mode) {
- $this->editHtaccess();
- }
- if (!$safe_mode && $this->clicked_activate_ssl()) {
- $this->wp_redirect = TRUE;
- $this->save_options();
- }
- if (!$safe_mode && $this->wpconfig_siteurl_not_fixed)
- $this->fix_siteurl_defines_in_wpconfig();
- if (!$safe_mode) {
- $this->set_siteurl_to_ssl();
- }
- }
- }
- /**
- * Check to see if we are on the settings page, action hook independent
- *
- * @since 2.1
- *
- * @access public
- *
- */
- public function is_settings_page() {
- if (!isset($_SERVER['QUERY_STRING'])) return false;
- parse_str($_SERVER['QUERY_STRING'], $params);
- if (array_key_exists("page", $params) && ($params["page"]=="rlrsssl_really_simple_ssl")) {
- return true;
- }
- return false;
- }
- /**
- * Find the path to wp-config
- *
- * @since 2.1
- *
- * @access public
- *
- */
- public function find_wp_config_path() {
- //limit nr of iterations to 20
- $i=0;
- $maxiterations = 20;
- $dir = dirname(__FILE__);
- do {
- $i++;
- if( file_exists($dir."/wp-config.php") ) {
- return $dir."/wp-config.php";
- }
- } while( ($dir = realpath("$dir/..")) && ($i<$maxiterations) );
- return null;
- }
- /**
- * remove https from defined siteurl and homeurl in the wpconfig, if present
- *
- * @since 2.1
- *
- * @access public
- *
- */
- public function remove_ssl_from_siteurl_in_wpconfig() {
- if (!current_user_can($this->capability)) return;
- $wpconfig_path = $this->find_wp_config_path();
- if (!empty($wpconfig_path)) {
- $wpconfig = file_get_contents($wpconfig_path);
- $homeurl_pos = strpos($wpconfig, "define('WP_HOME','https://");
- $siteurl_pos = strpos($wpconfig, "define('WP_SITEURL','https://");
- if (($homeurl_pos !== false) || ($siteurl_pos !== false)) {
- if (is_writable($wpconfig_path)) {
- $search_array = array("define('WP_HOME','https://","define('WP_SITEURL','https://");
- $ssl_array = array("define('WP_HOME','http://","define('WP_SITEURL','http://");
- //now replace these urls
- $wpconfig = str_replace ($search_array , $ssl_array , $wpconfig);
- file_put_contents($wpconfig_path, $wpconfig);
- } else {
- $this->errors['wpconfig not writable'] = TRUE;
- }
- }
- }
- }
- /**
- *
- * Checks if the wp config contains any defined siteurl and homeurl
- *
- *
- */
- private function check_for_siteurl_in_wpconfig(){
- $wpconfig_path = $this->find_wp_config_path();
- if (empty($wpconfig_path)) return;
- $wpconfig = file_get_contents($wpconfig_path);
- $homeurl_pattern = '/(define\(\s*\'WP_HOME\'\s*,\s*\'http\:\/\/)/';
- $siteurl_pattern = '/(define\(\s*\'WP_SITEURL\'\s*,\s*\'http\:\/\/)/';
- $this->wpconfig_siteurl_not_fixed = FALSE;
- if (preg_match($homeurl_pattern, $wpconfig) || preg_match($siteurl_pattern, $wpconfig) ) {
- $this->wpconfig_siteurl_not_fixed = TRUE;
- $this->trace_log("siteurl or home url defines found in wpconfig");
- }
- }
- /**
- * Runs only when siteurl or homeurl define was found in the wpconfig, with the check_for_siteurl_in_wpconfig function
- * and only when wpconfig is writable.
- *
- * @since 2.1
- *
- * @access public
- *
- */
- private function fix_siteurl_defines_in_wpconfig() {
- $wpconfig_path = $this->find_wp_config_path();
- if (empty($wpconfig_path)) return;
- $wpconfig = file_get_contents($wpconfig_path);
- $homeurl_pattern = '/(define\(\s*\'WP_HOME\'\s*,\s*\'http\:\/\/)/';
- $siteurl_pattern = '/(define\(\s*\'WP_SITEURL\'\s*,\s*\'http\:\/\/)/';
- if (preg_match($homeurl_pattern, $wpconfig) || preg_match($siteurl_pattern, $wpconfig) ) {
- if (is_writable($wpconfig_path)) {
- $this->trace_log("wp config siteurl/homeurl edited.");
- $wpconfig = preg_replace($homeurl_pattern, "define('WP_HOME','https://", $wpconfig);
- $wpconfig = preg_replace($siteurl_pattern, "define('WP_SITEURL','https://", $wpconfig);
- file_put_contents($wpconfig_path, $wpconfig);
- }
- else {
- if ($this->debug) {$this->trace_log("not able to fix wpconfig siteurl/homeurl.");}
- //only when siteurl or homeurl is defined in wpconfig, and wpconfig is not writable is there a possible issue because we cannot edit the defined urls.
- $this->wpconfig_siteurl_not_fixed = TRUE;
- }
- } else {
- if ($this->debug) {$this->trace_log("no siteurl/homeurl defines in wpconfig");}
- }
- }
- /**
- * Check if the wpconfig is already fixed
- *
- * @since 2.2
- *
- * @access public
- *
- */
- public function wpconfig_has_fixes() {
- $wpconfig_path = $this->find_wp_config_path();
- if (empty($wpconfig_path)) return false;
- $wpconfig = file_get_contents($wpconfig_path);
- //only one of two fixes possible.
- if (strpos($wpconfig, "//Begin Really Simple SSL Load balancing fix")!==FALSE ) {
- return true;
- }
- if (strpos($wpconfig, "//Begin Really Simple SSL Server variable fix")!==FALSE ) {
- return true;
- }
- return false;
- }
- /**
- * In case of load balancer without server https on, add fix in wp-config
- *
- * @since 2.1
- *
- * @access public
- *
- */
- public function wpconfig_loadbalancer_fix() {
- if (!current_user_can($this->capability)) return;
- $wpconfig_path = $this->find_wp_config_path();
- if (empty($wpconfig_path)) return;
- $wpconfig = file_get_contents($wpconfig_path);
- $this->wpconfig_loadbalancer_fix_failed = FALSE;
- //only if loadbalancer AND NOT SERVER-HTTPS-ON should the following be added. (is_ssl = false)
- if (strpos($wpconfig, "//Begin Really Simple SSL Load balancing fix")===FALSE ) {
- if (is_writable($wpconfig_path)) {
- $rule = "\n"."//Begin Really Simple SSL Load balancing fix"."\n";
- $rule .= '$server_opts = array("HTTP_CLOUDFRONT_FORWARDED_PROTO" => "https", "HTTP_CF_VISITOR"=>"https", "HTTP_X_FORWARDED_PROTO"=>"https", "HTTP_X_FORWARDED_SSL"=>"on", "HTTP_X_FORWARDED_SSL"=>"1");'."\n";
- $rule .= 'foreach( $server_opts as $option => $value ) {'."\n";
- $rule .= 'if ( (isset($_ENV["HTTPS"]) && ( "on" == $_ENV["HTTPS"] )) || (isset( $_SERVER[ $option ] ) && ( strpos( $_SERVER[ $option ], $value ) !== false )) ) {'."\n";
- $rule .= '$_SERVER[ "HTTPS" ] = "on";'."\n";
- $rule .= 'break;'."\n";
- $rule .= '}'."\n";
- $rule .= '}'."\n";
- $rule .= "//END Really Simple SSL"."\n";
- $insert_after = "<?php";
- $pos = strpos($wpconfig, $insert_after);
- if ($pos !== false) {
- $wpconfig = substr_replace($wpconfig,$rule,$pos+1+strlen($insert_after),0);
- }
- file_put_contents($wpconfig_path, $wpconfig);
- if ($this->debug) {$this->trace_log("wp config loadbalancer fix inserted");}
- } else {
- if ($this->debug) {$this->trace_log("wp config loadbalancer fix FAILED");}
- $this->wpconfig_loadbalancer_fix_failed = TRUE;
- }
- } else {
- if ($this->debug) {$this->trace_log("wp config loadbalancer fix already in place, great!");}
- }
- $this->save_options();
- }
- /**
- * Getting WordPress to recognize setup as being SSL when no https server variable is available
- *
- * @since 2.1
- *
- * @access public
- *
- */
- public function wpconfig_server_variable_fix() {
- if (!current_user_can($this->capability)) return;
- $wpconfig_path = $this->find_wp_config_path();
- if (empty($wpconfig_path)) return;
- $wpconfig = file_get_contents($wpconfig_path);
- //check permissions
- if (!is_writable($wpconfig_path)) {
- if ($this->debug) $this->trace_log("wp-config.php not writable");
- return;
- }
- //when more than one blog, first remove what we have
- if (is_multisite() && !RSSSL()->rsssl_multisite->is_multisite_subfolder_install() && !RSSSL()->rsssl_multisite->ssl_enabled_networkwide && count($this->sites)>1) {
- $wpconfig = preg_replace("/\/\/Begin\s?Really\s?Simple\s?SSL.*?\/\/END\s?Really\s?Simple\s?SSL/s", "", $wpconfig);
- $wpconfig = preg_replace("/\n+/","\n", $wpconfig);
- file_put_contents($wpconfig_path, $wpconfig);
- }
- //now create new
- //check if the fix is already there
- if (strpos($wpconfig, "//Begin Really Simple SSL Server variable fix")!==FALSE ) {
- if ($this->debug) {$this->trace_log("wp config server variable fix already in place, great!");}
- return;
- }
- if ($this->debug) {$this->trace_log("Adding server variable to wpconfig");}
- $rule = $this->get_server_variable_fix_code();
- $insert_after = "<?php";
- $pos = strpos($wpconfig, $insert_after);
- if ($pos !== false) {
- $wpconfig = substr_replace($wpconfig,$rule,$pos+1+strlen($insert_after),0);
- }
- file_put_contents($wpconfig_path, $wpconfig);
- if ($this->debug) $this->trace_log("wp config server variable fix inserted");
- $this->save_options();
- }
- protected function get_server_variable_fix_code(){
- if (is_multisite() && !RSSSL()->rsssl_multisite->ssl_enabled_networkwide && RSSSL()->rsssl_multisite->is_multisite_subfolder_install()) {
- if ($this->debug) $this->trace_log("per site activation on subfolder install, wp config server variable fix skipped");
- return "";
- }
- if (is_multisite() && !RSSSL()->rsssl_multisite->ssl_enabled_networkwide && count($this->sites)==0) {
- if ($this->debug) $this->trace_log("no sites left with SSL, wp config server variable fix skipped");
- return "";
- }
- if (is_multisite() && !RSSSL()->rsssl_multisite->ssl_enabled_networkwide) {
- $rule = "\n"."//Begin Really Simple SSL Server variable fix"."\n";
- foreach ($this->sites as $domain ) {
- //remove http or https.
- if ($this->debug) {$this->trace_log("getting server variable rule for:".$domain);}
- $domain = preg_replace("/(http:\/\/|https:\/\/)/","",$domain);
- //we excluded subfolders, so treat as domain
- //check only for domain without www, as the www variant is found as well with the no www search.
- $domain_no_www = str_replace ( "www." , "" , $domain);
- $rule .= 'if ( strpos($_SERVER["HTTP_HOST"], "'.$domain_no_www.'")!==FALSE ) {'."\n";
- $rule .= ' $_SERVER["HTTPS"] = "on";'."\n";
- $rule .= '}'."\n";
- }
- $rule .= "//END Really Simple SSL"."\n";
- } else {
- $rule = "\n"."//Begin Really Simple SSL Server variable fix"."\n";
- $rule .= '$_SERVER["HTTPS"] = "on";'."\n";
- $rule .= "//END Really Simple SSL"."\n";
- }
- return $rule;
- }
- /**
- * Removing changes made to the wpconfig
- *
- * @since 2.1
- *
- * @access public
- *
- */
- public function remove_wpconfig_edit() {
- $wpconfig_path = $this->find_wp_config_path();
- if (empty($wpconfig_path)) return;
- $wpconfig = file_get_contents($wpconfig_path);
- //check for permissions
- if (!is_writable($wpconfig_path)) {
- if ($this->debug) $this->trace_log("could not remove wpconfig edits, wp-config.php not writable");
- $this->errors['wpconfig not writable'] = TRUE;
- return;
- }
- //remove edits
- $wpconfig = preg_replace("/\/\/Begin\s?Really\s?Simple\s?SSL.*?\/\/END\s?Really\s?Simple\s?SSL/s", "", $wpconfig);
- $wpconfig = preg_replace("/\n+/","\n", $wpconfig);
- file_put_contents($wpconfig_path, $wpconfig);
- //in multisite environment, with per site activation, re-add
- if (is_multisite() && ! RSSSL()->rsssl_multisite->ssl_enabled_networkwide) {
- if ($this->do_wpconfig_loadbalancer_fix)
- $this->wpconfig_loadbalancer_fix();
- if ($this->no_server_variable)
- $this->wpconfig_server_variable_fix();
- }
- }
- /**
- * Changes the siteurl and homeurl to https
- *
- * @since 2.0
- *
- * @access public
- *
- */
- public function set_siteurl_to_ssl() {
- if (!current_user_can($this->capability)) return;
- $this->trace_log("converting siteurl and homeurl to https");
- $siteurl_ssl = str_replace ( "http://" , "https://" , get_option('siteurl'));
- $homeurl_ssl = str_replace ( "http://" , "https://" , get_option('home'));
- update_option('siteurl',$siteurl_ssl);
- update_option('home',$homeurl_ssl);
- }
- /**
- * On de-activation, siteurl and homeurl are reset to http
- *
- * @since 2.0
- *
- * @access public
- *
- */
- public function remove_ssl_from_siteurl() {
- $siteurl_no_ssl = str_replace ( "https://" , "http://" , get_option('siteurl'));
- $homeurl_no_ssl = str_replace ( "https://" , "http://" , get_option('home'));
- update_option('siteurl',$siteurl_no_ssl);
- update_option('home',$homeurl_no_ssl);
- }
- /**
- * Save the plugin options
- *
- * @since 2.0
- *
- * @access public
- *
- */
- public function save_options() {
- if (!current_user_can($this->capability)) return;
- //any options added here should also be added to function options_validate()
- $options = array(
- 'site_has_ssl' => $this->site_has_ssl,
- 'hsts' => $this->hsts,
- 'htaccess_warning_shown' => $this->htaccess_warning_shown,
- 'ssl_success_message_shown' => $this->ssl_success_message_shown,
- 'autoreplace_insecure_links' => $this->autoreplace_insecure_links,
- 'plugin_db_version' => $this->plugin_db_version,
- 'debug' => $this->debug,
- 'do_not_edit_htaccess' => $this->do_not_edit_htaccess,
- 'htaccess_redirect' => $this->htaccess_redirect,
- 'ssl_enabled' => $this->ssl_enabled,
- 'javascript_redirect' => $this->javascript_redirect,
- 'wp_redirect' => $this->wp_redirect,
- 'switch_mixed_content_fixer_hook' => $this->switch_mixed_content_fixer_hook,
- );
- update_option('rlrsssl_options',$options);
- }
- /**
- * Load the translation files
- *
- * @since 1.0
- *
- * @access public
- *
- */
- public function load_translation()
- {
- load_plugin_textdomain('really-simple-ssl', FALSE, dirname(plugin_basename(__FILE__)).'/languages/');
- }
- /**
- * Handles deactivation of this plugin
- *
- * @since 2.0
- *
- * @access public
- *
- */
- public function deactivate($networkwide) {
- $this->remove_ssl_from_siteurl();
- $this->remove_ssl_from_siteurl_in_wpconfig();
- $this->site_has_ssl = FALSE;
- $this->hsts = FALSE;
- $this->htaccess_warning_shown = FALSE;
- $this->ssl_success_message_shown = FALSE;
- $this->autoreplace_insecure_links = TRUE;
- $this->do_not_edit_htaccess = FALSE;
- $this->htaccess_redirect = FALSE;
- $this->javascript_redirect = FALSE;
- $this->wp_redirect = FALSE;
- $this->ssl_enabled = FALSE;
- $this->switch_mixed_content_fixer_hook = FALSE;
- $this->save_options();
- //when on multisite, per site activation, recreate domain list for htaccess and wpconfig rewrite actions
- if (is_multisite()) {
- RSSSL()->rsssl_multisite->deactivate();
- if (!RSSSL()->rsssl_multisite->ssl_enabled_networkwide) $this->build_domain_list();
- }
- $this->remove_wpconfig_edit();
- $this->removeHtaccessEdit();
- }
- /**
- * Checks if we are currently on SSL protocol, but extends standard wp with loadbalancer check.
- *
- * @since 2.0
- *
- * @access public
- *
- */
- public function is_ssl_extended(){
- $server_var = FALSE;
- $server_opts = array(
- 'HTTP_X_FORWARDED_PROTO'=>'https',
- 'HTTP_CLOUDFRONT_FORWARDED_PROTO' => 'https',
- 'HTTP_CF_VISITOR'=>'https',
- 'HTTP_X_FORWARDED_SSL'=>'on',
- 'HTTP_X_FORWARDED_SSL'=>'1'
- );
- foreach( $server_opts as $option => $value ) {
- if ( (isset($_ENV['HTTPS']) && ( 'on' == $_ENV['HTTPS'] ))
- || (isset( $_SERVER[ $option ] ) && ( strpos( $_SERVER[ $option ], $value ) !== false ) )) {
- $server_var = TRUE;
- break;
- }
- }
- if (is_ssl() || $server_var){
- return true;
- } else {
- return false;
- }
- }
- /**
- * Checks for SSL by opening a test page in the plugin directory
- *
- * @since 2.0
- *
- * @access public
- *
- */
- public function detect_configuration() {
- $this->trace_log("** Detecting configuration **");
- $this->trace_log("plugin version: ".rsssl_version);
- $old_ssl_setting = $this->site_has_ssl;
- $filecontents = "";
- //if current page is on SSL, we can assume SSL is available, even when an errormsg was returned
- if($this->is_ssl_extended()){
- $this->trace_log("Already on SSL, start detecting configuration");
- $this->site_has_ssl = TRUE;
- } else {
- //we're not on SSL, or no server vars were returned, so test with the test-page.
- //plugin url: domain.com/wp-content/etc
- $testpage_url = trailingslashit($this->test_url())."ssl-test-page.php";
- $this->trace_log("Opening testpage to check for SSL: ".$testpage_url);
- $response = wp_remote_get( $testpage_url );
- if( is_array($response) ) {
- $status = wp_remote_retrieve_response_code( $response );
- $filecontents = wp_remote_retrieve_body($response);
- }
- $this->trace_log("test page url, enter in browser to check manually: ".$testpage_url);
- if(!is_wp_error( $response ) && (strpos($filecontents, "#SSL TEST PAGE#") !== false)) {
- $this->site_has_ssl = TRUE;
- $this->trace_log("SSL test page loaded successfully");
- } else {
- $this->site_has_ssl = FALSE;
- $error = "";
- if (is_wp_error( $response ) ) $error = $response->get_error_message();
- $this->trace_log("No SSL detected. No certificate, or the testpage is blocked by security settings. The SSL testpage returned the error: ".$error);
- }
- }
- if ($this->site_has_ssl) {
- //check the type of SSL, either by parsing the returned string, or by reading the server vars.
- if ((strpos($filecontents, "#CLOUDFRONT#") !== false) || (isset($_SERVER['HTTP_CLOUDFRONT_FORWARDED_PROTO']) && ($_SERVER['HTTP_CLOUDFRONT_FORWARDED_PROTO'] == 'https'))) {
- $this->ssl_type = "CLOUDFRONT";
- } elseif ((strpos($filecontents, "#CLOUDFLARE#") !== false) || (isset($_SERVER['HTTP_CF_VISITOR']) && ($_SERVER['HTTP_CF_VISITOR'] == 'https'))) {
- $this->ssl_type = "CLOUDFLARE";
- } elseif ((strpos($filecontents, "#LOADBALANCER#") !== false) || (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https'))) {
- $this->ssl_type = "LOADBALANCER";
- } elseif ((strpos($filecontents, "#CDN#") !== false) || (isset($_SERVER['HTTP_X_FORWARDED_SSL']) && ($_SERVER['HTTP_X_FORWARDED_SSL'] == 'on' || $_SERVER['HTTP_X_FORWARDED_SSL'] == '1'))) {
- $this->ssl_type = "CDN";
- } elseif ((strpos($filecontents, "#SERVER-HTTPS-ON#") !== false) || (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on')) {
- $this->ssl_type = "SERVER-HTTPS-ON";
- } elseif ((strpos($filecontents, "#SERVER-HTTPS-1#") !== false) || (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == '1')) {
- $this->ssl_type = "SERVER-HTTPS-1";
- } elseif ((strpos($filecontents, "#SERVERPORT443#") !== false) || (isset($_SERVER['SERVER_PORT']) && ( '443' == $_SERVER['SERVER_PORT'] ))) {
- $this->ssl_type = "SERVERPORT443";
- } elseif ((strpos($filecontents, "#ENVHTTPS#") !== false) || (isset($_ENV['HTTPS']) && ( 'on' == $_ENV['HTTPS'] ))) {
- $this->ssl_type = "ENVHTTPS";
- } elseif ((strpos($filecontents, "#NO KNOWN SSL CONFIGURATION DETECTED#") !== false)) {
- //if we are here, SSL was detected, but without any known server variables set.
- //So we can use this info to set a server variable ourselfes.
- if (!$this->wpconfig_has_fixes()) {
- $this->no_server_variable = TRUE;
- }
- $this->trace_log("No server variable detected ");
- $this->ssl_type = "NA";
- } else {
- //no valid response, so set to NA
- $this->ssl_type = "NA";
- }
- //check for is_ssl()
- if ( (!$this->is_ssl_extended() &&
- (strpos($filecontents, "#SERVER-HTTPS-ON#") === false) &&
- (strpos($filecontents, "#SERVER-HTTPS-1#") === false) &&
- (strpos($filecontents, "#SERVERPORT443#") === false)) || (!is_ssl() && $this->is_ssl_extended())) {
- //when is_ssl would return false, we should add some code to wp-config.php
- if (!$this->wpconfig_has_fixes()) {
- $this->trace_log("is_ssl() will return false: wp-config fix needed");
- $this->do_wpconfig_loadbalancer_fix = TRUE;
- }
- }
- $this->trace_log("SSL type: ".$this->ssl_type);
- }
- $this->check_for_siteurl_in_wpconfig();
- $this->save_options();
- }
- /**
- * Test if the htaccess redirect will work
- * This way, no redirect loops should occur.
- *
- * @since 2.1
- *
- * @access public
- *
- */
- public function test_htaccess_redirect() {
- if (!current_user_can($this->capability)) return;
- if ($this->debug) {$this->trace_log("testing htaccess rules...");}
- $filecontents = "";
- $testpage_url = trailingslashit($this->test_url())."testssl/";
- switch ($this->ssl_type) {
- case "CLOUDFRONT":
- $testpage_url .= "cloudfront";
- break;
- case "CLOUDFLARE":
- $testpage_url .= "cloudflare";
- break;
- case "LOADBALANCER":
- $testpage_url .= "loadbalancer";
- break;
- case "CDN":
- $testpage_url .= "cdn";
- break;
- case "SERVER-HTTPS-ON":
- $testpage_url .= "serverhttpson";
- break;
- case "SERVER-HTTPS-1":
- $testpage_url .= "serverhttps1";
- break;
- case "SERVERPORT443":
- $testpage_url .= "serverport443";
- break;
- case "ENVHTTPS":
- $testpage_url .= "envhttps";
- break;
- }
- $testpage_url .= ("/ssl-test-page.html");
- $response = wp_remote_get( $testpage_url );
- if( is_array($response) ) {
- $status = wp_remote_retrieve_response_code( $response );
- $filecontents = wp_remote_retrieve_body($response);
- }
- $this->trace_log("test page url, enter in browser to check manually: ".$testpage_url);
- if (!is_wp_error( $response ) && (strpos($filecontents, "#SSL TEST PAGE#") !== false)) {
- $this->htaccess_test_success = TRUE;
- $this->trace_log("htaccess rules tested successfully.");
- } else {
- //.htaccess rewrite rule seems to be giving problems.
- $this->htaccess_test_success = FALSE;
- if (is_wp_error( $response )) {
- $this->trace_log("htaccess rules test failed with error: ".$response->get_error_message());
- } else {
- $this->trace_log("htaccess test rules failed. Set WordPress redirect in settings/SSL");
- }
- }
- }
- /**
- * Get an url with which we can test the SSL connection and htaccess redirect rules.
- *
- * @since 2.0
- *
- * @access public
- *
- */
- public function test_url(){
- $plugin_url = str_replace("http://", "https://", trailingslashit(rsssl_url) );;
- $https_home_url = str_replace("http://", "https://", home_url());
- //in some case we get a relative url here, so we check that.
- //we compare to urls replaced to https, in case one of them is still on http.
- if ( (strpos($plugin_url, "https://")===FALSE ) &&
- (strpos($plugin_url, $https_home_url)===FALSE)
- ) {
- //make sure we do not have a slash at the start
- $plugin_url = ltrim($plugin_url,"/");
- $plugin_url = trailingslashit(home_url()).$plugin_url;
- }
- //for subdomains or domain mapping situations, we have to convert the plugin_url from main site to the subdomain url.
- if (is_multisite() && ( !is_main_site(get_current_blog_id()) ) && (! RSSSL()->rsssl_multisite->is_multisite_subfolder_install()) ) {
- $mainsiteurl = trailingslashit(str_replace("http://","https://",network_site_url()));
- $home = trailingslashit($https_home_url);
- $plugin_url = str_replace($mainsiteurl, $home, $plugin_url);
- //return http link if original url is http.
- //if (strpos(home_url(), "https://")===FALSE) $plugin_url = str_replace("https://","http://",$plugin_url);
- }
- return $plugin_url;
- }
- /**
- * removes the added redirect to https rules to the .htaccess file.
- *
- * @since 2.0
- *
- * @access public
- *
- */
- public function removeHtaccessEdit() {
- if(file_exists($this->ABSpath.".htaccess") && is_writable($this->ABSpath.".htaccess")){
- $htaccess = file_get_contents($this->ABSpath.".htaccess");
- //if multisite, per site activation and more than one blog remaining on ssl, remove condition for this site only
- //the domain list has been rebuilt already, so current site is already removed.
- if (is_multisite() && ! RSSSL()->rsssl_multisite->ssl_enabled_networkwide && count($this->sites)>0) {
- //remove http or https.
- $domain = preg_replace("/(http:\/\/|https:\/\/)/","",home_url());
- $pattern = "/#wpmu\srewritecond\s?".preg_quote($domain, "/")."\n.*?#end\swpmu\srewritecond\s?".preg_quote($domain, "/")."\n/s";
- //only remove if the pattern is there at all
- if (preg_match($pattern, $htaccess)) $htaccess = preg_replace($pattern, "", $htaccess);
- //now replace any remaining "or" on the last condition.
- $pattern = "/(\[OR\])(?!.*(\[OR\]|#start).*?RewriteRule)/s";
- $htaccess = preg_replace($pattern, "", $htaccess,1);
- } else {
- // remove everything
- $pattern = "/#\s?BEGIN\s?rlrssslReallySimpleSSL.*?#\s?END\s?rlrssslReallySimpleSSL/s";
- //only remove if the pattern is there at all
- if (preg_match($pattern, $htaccess)) $htaccess = preg_replace($pattern, "", $htaccess);
- }
- $htaccess = preg_replace("/\n+/","\n", $htaccess);
- file_put_contents($this->ABSpath.".htaccess", $htaccess);
- $this->save_options();
- } else {
- $this->errors['HTACCESS_NOT_WRITABLE'] = TRUE;
- if ($this->debug) $this->trace_log("could not remove rules from htaccess, file not writable");
- }
- }
- public function get_htaccess_version() {
- if (!file_exists($this->ABSpath.".htaccess")) return false;
- $htaccess = file_get_contents($this->ABSpath.".htaccess");
- $versionpos = strpos($htaccess, "rsssl_version");
- if ($versionpos===false) {
- //no version found, so not .htaccess rules.
- return false;
- } else {
- //find closing marker of version
- $close = strpos($htaccess, "]", $versionpos);
- $version = substr($htaccess, $versionpos+14, $close-($versionpos+14));
- return $version;
- }
- }
- /* deprecated */
- function htaccess_redirect_allowed(){
- if (is_multisite() && RSSSL()->rsssl_multisite->is_per_site_activated_multisite_subfolder_install()) {
- return false;
- } else {
- return true;
- }
- }
- /*
- Checks if the htaccess contains redirect rules, either actual redirect or a rsssl marker.
- */
- public function htaccess_contains_redirect_rules() {
- if (!file_exists($this->ABSpath.".htaccess")) {
- return false;
- }
- $htaccess = file_get_contents($this->ABSpath.".htaccess");
- $needle = "RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]";
- if(strpos($htaccess, $needle) !== FALSE || $this->contains_rsssl_rules()){
- return true;
- } else {
- $this->trace_log(".htaccess does not contain default Really Simple SSL redirect");
- return false;
- }
- }
- /*
- * Checks if the htaccess contains the Really Simple SSL comment.
- *
- */
- public function contains_rsssl_rules() {
- if (!file_exists($this->ABSpath.".htaccess")) {
- return false;
- }
- $htaccess = file_get_contents($this->ABSpath.".htaccess");
- $check=null;
- preg_match("/BEGIN rlrssslReallySimpleSSL/", $htaccess, $check);
- if(count($check) === 0){
- return false;
- } else {
- return true;
- }
- }
- /*
- * Checks if a 301 redirect is set
- * this is the case if either the wp_redirect is set, or the htaccess redirect is set.
- *
- */
- public function has_301_redirect() {
- if ($this->wp_redirect) return true;
- if (RSSSL()->rsssl_server->uses_htaccess() && $this->htaccess_contains_redirect_rules() ) {
- return true;
- }
- return false;
- }
- /**
- * Checks if the HSTS rule is already in the htaccess file
- * Set the hsts variable in the db accordingly. applies to preload version as well.
- *
- * @since 2.1
- *
- * @access public
- *
- */
- public function contains_hsts() {
- if (!file_exists($this->ABSpath.".htaccess")) {
- $this->trace_log(".htaccess not found in ".$this->ABSpath);
- $result = $this->hsts; //just return the setting.
- } else {
- $htaccess = file_get_contents($this->ABSpath.".htaccess");
- preg_match("/Strict-Transport-Security/", $htaccess, $check);
- if(count($check) === 0){
- $result = false;
- } else {
- $result = true;
- }
- }
- return $result;
- }
- /**
- * Adds redirect to https rules to the .htaccess file.
- *
- * @since 2.0
- *
- * @access public
- *
- */
- public function editHtaccess(){
- if (!current_user_can($this->capability)) return;
- //check if htacces exists and if htaccess is writable
- //update htaccess to redirect to ssl
- $this->trace_log("checking if .htaccess can or should be edited...");
- //does it exist?
- if (!file_exists($this->ABSpath.".htaccess")) {
- $this->trace_log(".htaccess not found.");
- return;
- }
- //check if editing is blocked.
- if ($this->do_not_edit_htaccess) {
- $this->trace_log("Edit of .htaccess blocked by setting or define 'do not edit htaccess' in Really Simple SSL.");
- return;
- }
- $htaccess = file_get_contents($this->ABSpath.".htaccess");
- if(!$this->htaccess_contains_redirect_rules()){
- if (!is_writable($this->ABSpath.".htaccess")) {
- //set the wp redirect as fallback, because .htaccess couldn't be edited.
- if ($this->clicked_activate_ssl()) $this->wp_redirect = true;
- if (is_multisite()) {
- RSSSL()->rsssl_multisite->wp_redirect = true;
- RSSSL()->rsssl_multisite->save_options();
- }
- $this->save_options();
- $this->trace_log(".htaccess not writable.");
- return;
- }
- $rules = $this->get_redirect_rules();
- //insert rules before wordpress part.
- if (strlen($rules)>0) {
- $wptag = "# BEGIN WordPress";
- if (strpos($htaccess, $wptag)!==false) {
- $htaccess = str_replace($wptag, $rules.$wptag, $htaccess);
- } else {
- $htaccess = $htaccess.$rules;
- }
- file_put_contents($this->ABSpath.".htaccess", $htaccess);
- }
- } elseif ($this->is_settings_page() || is_network_admin()) {
- if ($this->debug) {$this->trace_log("settings page, or network admin, updating htaccess...");}
- if (!is_writable($this->ABSpath.".htaccess")) {
- if($this->debug) $this->trace_log(".htaccess not writable.");
- return;
- }
- $htaccess = preg_replace("/#\s?BEGIN\s?rlrssslReallySimpleSSL.*?#\s?END\s?rlrssslReallySimpleSSL/s", "", $htaccess);
- $htaccess = preg_replace("/\n+/","\n", $htaccess);
- $rules = $this->get_redirect_rules();
- //insert rules before WordPress part.
- $wptag = "# BEGIN WordPress";
- if (strpos($htaccess, $wptag)!==false) {
- $htaccess = str_replace($wptag, $rules.$wptag, $htaccess);
- } else {
- $htaccess = $htaccess.$rules;
- }
- file_put_contents($this->ABSpath.".htaccess", $htaccess);
- }
- }
- /**
- *
- * @since 2.2
- * Check if the mixed content fixer is functioning on the front end, by scanning the source of the homepage for the fixer comment.
- *
- */
- public function mixed_content_fixer_detected(){
- $status = 0;
- $web_source = "";
- //check if the mixed content fixer is active
- $response = wp_remote_get( home_url() );
- if( is_array($response) ) {
- $status = wp_remote_retrieve_response_code( $response );
- $web_source = wp_remote_retrieve_body($response);
- }
- if ($status!=200 || (strpos($web_source, "data-rsssl=") === false)) {
- $this->trace_log("Check for Mixed Content detection failed, http statuscode ".$status);
- return false;
- } else {
- $this->trace_log("Mixed content fixer was successfully detected on the front end.");
- return true;
- }
- }
- /**
- * Create redirect rules for the .htaccess.
- *
- *…