PageRenderTime 36ms CodeModel.GetById 11ms RepoModel.GetById 1ms app.codeStats 0ms

/https-domain-alias.php

https://gitlab.com/Blueprint-Marketing/wp-https-domain-alias
PHP | 421 lines | 195 code | 52 blank | 174 comment | 45 complexity | 134895ab29f9ba39294476f121d8df61 MD5 | raw file
    

  1. <?php
    2. 

  2. /**
    3. 

  3.  * Plugin Name: HTTPS domain alias
    4. 

  4.  * Plugin URI: https://github.com/Seravo/wp-https-domain-alias
    5. 

  5.  * Description: Enable your site to have a different domains for HTTP and HTTPS. Useful e.g. if you have a wildcard SSL/TLS certificate for server but not for each site.
    6. 

  6.  * Version: 1.3.3
    7. 

  7.  * Author: Seravo Oy
    8. 

  8.  * Author URI: http://seravo.fi
    9. 

  9.  * License: GPLv3
    10. 

  10.  */
    11. 

  11. 

  12. /** Copyright 2015 Seravo Oy
    13. 

    14. 

  14.   This program is free software; you can redistribute it and/or modify
    15. 

  15.   it under the terms of the GNU General Public License, version 3, as
    16. 

  16.   published by the Free Software Foundation.
    17. 

    18. 

  18.   This program is distributed in the hope that it will be useful,
    19. 

  19.   but WITHOUT ANY WARRANTY; without even the implied warranty of
    20. 

  20.   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
    21. 

  21.   GNU General Public License for more details.
    22. 

    23. 

  23.   You should have received a copy of the GNU General Public License
    24. 

  24.   along with this program; if not, write to the Free Software
    25. 

  25.   Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
    26. 

    27. 

  27. */
    28. 

  28. 

  29. /**
    30. 

  30.  * @package HTTPS_Domain_Alias
    31. 

  31.  *
    32. 

  32.  * Make sure a https capable domain is used {@see HTTPS_DOMAIN_ALIAS} if the
    33. 

  33.  * protocol is HTTPS.
    34. 

  34.  *
    35. 

  35.  * Make sure the wp-config.php defines the needed constants, e.g.
    36. 

  36.  *  define('FORCE_SSL_LOGIN', true);
    37. 

  37.  *  define('FORCE_SSL_ADMIN', true);
    38. 

  38.  *  define('HTTPS_DOMAIN_ALIAS', 'coss.seravo.fi');
    39. 

  39.  *
    40. 

  40.  * On a WordPress Network install HTTPS_DOMAIN_ALIAS can also be
    41. 

  41.  * defined with a wildcard, e.g. '*.seravo.fi'.
    42. 

  42.  * Compatible with WordPress MU Domain Mapping.
    43. 

  43.  *
    44. 

  44.  * Example:
    45. 

  45.  *  Redirect never points to https://coss.fi/..
    46. 

  46.  *  but instead always to https://coss.seravo.fi/...
    47. 

  47.  *
    48. 

  48.  * For more information see readme.txt
    49. 

  49.  *
    50. 

  50.  * @param string $url
    51. 

  51.  * @param string $status (optional, not used in this function)
    52. 

  52.  * @return string
    53. 

  53.  */
    54. 

  54. function htsda_https_domain_rewrite( $url, $status = 0 ) {
    55. 

  55. 

  56.   // Rewrite only if the request is https, or the user is logged in
    57. 

  57.   // to preserve cookie integrity
    58. 

  58.   if ( substr( $url, 0, 5 ) == 'https'
    59. 

  59.     || ( function_exists( 'is_user_logged_in' ) && is_user_logged_in()
    60. 

  60.       && ! ( defined( 'DISABLE_FRONTEND_SSL' ) && DISABLE_FRONTEND_SSL ) ) ) {
    61. 

  61. 

  62.       // Assume domain is always same for all calls to this function
    63. 

  63.       // during same request and thus define some variables as static.
    64. 

  64.       static $domains;
    65. 

  65.       if ( ! isset( $domains ) ) {
    66. 

  66.         $domains = array();
    67. 

  67.         // $domain is current site URL without the www prefix
    68. 

  68.         // TODO: can we just strip www? convention says yes
    69. 

  69.         $domains[] = hstda_trim_url(parse_url( get_option( 'home' ), PHP_URL_HOST ), 'www.');
    70. 

  70.         // Also take the current request host so this works even when redirect_canonical is not in use
    71. 

  71.         $domains[] = hstda_trim_url($_SERVER['HTTP_HOST'], 'www.');
    72. 

  72.       }
    73. 

  73. 

  74.       static $domainAlias;
    75. 

  75.       if ( ! isset( $domainAlias ) ) {
    76. 

  76.         $domainAlias = htsda_get_domain_alias($domain);
    77. 

  77.       }
    78. 

  78. 

  79.       // If $location does not include simple https domain alias, rewrite it.
    80. 

  80.       $url = hstda_rewrite_url($url,$domains,$domainAlias);
    81. 

  81.   }
    82. 

  82.   return $url;
    83. 

  83. }
    84. 

  84. 

  85. /**
    86. 

  86.  * Same as above, but handles all domains in a multisite
    87. 

  87.  */
    88. 

  88. function htsda_mu_https_domain_rewrite( $url, $status = 0 ) {
    89. 

  89. 

  90.   // Rewrite only if the request is https, or the user is logged in
    91. 

  91.   // to preserve cookie integrity
    92. 

  92.   if ( substr( $url, 0, 5 ) == 'https'
    93. 

  93.     || ( function_exists( 'is_user_logged_in' ) && is_user_logged_in()
    94. 

  94.       && ! ( defined( 'DISABLE_FRONTEND_SSL' ) && DISABLE_FRONTEND_SSL ) ) ) {
    95. 

  95. 

  96.       // these won't change during the request  
    97. 

  97.       static $domains;
    98. 

  98. 

  99.       if ( !isset( $domains ) ) {
    100. 

  100.         $blogs = wp_get_sites(); // get info from wp_blogs table
    101. 

  101.         $domains = array(); // map the domains here
    102. 

  102.         $domains[] = hstda_trim_url(parse_url( get_site_url( 1 ), PHP_URL_HOST ), 'www.'); // main site home
    103. 

  103. 

  104.         // special case for wpmu domain mapping plugin
    105. 

  105.         if( function_exists('domain_mapping_siteurl') ) {
    106. 

  106.           $domains[] = hstda_trim_url(parse_url( domain_mapping_siteurl( false ), PHP_URL_HOST ), 'www.');
    107. 

  107.         } 
    108. 

  108. 

  109.         foreach ( $blogs as $blog ) {
    110. 

  110.           $domains[] = hstda_trim_url($blog['domain'],'www.');
    111. 

  111.         }
    112. 

  112. 

  113.         // dedupe domains
    114. 

  114.         $domains = array_unique( $domains );
    115. 

  115.       }
    116. 

  116. 

  117.       // Rewrite the $url
    118. 

  118.       $url = hstda_rewrite_url($url,$domains);
    119. 

  119.   }
    120. 

  120.   return $url;
    121. 

  121. }
    122. 

  122. 

  123. 

  124. /**
    125. 

  125.  * Gets the domain alias for the given domain
    126. 

  126.  */
    127. 

  127. function htsda_get_domain_alias( $domain ) {
    128. 

  128.   if ( substr( HTTPS_DOMAIN_ALIAS, -strlen( $domain ) ) == $domain ) {
    129. 

  129.     // Special case: $domainAlias ends with $domain,
    130. 

  130.     // which is possible in WP Network when requesting
    131. 

  131.     // the main site, don't rewrite urls as a https
    132. 

  132.     // certificate for sure exists for direct domain.
    133. 

  133.     // e.g. domain seravo.fi, domain alias *.seravo.fi
    134. 

  134.     return $domain;
    135. 

  135.   } 
    136. 

  136.   
    137. 

  137.   else if ( substr( HTTPS_DOMAIN_ALIAS, 0, 1 ) == '*' ) {
    138. 

  138. 

  139.     if(false !== strpos($domain, substr( HTTPS_DOMAIN_ALIAS, 1 )) ) {
    140. 

  140.       // never include the https domain alias part in the domain base
    141. 

  141.       $domainBase = substr( $domain, 0, strrpos( $domain, substr( HTTPS_DOMAIN_ALIAS, 1 ) ) );
    142. 

  142.     } else {
    143. 

  143.       // domain base is everything before the TLD part
    144. 

  144.       // TODO: what about dual TLD's like .co.uk ?
    145. 

  145.       $domainBase = substr( $domain, 0, strrpos( $domain, '.' ) );
    146. 

  146.     }
    147. 

  147.     
    148. 

  148.     // substitute dots with dashes so that we never end up in sub-sub domains
    149. 

  149.     $domainBase = str_replace('.', '-', $domainBase); 
    150. 

  150.     $domainAliasBase = substr( HTTPS_DOMAIN_ALIAS, 1 );
    151. 

  151.     return $domainBase . $domainAliasBase;
    152. 

  152.       
    153. 

  153.   } 
    154. 

  154.   
    155. 

  155.   else {
    156. 

  156.     return HTTPS_DOMAIN_ALIAS;
    157. 

  157.   }
    158. 

  158. }
    159. 

  159. 

  160. /**
    161. 

  161.  * Debug wrapper
    162. 

  162.  *
    163. 

  163.  *
    164. 

  164.  * @param string $url
    165. 

  165.  * @param string $path
    166. 

  166.  * @param string $plugins
    167. 

  167.  * @return string $url
    168. 

  168.  */
    169. 

  169. function htsda_debug_rewrite( $url, $path=false, $plugin = false, $extra = false ) {
    170. 

  170.   error_log( "in: $url" );
    171. 

  171.   $url = is_multisite() ? htsda_mu_https_domain_rewrite( $url ) : htsda_https_domain_rewrite( $url );
    172. 

  172.   error_log( "out: $url" );
    173. 

  173.   return $url;
    174. 

  174. }
    175. 

  175. 

  176. /**
    177. 

  177.  * Includes a patch for Polylang Language plugin, which redefines home_url in the back-end
    178. 

  178.  */
    179. 

  179. function htsda_home_url_rewrite( $url ) {
    180. 

  180.   // Store the original url in global constant so that we can use it later to fix things
    181. 

  181.   if (!defined('HTTPS_DOMAIN_ALIAS_FRONTEND_URL')) {
    182. 

  182.     $parsed_url = parse_url($url);
    183. 

  183.     define('HTTPS_DOMAIN_ALIAS_FRONTEND_URL', $parsed_url['scheme'].'://'.$parsed_url['host'].$parsed_url['path']);
    184. 

  184.   }
    185. 

  185. 

  186.   // don't rewrite urls for polylang settings page
    187. 

  187.   if ( isset($_GET['page']) && $_GET['page'] == 'mlang' ) {
    188. 

  188.     return $url;
    189. 

  189.   }
    190. 

  190. 

  191.   $url = is_multisite() ? htsda_mu_https_domain_rewrite( $url ) : htsda_https_domain_rewrite( $url );
    192. 

  192.   return $url;
    193. 

  193. }
    194. 

  194. 

  195. /**
    196. 

  196.  * Additional functionality to make all links relative
    197. 

  197.  *
    198. 

  198.  * This helps keep the front end clean of any HTTPS domain alias links
    199. 

  199.  *
    200. 

  200.  * Thanks to @chernjie for the idea!
    201. 

  201.  */
    202. 

  202. 

  203. /**
    204. 

  204.  * This converts any link to slash-relative
    205. 

  205.  *
    206. 

  206.  * NOTE: this applies to external links as well, so be careful with this!
    207. 

  207.  */
    208. 

  208. function htsda_root_relative_url( $url, $html ) {
    209. 

  209.   // If urls already start from root, just return it
    210. 

  210.   if ( $url[0] == "/" ) return $html;
    211. 

  211. 

  212.   $p = parse_url( $url );
    213. 

  213.   $root = $p['scheme'] . "://" . $p['host'];
    214. 

  214.   $html = str_ireplace( $root, '', $html );
    215. 

  215. 

  216.   return $html;
    217. 

  217. }
    218. 

  218. 

  219. /*
    220. 

  220.  * Media gallery images should be handled with relative urls
    221. 

  221.  */
    222. 

  222. function htsda_root_relative_image_urls( $html, $id, $caption, $title, $align, $url, $size, $alt ) {
    223. 

  223.   return htsda_root_relative_url( $url, $html );
    224. 

  224. }
    225. 

  225. function htsda_root_relative_media_urls( $html, $id, $att ) {
    226. 

  226.   return htsda_root_relative_url( $att['url'], $html );
    227. 

  227. }
    228. 

  228. 

  229. /*
    230. 

  230.  * This adds a small javascript fix for the TinyMCE link adder dialog
    231. 

  231.  */
    232. 

  232. function htsda_link_adder_fix( $Hook ) {
    233. 

  233.   if ( 'post.php' === $Hook || 'post-new.php' === $Hook ) {
    234. 

  234.     // we only need to use this fix in post.php
    235. 

  235.     wp_enqueue_script( 'link-relative', plugin_dir_url( __FILE__ ) . 'link-relative.js' );
    236. 

  236.   }
    237. 

  237. }
    238. 

  238. 

  239. /*
    240. 

  240.  * Register filters only if HTTPS_DOMAIN_ALIAS defined
    241. 

  241.  */
    242. 

  242. if ( defined( 'HTTPS_DOMAIN_ALIAS' ) ) {
    243. 

  243.   // A redirect or link to https may happen from pages served via http
    244. 

  244.   $domain_filter = is_multisite() ? 'htsda_mu_https_domain_rewrite' : 'htsda_https_domain_rewrite';
    245. 

  245. 

  246.   add_filter( 'login_url',                   $domain_filter );
    247. 

  247.   add_filter( 'logout_url',                  $domain_filter );
    248. 

  248.   add_filter( 'admin_url',                   $domain_filter );
    249. 

  249.   add_filter( 'wp_redirect',                 $domain_filter );
    250. 

  250.   add_filter( 'plugins_url',                 $domain_filter );
    251. 

  251.   add_filter( 'content_url',                 $domain_filter );
    252. 

  252.   add_filter( 'theme_mod_header_image',      $domain_filter );
    253. 

  253.   add_filter( 'wp_get_attachment_url',       $domain_filter );
    254. 

  254.   add_filter( 'wp_get_attachment_thumb_url', $domain_filter );
    255. 

  255.   add_filter( 'site_url',                    $domain_filter );
    256. 

  256.   add_filter( 'home_url',                    'htsda_home_url_rewrite' );
    257. 

  257. 

  258.   // Force relative urls for links created in the wp-admin 
    259. 

  259.   add_filter( 'media_send_to_editor', 'htsda_root_relative_media_urls', 10, 3 );
    260. 

  260.   add_filter( 'image_send_to_editor', 'htsda_root_relative_image_urls', 10, 9 );
    261. 

  261.   add_action( 'admin_enqueue_scripts', 'htsda_link_adder_fix' ); 
    262. 

  262. 

  263. } else {
    264. 

  264.   error_log( 'Constant HTTPS_DOMAIN_ALIAS is not defined' );
    265. 

  265. }
    266. 

  266. 

  267. /*
    268. 

  268.  * Make sure this plugin loads as first so that the filters will be applied
    269. 

  269.  * to all plugins before they fetch or define any URLs.
    270. 

  270.  *
    271. 

  271.  * This function will only take effect at the time when some plugin is activated,
    272. 

  272.  * does not apply directly for old installs and in general is brittle to brake,
    273. 

  273.  * as something else might edit the plugin list in the database options table
    274. 

  274.  * and thus lower the priorty for this plugin.
    275. 

  275.  */
    276. 

  276. add_action( 'activated_plugin', 'htsda_https_domain_alias_must_be_first_plugin' );
    277. 

  277. function htsda_https_domain_alias_must_be_first_plugin() {
    278. 

  278.   // ensure path to this file is via main wp plugin path
    279. 

  279.   $wp_path_to_this_file = preg_replace( '/(.*)plugins\/(.*)$/', WP_PLUGIN_DIR."/$2", __FILE__ );
    280. 

  280.   $this_plugin = plugin_basename( trim( $wp_path_to_this_file ) );
    281. 

  281.   $active_plugins = get_option( 'active_plugins' );
    282. 

  282.   $this_plugin_key = array_search( $this_plugin, $active_plugins );
    283. 

  283. 

  284.   if ( $this_plugin_key ) { // if it's 0 it's the first plugin already, no need to continue
    285. 

  285.     array_splice( $active_plugins, $this_plugin_key, 1 );
    286. 

  286.     array_unshift( $active_plugins, $this_plugin );
    287. 

  287.     update_option( 'active_plugins', $active_plugins );
    288. 

  288.   }
    289. 

  289. }
    290. 

  290. 

  291. /*
    292. 

  292.  * A function for determining if we're currently on a login page
    293. 

  293.  */
    294. 

  294. function is_login_page() {
    295. 

  295.   return in_array( $GLOBALS['pagenow'], array( 'wp-login.php', 'wp-register.php' ) );
    296. 

  296. }
    297. 

  297. 

  298. 

  299. /*
    300. 

  300.  * Redirects non logged in visitors away from the visible domain alias front
    301. 

  301.  * end. This also makes sure search engines don't index the domain alias but
    302. 

  302.  * rather the actual canonical site thus improving site SEO.
    303. 

  303.  */
    304. 

  304. add_action( 'wp', 'htsda_https_domain_alias_redirect_visitors' );
    305. 

  305. function htsda_https_domain_alias_redirect_visitors() {
    306. 

  306.   
    307. 

  307.   // check if visitor is currently in a domain alias location
    308. 

  308.   $is_on_domain_alias = strpos( get_option( 'HOME' ), $_SERVER['HTTP_HOST'] );
    309. 

  309. 

  310.   if (  ! $is_on_domain_alias && 
    311. 

  311.       ! is_user_logged_in() && 
    312. 

  312.       ! is_login_page() )  {
    313. 

  313.     wp_redirect(get_option( 'HOME' ) . $_SERVER['REQUEST_URI'], 301 );
    314. 

  314.   }
    315. 

  315. }
    316. 

  316. 

  317. /**
    318. 

  318.  * Create a readme page in the settings menu
    319. 

  319.  */
    320. 

  320. add_action( 'admin_menu', 'htsda_https_domain_alias_readme' );
    321. 

  321. function htsda_https_domain_alias_readme() {
    322. 

  322.   //Readme is only visible, when HTTPS_DOMAIN_ALIAS is not defined
    323. 

  323.   if ( ! defined( 'HTTPS_DOMAIN_ALIAS' ) ) {
    324. 

  324.     add_options_page( 'HTTPS Domain Alias', 'HTTPS Domain Alias', 'administrator', __FILE__, 'htsda_build_readme_page', plugins_url( '/images/icon.png', __FILE__ ) );
    325. 

  325.   }
    326. 

  326. }
    327. 

  327. 

  328. /*
    329. 

  329.  * Helper: Rewrite url if it's pointing to this site
    330. 

  330.  * 
    331. 

  331.  * @param string    well formed url     
    332. 

  332.  * @param array    domains of the site
    333. 

  333.  * (optional)@param string    ssl secured domain alias of the site
    334. 

  334.  */
    335. 

  335. function hstda_rewrite_url($url,$domains,$domainAlias=NULL) {
    336. 

  336.   $parts = parse_url($url);
    337. 

  337. 

  338.   // Strip www. from url
    339. 

  339.   $parts['host'] = hstda_trim_url($parts['host'], 'www.');
    340. 

  340. 

  341.   // Only rewrite local urls
    342. 

  342.   if (isset($parts['host']) && !in_array($parts['host'],$domains)) {
    343. 

  343.     return $url; // If the host is eg. twitter.com leave it unchanged
    344. 

  344.   } else {
    345. 

  345.     $parts['scheme'] = "https";
    346. 

  346.     $parts['host'] = (isset($domainAlias)) ? $domainAlias : htsda_get_domain_alias($parts['host']);
    347. 

  347.     // TODO Is there cases where we should also replace $parts['query'] ?
    348. 

  348.     return hstda_build_url($parts); 
    349. 

  349.   }
    350. 

  350. }
    351. 

  351. 

  352. /*
    353. 

  353.  * Helper: Build an URL
    354. 

  354.  * Useful for building new url from @return value of parse_url()
    355. 

  355.  * 
    356. 

  356.  * @param mixed     (Part(s) of) an URL in form of a string or associative array like parse_url() returns
    357. 

  357.  * @param mixed     Same as the first argument
    358. 

  358.  */
    359. 

  359. function hstda_build_url($parts){    
    360. 

  360.   return 
    361. 

  361.      ((isset($parts['scheme'])) ? $parts['scheme'] . '://' : '')
    362. 

  362.     .((isset($parts['user'])) ? $parts['user'] . ((isset($parts['pass'])) ? ':' . $parts['pass'] : '') .'@' : '')
    363. 

  363.     .((isset($parts['host'])) ? $parts['host'] : '')
    364. 

  364.     .((isset($parts['port'])) ? ':' . $parts['port'] : '')
    365. 

  365.     .((isset($parts['path'])) ? $parts['path'] : '')
    366. 

  366.     .((isset($parts['query'])) ? '?' . $parts['query'] : '')
    367. 

  367.     .((isset($parts['fragment'])) ? '#' . $parts['fragment'] : '')
    368. 

  368.   ;
    369. 

  369. }
    370. 

  370. 

  371. /*
    372. 

  372.  * Trims $prefix if it exists in the beginning of the string
    373. 

  373.  * This is alot faster than regex
    374. 

  374.  * See: http://stackoverflow.com/a/4517270/1337062
    375. 

  375.  */
    376. 

  376. function hstda_trim_url($str,$prefix) {
    377. 

  377.   if (substr($str, 0, strlen($prefix)) == $prefix) {
    378. 

  378.     $str = substr($str, strlen($prefix));
    379. 

  379.   } 
    380. 

  380.   return $str;
    381. 

  381. }
    382. 

  382. 

  383. /*
    384. 

  384.  * Display the readme page
    385. 

  385.  */
    386. 

  386. function htsda_build_readme_page() { ?>
    387. 

  387.   <div class="wrap">
    388. 

  388.     <h2>HTTPS Domain Alias</h2>
    389. 

  389.     <div id="message" class="error">
    390. 

  390.       <p><?php _e('This readme page is only visible when HTTPS_DOMAIN_ALIAS is not defined in wp-config.php. You will not see this once the constant is defined.', 'htsda' );?></p>
    391. 

  391.     </div>
    392. 

  392.     <?php include( 'admin-readme.html' ); ?>
    393. 

  393.     <p>&nbsp;</p>
    394. 

  394.     <p><small>HTTPS Domain Alias is made by <a href="http://seravo.fi/">Seravo Oy</a>, which specialize
    395. 

  395.       in open source support services and among others is the only company in Finland to provide
    396. 

  396.       [WordPress Premium Hosting](http://seravo.fi/wordpress-palvelu).</small></p>
    397. 

  397.   </div>
    398. 

  398.   <?php
    399. 

  399. }
    400. 

  400. 

  401. /**
    402. 

  402.  * A helper sorter function by string length
    403. 

  403.  */
    404. 

  404. function _by_length($a, $b){
    405. 

  405.   return strlen($b) - strlen($a);
    406. 

  406. }
    407. 

  407. 

  408. /*
    409. 

  409.  * Change how the permalink is shown in backend editor view
    410. 

  410.  */
    411. 

  411. add_filter('get_sample_permalink_html','htsda_sample_permalink_html',5,1);
    412. 

  412. function htsda_sample_permalink_html($content){
    413. 

  413.   if (defined('HTTPS_DOMAIN_ALIAS_FRONTEND_URL')) {
    414. 

  414.     $domain_alias = htsda_home_url_rewrite(HTTPS_DOMAIN_ALIAS_FRONTEND_URL);
    415. 

  415. 

  416.     // Replace url between <a> tags
    417. 

  417.     // If we just replace from everywhere it breaks preview links
    418. 

  418.     $content = str_replace('>'.$domain_alias,'>'.HTTPS_DOMAIN_ALIAS_FRONTEND_URL,$content);
    419. 

  419.   }
    420. 

  420.   return $content;
    421. 

  421. }
    422.