[WordPress] Plugin to prevent speed-costly redirects from HTTP to HTTPS for emoji URLs. Requires WordPress 4.2 up to 4.4.1. Emoji URLs have been fixed in WordPress core as of 4.4.2: https://core.trac.wordpress.org/ticket/35376
<?php | |
/** | |
* Plugin Name: Emoji Rocket 🚀 | |
* Description: Prevents speed-costly redirects from HTTP to HTTPS for emoji URLs. Requires WordPress 4.2 up to 4.4.1. | |
* Version: 0.5 | |
* Author: Caspar Hübinger | |
* Author URI: https://profiles.wordpress.org/glueckpress | |
* Plugin URI: https://gist.github.com/glueckpress/f949119dbd968917f803 | |
* License: GNU General Public License v3 or later | |
* License URI: http://www.gnu.org/licenses/gpl-3.0.html | |
*/ | |
defined( 'ABSPATH' ) or die( 'You know better.' ); | |
/** | |
* The emoji CDN on s.w.org was added in WordPress 4.2. | |
* URLs were fixed in 4.4.2, so let’s bail early in case we’re below 4.2, or greater than 4.4.1. | |
* | |
* @link https://core.trac.wordpress.org/ticket/31651 | |
* @link https://core.trac.wordpress.org/ticket/35376 | |
*/ | |
if ( version_compare( $GLOBALS['wp_version'], '4.2' ) < 0 || version_compare( $GLOBALS['wp_version'], '4.4.1' ) > 0 ) | |
return; | |
/** | |
* Load plugin. | |
* | |
* @return void | |
*/ | |
function emoji_rocket() { | |
/** | |
* We only need to proceed if this site is not SSL, because set_url_scheme() | |
* will only apply https to emoji requests if our local site is SSL, too. | |
* | |
* @link http://glck.be/7298/ | |
*/ | |
if ( is_ssl() ) | |
return; | |
// SSL up and running on s.w.org? | |
$maybe_remote_ssl = get_transient( 'emoji_rocket__remote_ssl_check' ); | |
/* s.w.org should have SSL enabled. | |
* However, in case SSL is down for whatever reason, let’s just stop here. | |
*/ | |
if ( 'nope' === $maybe_remote_ssl ) | |
return; | |
/* By now we can be sure, our default emoji URL does in fact has SSL, | |
* so let’s filter all emoji URLs to call them with HTTPS directly. | |
*/ | |
add_filter( 'emoji_url', 'emoji_rocket__force_https' ); | |
} | |
add_action( 'plugins_loaded', 'emoji_rocket' ); | |
/** | |
* Forces HTTPS for emojis URLs requested from their default location on w.org. | |
* | |
* @param string $url Default emoji URL | |
* @return string Emoji URL with forced HTTPS | |
*/ | |
function emoji_rocket__force_https( $url ) { | |
/* Checking once more in case URL has been filtered already and is not the | |
* default one anymore. | |
*/ | |
if ( 0 !== stripos( $url, 'http://s.w.org/images/core/emoji/72x72/' ) ) | |
return $url; | |
$url = set_url_scheme( $url, 'https' ); | |
return $url; | |
} | |
/** | |
* Occasional check whether s.w.org’s SSL certificate is still up. | |
* | |
* Props @BoiteAWeb for pointing out this should be done on shutdown rather than | |
* early on plugins_loaded. Also thanks for hints to wp_remote_ utilities! | |
* | |
* @return void | |
*/ | |
function emoji_rocket__maybe_remote_ssl() { | |
/* We’ll intentionally request our sample via HTTP, because if https is | |
* available, we will be redirected to HTTPS and will be able to know so by | |
* checking the head’s location. | |
* However, let’s do this only once per hour in order to not unnessecarily | |
* flood w.org with request. | |
*/ | |
$response = wp_remote_head( 'http://s.w.org/images/core/emoji/72x72/1f44b.png' ); | |
// Location, if set, will present our factual remote HTTPS URL. | |
$url = wp_remote_retrieve_header( $response, 'location' ); | |
$maybe_remote_ssl = set_transient( | |
'emoji_rocket__remote_ssl_check', | |
( 0 === stripos( $url, 'https://' ) ) ? 'yes' : 'nope', | |
HOUR_IN_SECONDS | |
); | |
} | |
add_action( 'shutdown', 'emoji_rocket__maybe_remote_ssl' ); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment