Created
March 9, 2010 17:25
-
-
Save westonruter/326845 to your computer and use it in GitHub Desktop.
Quick and dirty WordPress plugin to ensure content is served over SSL if no mixed content.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
/* | |
Plugin Name: Force HTTPS | |
Version: 0.1 | |
Description: Quick and dirty way to ensure content is served over SSL if no mixed content. Removes the "http:" and "https:" from external images embedded in the_content so that SSL can be enabled without the security warning in IE. Redirects to HTTPS if no mixed-content warning will be generated; redirects back to HTTP if it will. Makes use of output buffering. Developed at <a href="http://shepherdinteractive.com/">Shepherd Interactive</a>. | |
Author: Weston Ruter | |
Author URI: http://weston.ruter.net/ | |
*/ | |
function wr_force_https_init(){ | |
if(!is_admin()) | |
ob_start('wr_force_https_replace'); | |
} | |
add_action('init', 'wr_force_https_init'); | |
function wr_force_https_replace($response){ | |
$http_url = "http://" . $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"]; | |
$https_url = "https://" . $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"]; | |
$https_response = preg_replace("#http://(" . join('|', array_map('preg_quote', array( | |
$_SERVER['HTTP_HOST'], | |
'ajax.googleapis.com' | |
))) . ")#", '//$1', $response); | |
$has_http_src = preg_match('{src=.?http:}', $https_response); | |
if($_SERVER["HTTPS"] == "on") { | |
if($has_http_src){ | |
wp_redirect($http_url); | |
exit(); | |
} | |
return $https_response; | |
} | |
else { | |
if(!$has_http_src){ | |
wp_redirect($https_url); | |
exit(); | |
} | |
} | |
return $https_response; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment