Skip to content

Instantly share code, notes, and snippets.

@westonruter

westonruter/gist:326845

Created March 9, 2010 17:25
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save westonruter/326845 to your computer and use it in GitHub Desktop.
Save westonruter/326845 to your computer and use it in GitHub Desktop.
Download ZIP
Quick and dirty WordPress plugin to ensure content is served over SSL if no mixed content.
Raw
gistfile1.php
<?php
/*
Plugin Name: Force HTTPS
Version: 0.1
Description: Quick and dirty way to ensure content is served over SSL if no mixed content. Removes the "http:" and "https:" from external images embedded in the_content so that SSL can be enabled without the security warning in IE. Redirects to HTTPS if no mixed-content warning will be generated; redirects back to HTTP if it will. Makes use of output buffering. Developed at <a href="http://shepherdinteractive.com/">Shepherd Interactive</a>.
Author: Weston Ruter
Author URI: http://weston.ruter.net/
*/
function wr_force_https_init(){
if(!is_admin())
ob_start('wr_force_https_replace');
}
add_action('init', 'wr_force_https_init');
function wr_force_https_replace($response){
$http_url = "http://" . $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"];
$https_url = "https://" . $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"];
$https_response = preg_replace("#http://(" . join('|', array_map('preg_quote', array(
$_SERVER['HTTP_HOST'],
'ajax.googleapis.com'
))) . ")#", '//$1', $response);
$has_http_src = preg_match('{src=.?http:}', $https_response);
if($_SERVER["HTTPS"] == "on") {
if($has_http_src){
wp_redirect($http_url);
exit();
}
return $https_response;
}
else {
if(!$has_http_src){
wp_redirect($https_url);
exit();
}
}
return $https_response;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment