[Plugin: All-In-One Cufon] SSL Support

Aloha Tom,

Thanks for you hard work here! I wanted to suggest simple fixes to prevent “Insecure Content” warning from browsers when loading pages via SSL.

The source of the issue is the url path definitions within wpcuf_insert_code() for All-In-One Cufon version 1.1.1. While the rest of the page is loaded via HTTPS, the cufon script and font files are still loading via HTTP.

The solution uses the plugins_url() function introduced in 2.6.0 which is aware of whether the page is loaded via HTTP or HTTPS:
http://codex.wordpress.org/Function_Reference/plugins_url

Replace line 17:
$plugin = WP_PLUGIN_URL . '/' . plugin_basename(dirname(__file__));
with:
$plugin = plugins_url(FALSE, __FILE__);

Replace line 18:
$cufon_font_location = WP_PLUGIN_URL . '/cufon-fonts';
with:
$cufon_font_location = plugins_url() . '/cufon-fonts';

Replace line 34:
<?php wp_enqueue_script('font-' . $file, WP_PLUGIN_URL . '/cufon-fonts/' . $file );
with:
<?php wp_enqueue_script('font-' . $file, $cufon_font_location . '/' . $file );

Replace line 39:
<script src="<?php echo WP_PLUGIN_URL; ?>/cufon-fonts/<?php echo $file; ?>" type="text/javascript"></script>
with:
<script src="<?php echo $cufon_font_location . '/' . $file; ?>" type="text/javascript"></script>

While I have not tested these changes with multisite enabled, I have verified that this works when WordPress is installed in a subdirectory as described here:
http://codex.wordpress.org/Giving_WordPress_Its_Own_Directory

Aloha!
John

http://wordpress.org/extend/plugins/all-in-one-cufon/