Forums

WordPress › Support » Plugins and Hacks

More Fields
Why loading flattr API in admin screens? (4 posts)

  1. Clifford P
    Member
    Posted 6 months ago #

    Re: /more-fields/more-plugins/more-plugins-admin.php

    Lines 190 - 203 include this code:

    function admin_head () {
			add_thickbox();
			?>
			<script type="text/javascript">
			/* <![CDATA[ */
				(function() {
					var s = document.createElement('script'), t = document.getElementsByTagName('script')[0];
					s.type = 'text/javascript';
					s.async = true;
					s.src = 'http://api.flattr.com/js/0.6/load.js?mode=auto';
					t.parentNode.insertBefore(s, t);
				})();
			/* ]]> */
			</script>

    1) What's the point of loading Flattr API in admin pages?
    2) this isn't compatible with SSL / HTTPS because the src='http://...' (instead of '//...' or 'https://...').

    Thank you.

    http://wordpress.org/extend/plugins/more-fields/

  2. Gwyneth Llewelyn
    Member
    Posted 3 months ago #

    I think it's because the Flattr plugin has a Flattr button to flattr the plugin's author. It makes sense — instead of having a PayPal "Donate" button like other plugins, it seems obvious to flattr a Flattr plugin :)

  3. VoxPelli
    Member
    Posted 3 months ago #

    Just a note - this seems to be an inclusion made by the more-fields plugin, not the Flattr plugin, so we can't fix it in the Flattr plugin.

  4. DaveE
    Member
    Posted 1 week ago #

    I'd like to "bump" this inquiry.

    The Flattr API gets included to allow for donations to the plugin via Flattr and shows up in the "About this Plugin" box on the More Fields Settings page in wp-admin. This is all fine & dandy, but the API's JavaScript source is hard-coded to a non-secure URL. For those of us running a secure WordPress wp-admin, this throws a big alert/error/issue.

    The code needs to check if the page request is for a secure/HTTPS connection and if so, use the HTTPS URL for the Flattr API JavaScript. I've updated the plugin manually; but of course, any automatic updates will overwrite the fix.

    For those who are interested, in the file: /more-fields/more-plugins/more-plugins-admin.php starting about line 190, replace the function called admin_head with the following:

    function admin_head () {
			add_thickbox();
			$flattr_api_url = 'http' . ( isset( $_SERVER['HTTPS'] ) && 'on' == $_SERVER['HTTPS'] ? 's' : '' ) . '://api.flattr.com/js/0.6/load.js?mode=auto';
			?>
			<script type="text/javascript">
			/* <![CDATA[ */
				(function() {
					var s = document.createElement('script'), t = document.getElementsByTagName('script')[0];
					s.type = 'text/javascript';
					s.async = true;
					s.src = '<?php echo $flattr_api_url; ?>';
					t.parentNode.insertBefore(s, t);
				})();
			/* ]]> */
			</script>

			<?php

		}

Reply

You must log in to post.

About this Plugin

About this Topic

Tags