WordPress.org

Forums

More Fields
Why loading flattr API in admin screens? (5 posts)

  1. Clifford Paulick
    Member
    Posted 3 years ago #

    Re: /more-fields/more-plugins/more-plugins-admin.php

    Lines 190 - 203 include this code:

    function admin_head () {
    			add_thickbox();
    			?>
    			<script type="text/javascript">
    			/* <![CDATA[ */
    				(function() {
    					var s = document.createElement('script'), t = document.getElementsByTagName('script')[0];
    					s.type = 'text/javascript';
    					s.async = true;
    					s.src = 'http://api.flattr.com/js/0.6/load.js?mode=auto';
    					t.parentNode.insertBefore(s, t);
    				})();
    			/* ]]> */
    			</script>

    1) What's the point of loading Flattr API in admin pages?
    2) this isn't compatible with SSL / HTTPS because the src='http://...' (instead of '//...' or 'https://...').

    Thank you.

    http://wordpress.org/extend/plugins/more-fields/

  2. Gwyneth Llewelyn
    Member
    Posted 3 years ago #

    I think it's because the Flattr plugin has a Flattr button to flattr the plugin's author. It makes sense — instead of having a PayPal "Donate" button like other plugins, it seems obvious to flattr a Flattr plugin :)

  3. VoxPelli
    Member
    Posted 3 years ago #

    Just a note - this seems to be an inclusion made by the more-fields plugin, not the Flattr plugin, so we can't fix it in the Flattr plugin.

  4. DaveE
    Member
    Posted 3 years ago #

    I'd like to "bump" this inquiry.

    The Flattr API gets included to allow for donations to the plugin via Flattr and shows up in the "About this Plugin" box on the More Fields Settings page in wp-admin. This is all fine & dandy, but the API's JavaScript source is hard-coded to a non-secure URL. For those of us running a secure WordPress wp-admin, this throws a big alert/error/issue.

    The code needs to check if the page request is for a secure/HTTPS connection and if so, use the HTTPS URL for the Flattr API JavaScript. I've updated the plugin manually; but of course, any automatic updates will overwrite the fix.

    For those who are interested, in the file: /more-fields/more-plugins/more-plugins-admin.php starting about line 190, replace the function called admin_head with the following:

    function admin_head () {
    			add_thickbox();
    			$flattr_api_url = 'http' . ( isset( $_SERVER['HTTPS'] ) && 'on' == $_SERVER['HTTPS'] ? 's' : '' ) . '://api.flattr.com/js/0.6/load.js?mode=auto';
    			?>
    			<script type="text/javascript">
    			/* <![CDATA[ */
    				(function() {
    					var s = document.createElement('script'), t = document.getElementsByTagName('script')[0];
    					s.type = 'text/javascript';
    					s.async = true;
    					s.src = '<?php echo $flattr_api_url; ?>';
    					t.parentNode.insertBefore(s, t);
    				})();
    			/* ]]> */
    			</script>
    
    			<?php
    
    		}
  5. Adam Capriola
    Member
    Posted 2 years ago #

    Thank you DaveE! It's been driving me crazy trying to figure out why WordPress was saying my SSL connection was insecure.

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • More Fields
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic