WordPress.org

Support

Support » Plugins and Hacks » More Fields » [Plugin: More Fields] Why loading flattr API in admin screens?

[Plugin: More Fields] Why loading flattr API in admin screens?

  • Re: /more-fields/more-plugins/more-plugins-admin.php

    Lines 190 – 203 include this code:

    function admin_head () {
    			add_thickbox();
    			?>
    			<script type="text/javascript">
    			/* <![CDATA[ */
    				(function() {
    					var s = document.createElement('script'), t = document.getElementsByTagName('script')[0];
    					s.type = 'text/javascript';
    					s.async = true;
    					s.src = 'http://api.flattr.com/js/0.6/load.js?mode=auto';
    					t.parentNode.insertBefore(s, t);
    				})();
    			/* ]]> */
    			</script>

    1) What’s the point of loading Flattr API in admin pages?
    2) this isn’t compatible with SSL / HTTPS because the src=’http://…’ (instead of ‘//…’ or ‘https://…’).

    Thank you.

    http://wordpress.org/extend/plugins/more-fields/

Viewing 4 replies - 1 through 4 (of 4 total)
  • I think it’s because the Flattr plugin has a Flattr button to flattr the plugin’s author. It makes sense — instead of having a PayPal “Donate” button like other plugins, it seems obvious to flattr a Flattr plugin 🙂

    Just a note – this seems to be an inclusion made by the more-fields plugin, not the Flattr plugin, so we can’t fix it in the Flattr plugin.

    I’d like to “bump” this inquiry.

    The Flattr API gets included to allow for donations to the plugin via Flattr and shows up in the “About this Plugin” box on the More Fields Settings page in wp-admin. This is all fine & dandy, but the API’s JavaScript source is hard-coded to a non-secure URL. For those of us running a secure WordPress wp-admin, this throws a big alert/error/issue.

    The code needs to check if the page request is for a secure/HTTPS connection and if so, use the HTTPS URL for the Flattr API JavaScript. I’ve updated the plugin manually; but of course, any automatic updates will overwrite the fix.

    For those who are interested, in the file: /more-fields/more-plugins/more-plugins-admin.php starting about line 190, replace the function called admin_head with the following:

    function admin_head () {
    			add_thickbox();
    			$flattr_api_url = 'http' . ( isset( $_SERVER['HTTPS'] ) && 'on' == $_SERVER['HTTPS'] ? 's' : '' ) . '://api.flattr.com/js/0.6/load.js?mode=auto';
    			?>
    			<script type="text/javascript">
    			/* <![CDATA[ */
    				(function() {
    					var s = document.createElement('script'), t = document.getElementsByTagName('script')[0];
    					s.type = 'text/javascript';
    					s.async = true;
    					s.src = '<?php echo $flattr_api_url; ?>';
    					t.parentNode.insertBefore(s, t);
    				})();
    			/* ]]> */
    			</script>
    
    			<?php
    
    		}

    Thank you DaveE! It’s been driving me crazy trying to figure out why WordPress was saying my SSL connection was insecure.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘[Plugin: More Fields] Why loading flattr API in admin screens?’ is closed to new replies.
Skip to toolbar