[Plugin: More Fields] Why loading flattr API in admin screens?

I think it’s because the Flattr plugin has a Flattr button to flattr the plugin’s author. It makes sense — instead of having a PayPal “Donate” button like other plugins, it seems obvious to flattr a Flattr plugin 🙂

I’d like to “bump” this inquiry.

The Flattr API gets included to allow for donations to the plugin via Flattr and shows up in the “About this Plugin” box on the More Fields Settings page in wp-admin. This is all fine & dandy, but the API’s JavaScript source is hard-coded to a non-secure URL. For those of us running a secure WordPress wp-admin, this throws a big alert/error/issue.

The code needs to check if the page request is for a secure/HTTPS connection and if so, use the HTTPS URL for the Flattr API JavaScript. I’ve updated the plugin manually; but of course, any automatic updates will overwrite the fix.

For those who are interested, in the file: /more-fields/more-plugins/more-plugins-admin.php starting about line 190, replace the function called admin_head with the following:

function admin_head () {
			add_thickbox();
			$flattr_api_url = 'http' . ( isset( $_SERVER['HTTPS'] ) && 'on' == $_SERVER['HTTPS'] ? 's' : '' ) . '://api.flattr.com/js/0.6/load.js?mode=auto';
			?>
			<script type="text/javascript">
			/* <![CDATA[ */
				(function() {
					var s = document.createElement('script'), t = document.getElementsByTagName('script')[0];
					s.type = 'text/javascript';
					s.async = true;
					s.src = '<?php echo $flattr_api_url; ?>';
					t.parentNode.insertBefore(s, t);
				})();
			/* ]]> */
			</script>

			<?php

		}