You’re right, I missed one!
Give me 10 minutes or so and I’ll just push out a new version to fix this.
Thanks for downloading! 🙂
Alright, version 1.6.2 is up. Let me know if it works for you.
Just tested and it’s fixed! Thank you! 🙂
Seems like a newer version of the plugin switched things back.
All the links in the sitemap are now using HTTPS when I manually generate the sitemap from the dashboard.
EDIT: The sitemap is fine when not generated from the dashboard. The devs of the sitemap plugin have already been notified of the problem when using a secure dashboard.
I’m sure the only reason it was generated with HTTP in earlier versions was because my plugin was parsing URL’s in the admin panel with the ‘Disable Automatic HTTPS’ option enabled, which wasn’t really necessary. So, I changed it to only parse URL’s on the front-end.
It’s still necessary for some links in the backend. I’ve just noticed that all the plugins that were fixed with your plugin aren’t working properly again.
These plugins are requesting the permalink and it seems WP is always returning the SSL URL.
So if they send a link to Twitter per example, they’ll send the SSL URL.
Would it be possible to only fix those special cases? There could be more than permalinks, but that’s the one I know about.
I’d like to avoid any special cases in my plugin, if at all possible. The maintenance of those special cases could become quite tiresome, especially when the plugin authors could fix them themselves. Before 3.0, most functions were not sensitive to SSL, so it didn’t matter. Now that they are, plugin authors need to go into their plugins and fix them.
In the meantime, find line 131:
add_action('save_post', array(&$this, 'post_save'));
Add this below it:
add_filter('page_link', array(&$this, 'replace_https'));
add_filter('post_link', array(&$this, 'replace_https'));
And that should change any post/page links to HTTP in the admin panel. I will consider adding this to the plugin, but I will have to dig around to make sure it doesn’t break anything else.
Thx for the fix. It worked like a charm for plugins needing to get a hold of those links.
I’m surprised by that behavior for links in WP. WP should automatically save and spit out the HTTP link when FORCE_SSL_ADMIN is turned on. None of the links that are going to be displayed in the frontend should contain httpS. And if it needs to display something in the backend, then it can transform it then.
Do you have a link handy to the reference on how plugins should load links properly?
Well, you’re not 100% correct. If your site url is set to HTTPS, then front-end links would need to be HTTPS. On the other hand, if you’re in the admin panel, the page is SSL, and your site url is not set to HTTPS, then yes, post/page (and maybe other) links should be changed to HTTP. Once you click that link (such as when you click ‘View Post’ on the edit/add post screen), if you have ‘Force SSL’ on that page, it will simply be redirected back to HTTPS, which isn’t a problem.
I’m pretty sure this wouldn’t break anything for anyone, and would help fix some things for other plugins.
The plugin authors are loading links properly. All functions in WordPress that return a URL check to see if the current page is HTTPS, and if it is, it returns an HTTPS url. That is just how WordPress works now. Like I’ve said, before 3.0, this was not the case, and now that it is, most plugin developers aren’t even aware.
Really, WordPress needs to build links based on if the site url is set to HTTPS or not, not the current page.
Agreed, I’ve just written a post in the feedback section and hopefully I got it right :D.
Just had one thought. Wouldn’t it be easier to filter home_url? I mean if it’s only the admin zone that is using SSL, then home_url should never return an SSL link, no?
Yeah, I’ll probably end up using the home_url rather than site_url when checking if the whole site is HTTPS, because WordPress actually uses home_url to build all of its links, not site_url. My bad. 🙂
