WordPress.org

Support

Support » Plugins and Hacks » WPSSL (WordPress with SSL) » [Resolved] [Plugin: WPSSL (WordPress with SSL)] WPSSL and plugin constants issue and hack

[Resolved] [Plugin: WPSSL (WordPress with SSL)] WPSSL and plugin constants issue and hack

  • I am building a new site which includes client financial information on some of the pages. Obviously, these pages need to use SSL so I was looking for a solution that allowed me to force HTTPS on only these pages and not the entire site. The WPSSL plugin worked pretty well but I ran into some issues with plugin components which enqueued scripts and style sheet links during the plugin init phase of WP startup. After doing some code analysis I discovered the problem stemmed from global constants which WP 3+ creates very early in the startup process.

    The specific constants that where causing problems where:

    • WP_CONTENT_URL
    • WP_PLUGIN_URL

    These constants are defined within the function wp_plugin_directory_constants located in the wp-includes/default-constants.php file. These constants are used during initialization by several plugins that I am using. The plugins used the constants when enqueuing scripts for javascript and css files. Since my basic site (and the associated siteurl) use standard HTTP the scripts where enqueued using this base URL even when they appear on pages that are being FORCED_SSL by the WPSSL plugin. This caused mixed content security errors on all of my secure pages.

    I looked for a solution that would allow me to hook into the constant definition process or would allow me to consistently update the links before they were inserted into the secure headers. I couldn’t find anything that seemed to work in all scenarios. In the end I had to hack the wp-includes/default-constants.php file as follows. Not the best solution but one that seems to correct the issue.

    ORIGINAL CODE

    -- snip --
    
    function wp_plugin_directory_constants( ) {
       if ( !defined('WP_CONTENT_URL') )
          define( 'WP_CONTENT_URL', get_option('siteurl').'/wp-content'); 
    
    -- snip --

    HACKED CODE

    -- snip --
    
    function wp_plugin_directory_constants( ) {
       $siteurl = get_option('siteurl');
       if($_SERVER['SERVER_PORT'] == '443') {
          $siteurl = preg_replace('/http:\/\//', 'https://', $siteurl);
       }
    
       if ( !defined('WP_CONTENT_URL') )
          define( 'WP_CONTENT_URL', $siteurl . '/wp-content'); 
    
    -- snip --

    I am posting this in the event that someone else runs into the same issues and in the hopes that someone might know a “non-hack” way of resolving my problem.

    http://wordpress.org/extend/plugins/wpssl/

Viewing 1 replies (of 1 total)
  • Have you considered using the wp-config.php file to define the constants? I would imagine that would be more user friendly, and there’s already a ton of definitions you can make there.

Viewing 1 replies (of 1 total)
  • The topic ‘[Resolved] [Plugin: WPSSL (WordPress with SSL)] WPSSL and plugin constants issue and hack’ is closed to new replies.
Skip to toolbar