Skip to content
This repository has been archived by the owner on May 15, 2019. It is now read-only.

Make sure everything works with FORCE_SSL_ADMIN #48

Open
czenzel opened this issue Mar 4, 2014 · 10 comments
Open

Make sure everything works with FORCE_SSL_ADMIN #48

czenzel opened this issue Mar 4, 2014 · 10 comments
Labels
Documentation

Comments

@czenzel
Copy link

czenzel commented Mar 4, 2014

Hello,

I discovered an issue were if I force my web site to FORCE_SSL_ADMIN that I am unable to save web pages unless the editor opens in a SSL mode on the web site. I have a self-signed certificate with FORCE_SSL_ADMIN and LOGIN enabled which prevents the default editor in both the latest Git and plugin stable release not to work. I came up with some pseudo code to replace in the class file to allow for saving of work in SSL. The editor will open in SSL and then save properly.

Some modifications might have to be made, but this is a rough cut to get going.

[code]

public static function edit_link( $id ) {

    $post = get_post( $id );

    if ( ! $post )

        return;

    $edit_url = "";

    if ( $id == get_option( 'page_on_front' ) )
    {
        $edit_url = home_url( '?editing' );
        if (FORCE_SSL_ADMIN) $edit_url = str_ireplace("http://", "https://", $edit_url);
        return $edit_url;
    }

    $permalink = get_permalink( $post->ID );

    if ( strpos( $permalink, '?' ) !== false )
    {
        $edit_url = add_query_arg( 'edit', '', $permalink );
        if (FORCE_SSL_ADMIN) $edit_url = str_ireplace("http://", "https://", $edit_url);
        return $edit_url;
    }

    if ( trailingslashit( $permalink ) === $permalink )
    {
        $edit_url = trailingslashit( $permalink . 'edit' );
        if (FORCE_SSL_ADMIN) $edit_url = str_ireplace("http://", "https://", $edit_url);
        return $edit_url;
    }

    $edit_url = trailingslashit( $permalink ) . 'edit';
    if (FORCE_SSL_ADMIN) $edit_url = str_ireplace("http://", "https://", $edit_url);
    return $edit_url;


}

[/code]

Thanks,
Chris Zenzel
@ellatrix
Copy link
Owner

ellatrix commented Mar 4, 2014

Thanks, I think I've fixed it with the patch above. Could you download the source form GitHub ( not WordPress.org) and let me know if this fixes your problem?

@czenzel
Copy link
Author

czenzel commented Mar 4, 2014

It works for pages, but not the static front page. It looks like the link variable is getting overwritten by another procedure in the code with the If statements. If I add a condition of !$link it works properly.

[code]

public static function edit_link( $id ) {

    $post = get_post( $id );

    if ( ! $post )

        return;

    if ( $id == get_option( 'page_on_front' ) && !$link )

        $link = home_url( '?editing' );

    $permalink = get_permalink( $post->ID );

    if ( strpos( $permalink, '?' ) !== false && !$link )

        $link = add_query_arg( 'edit', '', $permalink );

    if ( trailingslashit( $permalink ) === $permalink && !$link )

        $link = trailingslashit( $permalink . 'edit' );

    if ( ! isset( $link ) )

        $link = trailingslashit( $permalink ) . 'edit';

    if ( force_ssl_admin() )

        $link = set_url_scheme( $link, 'https' );

    return $link;

}

[/code]

Thank you for working on this so fast! I enjoy the plugin especially with the Hueman theme.

@czenzel czenzel mentioned this issue Mar 5, 2014
Closed
@ellatrix
Copy link
Owner

ellatrix commented Mar 5, 2014

Yeah, I guess I overlooked the new post link. I doubt the login issues are related though. Could you try deactivating this plugin?

@ellatrix ellatrix reopened this Mar 5, 2014
@czenzel
Copy link
Author

czenzel commented Mar 5, 2014

Hi avryl,

It seems to be working now. I will do more testing over the week. Thank you for fixing this!

Thanks,
Chris Zenzel

@czenzel
Copy link
Author

czenzel commented Mar 5, 2014

Hi avryl,

I discovered another issue. When the AJAX call is done by jQuery it seems it returns "0" from the admin ajax PHP file. It looks like you need to do the AJAX call from http to http and on an https page to https. I will do testing and let you know if I come with code to fix this.

Thanks,
Chris Zenzel

@czenzel
Copy link
Author

czenzel commented Mar 5, 2014

Here is some rough code for fixing the AJAX calls between HTTP and HTTPS. If you are on the home page for example and say New Post on a non-HTTPS connection while requiring HTTPS it will not work. Here is some rough code to fix it. Place it under public function wp_enqueue_scripts():

[code]

        $ajaxUrl = admin_url('admin-ajax.php');
        if ( force_ssl_admin() &&  !is_ssl() ) {
            $ajaxUrl = set_url_scheme($ajaxUrl, 'http');
        }

        $vars = array(
            'ajaxUrl' => $ajaxUrl,
            'homeUrl' => home_url( '/' ),
            'lock' => ( is_singular() && $user_id ) ? $user->display_name : false
        );

[/code]

@ellatrix ellatrix reopened this Mar 5, 2014
@ellatrix
Copy link
Owner

Hi. We're working on a completely rewritten 1.x version. If you have time, would you mind testing it with SSL?

@ellatrix ellatrix added the 0.x label Aug 13, 2014
@ellatrix ellatrix added this to the 1.0 milestone Aug 17, 2014
@czenzel
Copy link
Author

czenzel commented Aug 24, 2014

Hi avryl, Sorry for the long response time. I have been working on some stuff at work and haven't had a chance to play with Wordpress. I did manage to test the new version and it is working fine with SSL, but I noticed on another site I have that uses a reverse proxy that the wp_redirect in the code is causing too many redirects. Everything else on my site is fine using IIS Reverse Proxy and URL Rewrite to a Synology with Apache; however, activating this plugin makes the home page unusable when logged in.

[code]
wp_redirect( set_url_scheme( $this->edit_link( $post->ID ), 'https' ) );
[/code]

I removed the if and this line in the if statement and my site was able to edit content on the reverse proxy site.

I am going to do some additional testing on my other site as well.

Thanks,
Chris Z.

Edit: 1:08 AM Eastern

It looks like when doing this there is a problem with uploading using the Featured Images. I can upload through the admin tool, but not the Front-End Editor.

@ellatrix
Copy link
Owner

Thanks for the reply! I will try to enable SSL myself sometime. But the right behaviour would be to enforce SSL for any editable pages if FORCE_SSL_ADMIN is true, right? This means any singular post or page, and also the front-page if there is one, if the user has the ability to edit. Hopefully this can be fixed before 1.0.

@ellatrix ellatrix removed the 0.x label Aug 24, 2014
@ellatrix ellatrix changed the title FORCE_SSL_ADMIN Prevents Saving of Content Make sure everything works with FORCE_SSL_ADMIN Aug 24, 2014
@czenzel
Copy link
Author

czenzel commented Aug 27, 2014

Hi avryl,

I would want to edit pages with complete SSL. My site is running dual HTTPS and HTTP because I am using a self-signed certificate for my editing and administration right now and the content is displayed on HTTP. I didn't want to spend a lot for a certificate that was just going to be used for administration.

Anything I edit, upload, or administrate would be SSL. The regular site (for users) would be regular HTTP.

I noticed that even without Reverse Proxy I had issues with using straight IIS with an install of the Wordpress 4 with the redirect to HTTPS. I would go to the home page after activating the plugin and the site would go into a redirect loop and my Mac / Safari would say "Too Many Redirects."

Thank you for all your work on this. The new editing features look great!

Chris Z.

@ellatrix ellatrix modified the milestones: 2.0, 1.0 Jul 7, 2016
@ellatrix ellatrix removed this from the 2.0 milestone Jul 29, 2016
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Documentation
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@czenzel @ellatrix