Skip to content

Commit 35967ee

Browse files
jessuppijessuppi
authored
Update force-https.php
1 parent e5043f8 commit 35967ee

File tree

1 file changed

+64
-47
lines changed

1 file changed

+64
-47
lines changed

force-https.php

Lines changed: 64 additions & 47 deletions
Original file line numberDiff line numberDiff line change
@@ -52,70 +52,87 @@ function force_https_redirect() {
5252
add_action( $hook, 'force_https_redirect', 10 );
5353
}
5454

55-
// enforce https on valid urls and replace http in text content
55+
// enforce https for valid urls only
5656
function force_https_securize_url( $value ) {
57-
58-
// return original if not a string
59-
if ( ! is_string( $value ) ) {
57+
// return unchanged if not a string or does not start with http
58+
if ( ! is_string( $value ) || stripos( $value, 'http://' ) !== 0 ) {
6059
return $value;
6160
}
6261

63-
// enforce https for valid urls
64-
$secure_value = set_url_scheme( $value, 'https' );
65-
66-
// return if url scheme was changed (valid URL handled)
67-
if ( $secure_value !== $value ) {
68-
return $secure_value;
69-
}
70-
71-
// replace http with https in text or html content only if needed
72-
return ( strpos( $value, 'http://' ) !== false ) ? str_replace( 'http://', 'https://', $value ) : $value;
62+
// convert to https
63+
return set_url_scheme( $value, 'https' );
7364
}
7465

7566
// apply https to all relevant wordpress filters
76-
add_filter( 'admin_url', 'force_https_securize_url', 999 );
77-
add_filter( 'do_shortcode_tag', 'force_https_securize_url', 999 );
78-
add_filter( 'embed_oembed_html', 'force_https_securize_url', 999 );
79-
add_filter( 'get_avatar_url', 'force_https_securize_url', 999 );
80-
add_filter( 'get_custom_logo', 'force_https_securize_url', 999 );
81-
add_filter( 'home_url', 'force_https_securize_url', 999 );
82-
add_filter( 'includes_url', 'force_https_securize_url', 999 );
83-
add_filter( 'login_redirect', 'force_https_securize_url', 999 );
84-
add_filter( 'logout_redirect', 'force_https_securize_url', 999 );
85-
add_filter( 'network_home_url', 'force_https_securize_url', 999 );
86-
add_filter( 'network_site_url', 'force_https_securize_url', 999 );
87-
add_filter( 'page_link', 'force_https_securize_url', 999 );
88-
add_filter( 'post_link', 'force_https_securize_url', 999 );
89-
add_filter( 'rest_url', 'force_https_securize_url', 999 );
90-
add_filter( 'script_loader_src', 'force_https_securize_url', 999 );
91-
add_filter( 'site_url', 'force_https_securize_url', 999 );
92-
add_filter( 'stylesheet_directory_uri', 'force_https_securize_url', 999 );
93-
add_filter( 'style_loader_src', 'force_https_securize_url', 999 );
94-
add_filter( 'template_directory_uri', 'force_https_securize_url', 999 );
95-
add_filter( 'term_link', 'force_https_securize_url', 999 );
96-
add_filter( 'widget_text', 'force_https_securize_url', 999 );
97-
add_filter( 'widget_text_content', 'force_https_securize_url', 999 );
98-
add_filter( 'wp_get_attachment_url', 'force_https_securize_url', 999 );
99-
add_filter( 'wp_redirect', 'force_https_securize_url', 999 );
100-
101-
// enforce https on filtered HTML output
67+
add_filter( 'admin_url', 'force_https_securize_url', 10 );
68+
add_filter( 'ajax_url', 'force_https_securize_url', 10 );
69+
add_filter( 'attachment_link', 'force_https_securize_url', 10 );
70+
add_filter( 'author_feed_link', 'force_https_securize_url', 10 );
71+
add_filter( 'author_link', 'force_https_securize_url', 10 );
72+
add_filter( 'category_feed_link', 'force_https_securize_url', 10 );
73+
add_filter( 'category_link', 'force_https_securize_url', 10 );
74+
add_filter( 'comment_link', 'force_https_securize_url', 10 );
75+
add_filter( 'content_url', 'force_https_securize_url', 10 );
76+
add_filter( 'day_link', 'force_https_securize_url', 10 );
77+
add_filter( 'do_shortcode_tag', 'force_https_securize_url', 10 );
78+
add_filter( 'embed_oembed_html', 'force_https_securize_url', 10 );
79+
add_filter( 'feed_link', 'force_https_securize_url', 10 );
80+
add_filter( 'get_avatar_url', 'force_https_securize_url', 10 );
81+
add_filter( 'get_custom_logo', 'force_https_securize_url', 10 );
82+
add_filter( 'home_url', 'force_https_securize_url', 10 );
83+
add_filter( 'includes_url', 'force_https_securize_url', 10 );
84+
add_filter( 'login_redirect', 'force_https_securize_url', 10 );
85+
add_filter( 'logout_redirect', 'force_https_securize_url', 10 );
86+
add_filter( 'month_link', 'force_https_securize_url', 10 );
87+
add_filter( 'network_home_url', 'force_https_securize_url', 10 );
88+
add_filter( 'network_site_url', 'force_https_securize_url', 10 );
89+
add_filter( 'page_link', 'force_https_securize_url', 10 );
90+
add_filter( 'plugins_url', 'force_https_securize_url', 10 );
91+
add_filter( 'post_link', 'force_https_securize_url', 10 );
92+
add_filter( 'pre_option_permalink_structure', 'force_https_securize_url', 10 );
93+
add_filter( 'rest_url', 'force_https_securize_url', 10 );
94+
add_filter( 'script_loader_src', 'force_https_securize_url', 10 );
95+
add_filter( 'site_url', 'force_https_securize_url', 10 );
96+
add_filter( 'stylesheet_directory_uri', 'force_https_securize_url', 10 );
97+
add_filter( 'style_loader_src', 'force_https_securize_url', 10 );
98+
add_filter( 'tag_link', 'force_https_securize_url', 10 );
99+
add_filter( 'template_directory_uri', 'force_https_securize_url', 10 );
100+
add_filter( 'term_link', 'force_https_securize_url', 10 );
101+
add_filter( 'theme_file_uri', 'force_https_securize_url', 10 );
102+
add_filter( 'woocommerce_account_endpoint_url', 'force_https_securize_url', 10 );
103+
add_filter( 'woocommerce_get_cart_url', 'force_https_securize_url', 10 );
104+
add_filter( 'woocommerce_get_checkout_url', 'force_https_securize_url', 10 );
105+
add_filter( 'woocommerce_get_terms_and_conditions_page', 'force_https_securize_url', 10 );
106+
add_filter( 'wp_get_attachment_metadata', 'force_https_securize_url', 10 );
107+
add_filter( 'wp_get_attachment_url', 'force_https_securize_url', 10 );
108+
add_filter( 'wp_upload_dir', 'force_https_securize_url', 10 );
109+
add_filter( 'year_link', 'force_https_securize_url', 10 );
110+
111+
// replace http with https in text or html content
102112
function force_https_filter_output( $content ) {
103-
104-
// return original if not a string
113+
// return unchanged if not a string or http not found
105114
if ( ! is_string( $content ) || strpos( $content, 'http://' ) === false ) {
106115
return $content;
107116
}
108117

109-
// replace http with https
118+
// replace all instances of http with https
110119
return str_replace( 'http://', 'https://', $content );
111120
}
112121

113-
// apply to simple HTML filters that need URL enforcement
114-
add_filter( 'post_thumbnail_html', 'force_https_filter_output', 999 );
115-
add_filter( 'render_block', 'force_https_filter_output', 999 );
122+
// apply to simple html filters that need url enforcement
123+
add_filter( 'comment_text', 'force_https_filter_output', 20 );
124+
add_filter( 'post_thumbnail_html', 'force_https_filter_output', 10 );
125+
add_filter( 'render_block', 'force_https_filter_output', 20 );
116126
add_filter( 'rest_pre_echo_response', 'force_https_filter_output', 999 );
117-
add_filter( 'walker_nav_menu_start_el', 'force_https_filter_output', 999 );
127+
add_filter( 'walker_nav_menu_start_el', 'force_https_filter_output', 10 );
128+
add_filter( 'widget_text', 'force_https_filter_output', 20 );
129+
add_filter( 'widget_text_content', 'force_https_filter_output', 20 );
118130
add_filter( 'woocommerce_email_footer_text', 'force_https_filter_output', 999 );
131+
add_filter( 'woocommerce_rest_prepare_coupon', 'force_https_filter_output', 999 );
132+
add_filter( 'woocommerce_rest_prepare_customer', 'force_https_filter_output', 999 );
133+
add_filter( 'woocommerce_rest_prepare_order', 'force_https_filter_output', 999 );
134+
add_filter( 'woocommerce_rest_prepare_product', 'force_https_filter_output', 999 );
135+
add_filter( 'wp_redirect', 'force_https_filter_output', 999 );
119136

120137
// force https on all elements and attributes with urls
121138
add_filter( 'the_content', 'force_https_process_content', 20 );

0 commit comments

Comments
 (0)