rsssl_front_end->autoreplace_insecure_links) { $this->fix_mixed_content(); } } static function this() { return self::$_this; } /** * * add action hooks at the start and at the end of the WP process. * * @since 2.3 * * @access public * */ public function fix_mixed_content() { /* Do not fix mixed content when call is coming from wp_api or from xmlrpc */ if (defined('JSON_REQUEST') && JSON_REQUEST) return; if (defined('XMLRPC_REQUEST') && XMLRPC_REQUEST) return; $this->build_url_list(); /* Take care with modifications to hooks here: hooks tend to differ between front and back-end. */ if (is_admin()) { add_action("admin_init", array($this, "start_buffer"), 100); add_action("shutdown", array($this, "end_buffer"), 999); } else { if (RSSSL()->rsssl_front_end->switch_mixed_content_fixer_hook || (defined('RSSSL_CONTENT_FIXER_ON_INIT') && RSSSL_CONTENT_FIXER_ON_INIT)) { add_action("init", array($this, "start_buffer")); } else { add_action("template_redirect", array($this, "start_buffer")); } add_action("shutdown", array($this, "end_buffer"), 999); } } /** * Apply the mixed content fixer. * * @since 2.3 * * @access public * */ public function filter_buffer($buffer) { $buffer = $this->replace_insecure_links($buffer); return $buffer; } /** * Start buffering the output * * @since 2.0 * * @access public * */ public function start_buffer() { ob_start(array($this, "filter_buffer")); } /** * Flush the output buffer * * @since 2.0 * * @access public * */ public function end_buffer() { if (ob_get_length()) ob_end_flush(); } /** * Creates an array of insecure links that should be https and an array of secure links to replace with * * @since 2.0 * * @access public * */ public function build_url_list() { $home = str_replace("https://", "http://", get_option('home')); $home_no_www = str_replace("://www.", "://", $home); $home_yes_www = str_replace("://", "://www.", $home_no_www); //for the escaped version, we only replace the home_url, not it's www or non www counterpart, as it is most likely not used $escaped_home = str_replace("/", "\/", $home); $this->http_urls = array( $home_yes_www, $home_no_www, $escaped_home, "src='http://", 'src="http://', ); } /** * Just before the page is sent to the visitor's browser, all homeurl links are replaced with https. * * @since 1.0 * * @access public * */ public function replace_insecure_links($str) { //skip if file is xml if (substr($str, 0, 5) == "http_urls); $ssl_array = str_replace(array("http://", "http:\/\/"), array("https://", "https:\/\/"), $search_array); //now replace these links $str = str_replace($search_array, $ssl_array, $str); //replace all http links except hyperlinks //all tags with src attr are already fixed by str_replace $pattern = array( '/url\([\'"]?\K(http:\/\/)(?=[^)]+)/i', '/]*?href=[\'"]\K(http:\/\/)(?=[^\'"]+)/i', '/]*?content=[\'"]\K(http:\/\/)(?=[^\'"]+)/i', '/
]*?action=[\'"]\K(http:\/\/)(?=[^\'"]+)/i', ); $str = preg_replace($pattern, 'https://', $str); /* handle multiple images in srcset */ $str = preg_replace_callback('/]*[^\>\S]+srcset=[\'"]\K((?:[^"\'\s,]+\s*(?:\s+\d+[wx])(?:,\s*)?)+)["\']/', array($this, 'replace_src_set'), $str); $str = str_replace("