utilities
2 days ago
ehssl-config.php
1 year ago
ehssl-cronjob.php
1 year ago
ehssl-custom-post-types.php
1 year ago
ehssl-debug-logger.php
1 year ago
ehssl-email-handler.php
1 year ago
ehssl-init-time-tasks.php
2 days ago
ehssl-installation.php
2 days ago
ehssl-non-https-resources-scan-result-table.php
2 days ago
ehssl-non-https-resources-scan-update.php
2 days ago
ehssl-rules-helper.php
2 days ago
ehssl-ssl-certificate.php
1 year ago
index.php
1 year ago
ehssl-rules-helper.php
234 lines
| 1 | <?php |
| 2 | |
| 3 | class EHSSL_Htaccess |
| 4 | { |
| 5 | |
| 6 | public function __construct() |
| 7 | { |
| 8 | |
| 9 | } |
| 10 | |
| 11 | public function write_to_htaccess() |
| 12 | { |
| 13 | //clean up old rules first |
| 14 | if ($this->delete_from_htaccess() == -1) { |
| 15 | return -1; //unable to write to the file |
| 16 | } |
| 17 | |
| 18 | $htaccess = ABSPATH . '.htaccess'; |
| 19 | //get the subdirectory if it is installed in one |
| 20 | $siteurl = explode('/', get_option('siteurl')); |
| 21 | if (isset($siteurl[3])) { |
| 22 | $dir = '/' . $siteurl[3] . '/'; |
| 23 | } else { |
| 24 | $dir = '/'; |
| 25 | } |
| 26 | |
| 27 | if (!$f = @fopen($htaccess, 'a+')) { |
| 28 | @chmod($htaccess, 0644); |
| 29 | if (!$f = @fopen($htaccess, 'a+')) { |
| 30 | return -1; |
| 31 | } |
| 32 | } |
| 33 | |
| 34 | //backup_a_file($htaccess); //TODO - should we back up htaccess file? |
| 35 | |
| 36 | @ini_set('auto_detect_line_endings', true); |
| 37 | $ht = explode(PHP_EOL, implode('', file($htaccess))); //parse each line of file into array |
| 38 | |
| 39 | $rules = $this->getrules(); |
| 40 | if ($rules == -1) { |
| 41 | return -1; |
| 42 | } |
| 43 | |
| 44 | $rulesarray = explode(PHP_EOL, $rules); |
| 45 | $contents = array_merge($rulesarray, $ht); |
| 46 | |
| 47 | if (!$f = @fopen($htaccess, 'w+')) { |
| 48 | return -1; //we can't write to the file |
| 49 | } |
| 50 | |
| 51 | $blank = false; |
| 52 | |
| 53 | //write each line to file |
| 54 | foreach ($contents as $insertline) { |
| 55 | if (trim($insertline) == '') { |
| 56 | if ($blank == false) { |
| 57 | fwrite($f, PHP_EOL . trim($insertline)); |
| 58 | } |
| 59 | $blank = true; |
| 60 | } else { |
| 61 | $blank = false; |
| 62 | fwrite($f, PHP_EOL . trim($insertline)); |
| 63 | } |
| 64 | } |
| 65 | @fclose($f); |
| 66 | return 1; //success |
| 67 | } |
| 68 | |
| 69 | public function getrules() |
| 70 | { |
| 71 | @ini_set('auto_detect_line_endings', true); |
| 72 | |
| 73 | //figure out what server they're using |
| 74 | if (strstr(strtolower( sanitize_text_field( $_SERVER['SERVER_SOFTWARE'] ) ), 'apache')) { |
| 75 | $server_type = 'apache'; |
| 76 | } else if (strstr(strtolower( sanitize_text_field( $_SERVER['SERVER_SOFTWARE'] ) ), 'nginx')) { |
| 77 | $server_type = 'nginx'; |
| 78 | } else if (strstr(strtolower( sanitize_text_field( $_SERVER['SERVER_SOFTWARE'] ) ), 'litespeed')) { |
| 79 | $server_type = 'litespeed'; |
| 80 | } else { //unsupported server |
| 81 | return -1; |
| 82 | } |
| 83 | |
| 84 | //check if some plugins are active to avoid incompatability issues |
| 85 | // WP Fastest Cache |
| 86 | if (isset($GLOBALS["wp_fastest_cache"])) { |
| 87 | $wpfc = true; |
| 88 | $wpfc_rules = '# WP Fastest Cache compatability' . PHP_EOL; |
| 89 | $wpfc_rules .= 'RewriteCond %{REQUEST_URI} !wp-content\/cache\/(all|wpfc-mobile-cache)' . PHP_EOL; |
| 90 | } else { |
| 91 | $wpfc = false; |
| 92 | } |
| 93 | |
| 94 | $rules = ''; |
| 95 | $httpsrdrctn_options = get_option('httpsrdrctn_options'); |
| 96 | $https_full_domain = $httpsrdrctn_options['https_domain']; |
| 97 | $auto_redirect_enabled = $httpsrdrctn_options['https']; |
| 98 | |
| 99 | if ($auto_redirect_enabled != '1') { |
| 100 | //HTTPS Redirection is NOT enabled |
| 101 | return $rules; |
| 102 | } |
| 103 | |
| 104 | if ($https_full_domain == '1') { //HTTPS Redirection on Full Site |
| 105 | $rules .= '<IfModule mod_rewrite.c>' . PHP_EOL; |
| 106 | $rules .= 'RewriteEngine On' . PHP_EOL; |
| 107 | |
| 108 | $rules .= 'RewriteCond %{HTTP:X-Forwarded-Proto} !https' . PHP_EOL; //Handle traffic connecting to your proxy or load balancer |
| 109 | $rules .= 'RewriteCond %{HTTPS} off' . PHP_EOL; //Alternative is to use RewriteCond %{SERVER_PORT} !^443$ |
| 110 | if ($wpfc) { |
| 111 | $rules .= $wpfc_rules; |
| 112 | } |
| 113 | $rules .= 'RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]' . PHP_EOL; |
| 114 | |
| 115 | $rules .= '</IfModule>' . PHP_EOL; |
| 116 | |
| 117 | // Add HTTP Strict Transport Security rules if enabled. |
| 118 | $rules .= $this->get_hsts_rules(); |
| 119 | |
| 120 | } else { //HTTPS Redirection on a Few Pages ONLY |
| 121 | if (empty($httpsrdrctn_options['https_pages_array'])) { |
| 122 | //No specific page has been configured |
| 123 | return ''; |
| 124 | } |
| 125 | |
| 126 | $rules .= '<IfModule mod_rewrite.c>' . PHP_EOL; |
| 127 | $rules .= 'RewriteEngine On' . PHP_EOL; |
| 128 | |
| 129 | $rules .= 'RewriteCond %{HTTP:X-Forwarded-Proto} !https' . PHP_EOL; //Handle traffic connecting to your proxy or load balancer |
| 130 | $rules .= 'RewriteCond %{HTTPS} off' . PHP_EOL; //Alternative is to use RewriteCond %{SERVER_PORT} !^443$ |
| 131 | if ($wpfc) { |
| 132 | $rules .= $wpfc_rules; |
| 133 | } |
| 134 | $count = 0; |
| 135 | $total_pages = count($httpsrdrctn_options['https_pages_array']); |
| 136 | foreach ($httpsrdrctn_options['https_pages_array'] as $https_page) { |
| 137 | //Add a RewriteCond line for each of the individual pages |
| 138 | |
| 139 | $count++; |
| 140 | |
| 141 | if (empty($https_page)) { |
| 142 | continue; |
| 143 | } |
| 144 | |
| 145 | $rules .= 'RewriteCond %{REQUEST_URI} ' . trim($https_page); |
| 146 | if ($total_pages != $count) { //This is not the last page so join them with an OR condition |
| 147 | $rules .= ' [OR]'; |
| 148 | } |
| 149 | $rules .= PHP_EOL; |
| 150 | } |
| 151 | |
| 152 | $rules .= 'RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]' . PHP_EOL; |
| 153 | |
| 154 | $rules .= '</IfModule>' . PHP_EOL; |
| 155 | } |
| 156 | |
| 157 | //Add outer markers if we have rules |
| 158 | if ($rules != '') { |
| 159 | $rules = "# BEGIN HTTPS Redirection Plugin" . PHP_EOL . $rules . "# END HTTPS Redirection Plugin" . PHP_EOL; |
| 160 | } |
| 161 | |
| 162 | return $rules; |
| 163 | } |
| 164 | |
| 165 | public function get_hsts_rules(){ |
| 166 | $httpsrdrctn_options = get_option('httpsrdrctn_options', array()); |
| 167 | $enable_hsts = isset($httpsrdrctn_options['hsts_enabled']) && !empty($httpsrdrctn_options['hsts_enabled']) ? true : false; |
| 168 | |
| 169 | $hsts_rule = ''; |
| 170 | if ($enable_hsts) { |
| 171 | $hsts_max_age = isset($httpsrdrctn_options['hsts_max_age']) && !empty($httpsrdrctn_options['hsts_max_age']) ? absint(sanitize_text_field($httpsrdrctn_options['hsts_max_age'])) : 31536000; |
| 172 | $hsts_include_subdomains = isset($httpsrdrctn_options['hsts_include_sub_domains']) && !empty($httpsrdrctn_options['hsts_include_sub_domains']) ? true : false; |
| 173 | $hsts_preload = isset($httpsrdrctn_options['hsts_preload']) && !empty($httpsrdrctn_options['hsts_preload']) ? true : false; |
| 174 | |
| 175 | // Example: Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" |
| 176 | $header = 'Header always set Strict-Transport-Security "%s" env=HTTPS'; |
| 177 | |
| 178 | $hsts_flags = array(); |
| 179 | $hsts_flags[] = 'max-age='.$hsts_max_age; |
| 180 | |
| 181 | if (!empty($hsts_include_subdomains)){ |
| 182 | $hsts_flags[] = 'includeSubDomains'; |
| 183 | } |
| 184 | |
| 185 | if (!empty($hsts_preload)){ |
| 186 | $hsts_flags[] = 'preload'; |
| 187 | } |
| 188 | |
| 189 | $hsts_rule = '<IfModule mod_headers.c>' . PHP_EOL; |
| 190 | $hsts_rule .= sprintf($header, implode('; ', $hsts_flags)) . PHP_EOL; |
| 191 | $hsts_rule .= '</IfModule>' . PHP_EOL; |
| 192 | } |
| 193 | |
| 194 | return $hsts_rule; |
| 195 | } |
| 196 | |
| 197 | public function delete_from_htaccess($section = 'HTTPS Redirection Plugin') |
| 198 | { |
| 199 | $htaccess = ABSPATH . '.htaccess'; |
| 200 | |
| 201 | @ini_set('auto_detect_line_endings', true); |
| 202 | if (!file_exists($htaccess)) { |
| 203 | $ht = @fopen($htaccess, 'a+'); |
| 204 | @fclose($ht); |
| 205 | } |
| 206 | $ht_contents = explode(PHP_EOL, implode('', file($htaccess))); //parse each line of file into array |
| 207 | if ($ht_contents) { //as long as there are lines in the file |
| 208 | $state = true; |
| 209 | if (!$f = @fopen($htaccess, 'w+')) { |
| 210 | @chmod($htaccess, 0644); |
| 211 | if (!$f = @fopen($htaccess, 'w+')) { |
| 212 | return -1; |
| 213 | } |
| 214 | } |
| 215 | |
| 216 | foreach ($ht_contents as $n => $markerline) { //for each line in the file |
| 217 | if (strpos($markerline, '# BEGIN ' . $section) !== false) { //if we're at the beginning of the section |
| 218 | $state = false; |
| 219 | } |
| 220 | if ($state == true) { //as long as we're not in the section keep writing |
| 221 | fwrite($f, trim($markerline) . PHP_EOL); |
| 222 | } |
| 223 | if (strpos($markerline, '# END ' . $section) !== false) { //see if we're at the end of the section |
| 224 | $state = true; |
| 225 | } |
| 226 | } |
| 227 | @fclose($f); |
| 228 | return 1; |
| 229 | } |
| 230 | return 1; |
| 231 | } |
| 232 | |
| 233 | } |
| 234 |