PluginProbe ʕ •ᴥ•ʔ
Easy HTTPS Redirection (SSL) / 2.0.1
Easy HTTPS Redirection (SSL) v2.0.1
trunk 1.5 1.6 1.8 1.9.1 1.9.2 2.0.0 2.0.1
https-redirection / classes / ehssl-rules-helper.php
https-redirection / classes Last commit date
utilities 2 days ago ehssl-config.php 1 year ago ehssl-cronjob.php 1 year ago ehssl-custom-post-types.php 1 year ago ehssl-debug-logger.php 1 year ago ehssl-email-handler.php 1 year ago ehssl-init-time-tasks.php 2 days ago ehssl-installation.php 2 days ago ehssl-non-https-resources-scan-result-table.php 2 days ago ehssl-non-https-resources-scan-update.php 2 days ago ehssl-rules-helper.php 2 days ago ehssl-ssl-certificate.php 1 year ago index.php 1 year ago
ehssl-rules-helper.php
234 lines
1 <?php
2
3 class EHSSL_Htaccess
4 {
5
6 public function __construct()
7 {
8
9 }
10
11 public function write_to_htaccess()
12 {
13 //clean up old rules first
14 if ($this->delete_from_htaccess() == -1) {
15 return -1; //unable to write to the file
16 }
17
18 $htaccess = ABSPATH . '.htaccess';
19 //get the subdirectory if it is installed in one
20 $siteurl = explode('/', get_option('siteurl'));
21 if (isset($siteurl[3])) {
22 $dir = '/' . $siteurl[3] . '/';
23 } else {
24 $dir = '/';
25 }
26
27 if (!$f = @fopen($htaccess, 'a+')) {
28 @chmod($htaccess, 0644);
29 if (!$f = @fopen($htaccess, 'a+')) {
30 return -1;
31 }
32 }
33
34 //backup_a_file($htaccess); //TODO - should we back up htaccess file?
35
36 @ini_set('auto_detect_line_endings', true);
37 $ht = explode(PHP_EOL, implode('', file($htaccess))); //parse each line of file into array
38
39 $rules = $this->getrules();
40 if ($rules == -1) {
41 return -1;
42 }
43
44 $rulesarray = explode(PHP_EOL, $rules);
45 $contents = array_merge($rulesarray, $ht);
46
47 if (!$f = @fopen($htaccess, 'w+')) {
48 return -1; //we can't write to the file
49 }
50
51 $blank = false;
52
53 //write each line to file
54 foreach ($contents as $insertline) {
55 if (trim($insertline) == '') {
56 if ($blank == false) {
57 fwrite($f, PHP_EOL . trim($insertline));
58 }
59 $blank = true;
60 } else {
61 $blank = false;
62 fwrite($f, PHP_EOL . trim($insertline));
63 }
64 }
65 @fclose($f);
66 return 1; //success
67 }
68
69 public function getrules()
70 {
71 @ini_set('auto_detect_line_endings', true);
72
73 //figure out what server they're using
74 if (strstr(strtolower( sanitize_text_field( $_SERVER['SERVER_SOFTWARE'] ) ), 'apache')) {
75 $server_type = 'apache';
76 } else if (strstr(strtolower( sanitize_text_field( $_SERVER['SERVER_SOFTWARE'] ) ), 'nginx')) {
77 $server_type = 'nginx';
78 } else if (strstr(strtolower( sanitize_text_field( $_SERVER['SERVER_SOFTWARE'] ) ), 'litespeed')) {
79 $server_type = 'litespeed';
80 } else { //unsupported server
81 return -1;
82 }
83
84 //check if some plugins are active to avoid incompatability issues
85 // WP Fastest Cache
86 if (isset($GLOBALS["wp_fastest_cache"])) {
87 $wpfc = true;
88 $wpfc_rules = '# WP Fastest Cache compatability' . PHP_EOL;
89 $wpfc_rules .= 'RewriteCond %{REQUEST_URI} !wp-content\/cache\/(all|wpfc-mobile-cache)' . PHP_EOL;
90 } else {
91 $wpfc = false;
92 }
93
94 $rules = '';
95 $httpsrdrctn_options = get_option('httpsrdrctn_options');
96 $https_full_domain = $httpsrdrctn_options['https_domain'];
97 $auto_redirect_enabled = $httpsrdrctn_options['https'];
98
99 if ($auto_redirect_enabled != '1') {
100 //HTTPS Redirection is NOT enabled
101 return $rules;
102 }
103
104 if ($https_full_domain == '1') { //HTTPS Redirection on Full Site
105 $rules .= '<IfModule mod_rewrite.c>' . PHP_EOL;
106 $rules .= 'RewriteEngine On' . PHP_EOL;
107
108 $rules .= 'RewriteCond %{HTTP:X-Forwarded-Proto} !https' . PHP_EOL; //Handle traffic connecting to your proxy or load balancer
109 $rules .= 'RewriteCond %{HTTPS} off' . PHP_EOL; //Alternative is to use RewriteCond %{SERVER_PORT} !^443$
110 if ($wpfc) {
111 $rules .= $wpfc_rules;
112 }
113 $rules .= 'RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]' . PHP_EOL;
114
115 $rules .= '</IfModule>' . PHP_EOL;
116
117 // Add HTTP Strict Transport Security rules if enabled.
118 $rules .= $this->get_hsts_rules();
119
120 } else { //HTTPS Redirection on a Few Pages ONLY
121 if (empty($httpsrdrctn_options['https_pages_array'])) {
122 //No specific page has been configured
123 return '';
124 }
125
126 $rules .= '<IfModule mod_rewrite.c>' . PHP_EOL;
127 $rules .= 'RewriteEngine On' . PHP_EOL;
128
129 $rules .= 'RewriteCond %{HTTP:X-Forwarded-Proto} !https' . PHP_EOL; //Handle traffic connecting to your proxy or load balancer
130 $rules .= 'RewriteCond %{HTTPS} off' . PHP_EOL; //Alternative is to use RewriteCond %{SERVER_PORT} !^443$
131 if ($wpfc) {
132 $rules .= $wpfc_rules;
133 }
134 $count = 0;
135 $total_pages = count($httpsrdrctn_options['https_pages_array']);
136 foreach ($httpsrdrctn_options['https_pages_array'] as $https_page) {
137 //Add a RewriteCond line for each of the individual pages
138
139 $count++;
140
141 if (empty($https_page)) {
142 continue;
143 }
144
145 $rules .= 'RewriteCond %{REQUEST_URI} ' . trim($https_page);
146 if ($total_pages != $count) { //This is not the last page so join them with an OR condition
147 $rules .= ' [OR]';
148 }
149 $rules .= PHP_EOL;
150 }
151
152 $rules .= 'RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]' . PHP_EOL;
153
154 $rules .= '</IfModule>' . PHP_EOL;
155 }
156
157 //Add outer markers if we have rules
158 if ($rules != '') {
159 $rules = "# BEGIN HTTPS Redirection Plugin" . PHP_EOL . $rules . "# END HTTPS Redirection Plugin" . PHP_EOL;
160 }
161
162 return $rules;
163 }
164
165 public function get_hsts_rules(){
166 $httpsrdrctn_options = get_option('httpsrdrctn_options', array());
167 $enable_hsts = isset($httpsrdrctn_options['hsts_enabled']) && !empty($httpsrdrctn_options['hsts_enabled']) ? true : false;
168
169 $hsts_rule = '';
170 if ($enable_hsts) {
171 $hsts_max_age = isset($httpsrdrctn_options['hsts_max_age']) && !empty($httpsrdrctn_options['hsts_max_age']) ? absint(sanitize_text_field($httpsrdrctn_options['hsts_max_age'])) : 31536000;
172 $hsts_include_subdomains = isset($httpsrdrctn_options['hsts_include_sub_domains']) && !empty($httpsrdrctn_options['hsts_include_sub_domains']) ? true : false;
173 $hsts_preload = isset($httpsrdrctn_options['hsts_preload']) && !empty($httpsrdrctn_options['hsts_preload']) ? true : false;
174
175 // Example: Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
176 $header = 'Header always set Strict-Transport-Security "%s" env=HTTPS';
177
178 $hsts_flags = array();
179 $hsts_flags[] = 'max-age='.$hsts_max_age;
180
181 if (!empty($hsts_include_subdomains)){
182 $hsts_flags[] = 'includeSubDomains';
183 }
184
185 if (!empty($hsts_preload)){
186 $hsts_flags[] = 'preload';
187 }
188
189 $hsts_rule = '<IfModule mod_headers.c>' . PHP_EOL;
190 $hsts_rule .= sprintf($header, implode('; ', $hsts_flags)) . PHP_EOL;
191 $hsts_rule .= '</IfModule>' . PHP_EOL;
192 }
193
194 return $hsts_rule;
195 }
196
197 public function delete_from_htaccess($section = 'HTTPS Redirection Plugin')
198 {
199 $htaccess = ABSPATH . '.htaccess';
200
201 @ini_set('auto_detect_line_endings', true);
202 if (!file_exists($htaccess)) {
203 $ht = @fopen($htaccess, 'a+');
204 @fclose($ht);
205 }
206 $ht_contents = explode(PHP_EOL, implode('', file($htaccess))); //parse each line of file into array
207 if ($ht_contents) { //as long as there are lines in the file
208 $state = true;
209 if (!$f = @fopen($htaccess, 'w+')) {
210 @chmod($htaccess, 0644);
211 if (!$f = @fopen($htaccess, 'w+')) {
212 return -1;
213 }
214 }
215
216 foreach ($ht_contents as $n => $markerline) { //for each line in the file
217 if (strpos($markerline, '# BEGIN ' . $section) !== false) { //if we're at the beginning of the section
218 $state = false;
219 }
220 if ($state == true) { //as long as we're not in the section keep writing
221 fwrite($f, trim($markerline) . PHP_EOL);
222 }
223 if (strpos($markerline, '# END ' . $section) !== false) { //see if we're at the end of the section
224 $state = true;
225 }
226 }
227 @fclose($f);
228 return 1;
229 }
230 return 1;
231 }
232
233 }
234