abstracts
4 weeks ago
admin
4 weeks ago
blocks
10 months ago
cli
7 months ago
customizer
3 months ago
data-stores
3 weeks ago
emails
3 weeks ago
export
1 year ago
gateways
2 months ago
import
2 months ago
integrations
4 weeks ago
interfaces
3 months ago
legacy
3 months ago
libraries
1 year ago
log-handlers
1 year ago
payment-tokens
5 years ago
product-usage
1 year ago
queue
3 months ago
react-admin
3 months ago
rest-api
4 weeks ago
shipping
2 months ago
shortcodes
2 months ago
theme-support
2 years ago
tracks
3 months ago
traits
5 years ago
walkers
5 years ago
wccom-site
4 weeks ago
widgets
4 weeks ago
class-wc-ajax.php
4 weeks ago
class-wc-auth.php
1 year ago
class-wc-autoloader.php
7 months ago
class-wc-background-emailer.php
4 weeks ago
class-wc-background-updater.php
5 years ago
class-wc-brands-brand-settings-manager.php
1 year ago
class-wc-brands-coupons.php
1 year ago
class-wc-brands.php
4 months ago
class-wc-breadcrumb.php
3 months ago
class-wc-cache-helper.php
4 weeks ago
class-wc-cart-fees.php
2 years ago
class-wc-cart-session.php
2 months ago
class-wc-cart-totals.php
10 months ago
class-wc-cart.php
2 months ago
class-wc-checkout.php
4 weeks ago
class-wc-cli.php
9 months ago
class-wc-comments.php
3 months ago
class-wc-countries.php
4 weeks ago
class-wc-coupon.php
4 weeks ago
class-wc-customer-download-log.php
5 years ago
class-wc-customer-download.php
1 year ago
class-wc-customer.php
4 weeks ago
class-wc-data-exception.php
8 years ago
class-wc-data-store.php
3 years ago
class-wc-datetime.php
4 years ago
class-wc-deprecated-action-hooks.php
2 years ago
class-wc-deprecated-filter-hooks.php
2 months ago
class-wc-discounts.php
10 months ago
class-wc-download-handler.php
1 year ago
class-wc-emails.php
3 weeks ago
class-wc-embed.php
1 year ago
class-wc-form-handler.php
2 months ago
class-wc-frontend-scripts.php
4 weeks ago
class-wc-geo-ip.php
7 months ago
class-wc-geolite-integration.php
6 years ago
class-wc-geolocation.php
4 weeks ago
class-wc-https.php
2 years ago
class-wc-install.php
3 weeks ago
class-wc-integrations.php
5 years ago
class-wc-log-levels.php
2 years ago
class-wc-logger.php
3 months ago
class-wc-meta-data.php
4 years ago
class-wc-order-factory.php
4 weeks ago
class-wc-order-item-coupon.php
4 years ago
class-wc-order-item-fee.php
4 months ago
class-wc-order-item-meta.php
4 years ago
class-wc-order-item-product.php
4 weeks ago
class-wc-order-item-shipping.php
4 months ago
class-wc-order-item-tax.php
4 years ago
class-wc-order-item.php
4 months ago
class-wc-order-query.php
3 months ago
class-wc-order-refund.php
1 year ago
class-wc-order.php
3 weeks ago
class-wc-payment-gateways.php
4 weeks ago
class-wc-payment-tokens.php
3 years ago
class-wc-post-data.php
4 weeks ago
class-wc-post-types.php
4 weeks ago
class-wc-privacy-background-process.php
1 year ago
class-wc-privacy-erasers.php
9 months ago
class-wc-privacy-exporters.php
4 years ago
class-wc-privacy.php
11 months ago
class-wc-product-attribute.php
3 months ago
class-wc-product-download.php
3 months ago
class-wc-product-external.php
1 year ago
class-wc-product-factory.php
2 months ago
class-wc-product-grouped.php
2 months ago
class-wc-product-query.php
3 months ago
class-wc-product-simple.php
10 months ago
class-wc-product-variable.php
2 months ago
class-wc-product-variation.php
1 year ago
class-wc-query.php
4 weeks ago
class-wc-rate-limiter.php
4 years ago
class-wc-regenerate-images-request.php
3 years ago
class-wc-regenerate-images.php
1 year ago
class-wc-register-wp-admin-settings.php
4 years ago
class-wc-rest-authentication.php
1 year ago
class-wc-rest-exception.php
5 years ago
class-wc-session-handler.php
2 months ago
class-wc-shipping-rate.php
11 months ago
class-wc-shipping-zone.php
5 years ago
class-wc-shipping-zones.php
6 months ago
class-wc-shipping.php
4 weeks ago
class-wc-shortcodes.php
1 year ago
class-wc-structured-data.php
4 weeks ago
class-wc-tax.php
4 weeks ago
class-wc-template-loader.php
6 months ago
class-wc-tracker.php
7 months ago
class-wc-validation.php
2 years ago
class-wc-webhook.php
4 weeks ago
class-woocommerce.php
3 weeks ago
wc-account-functions.php
6 months ago
wc-attribute-functions.php
4 weeks ago
wc-brands-functions.php
1 year ago
wc-cart-functions.php
4 months ago
wc-conditional-functions.php
10 months ago
wc-core-functions.php
4 weeks ago
wc-coupon-functions.php
4 months ago
wc-deprecated-functions.php
3 months ago
wc-formatting-functions.php
6 months ago
wc-interactivity-api-functions.php
4 weeks ago
wc-notice-functions.php
4 months ago
wc-order-functions.php
3 weeks ago
wc-order-item-functions.php
3 years ago
wc-order-step-logger-functions.php
3 months ago
wc-page-functions.php
3 weeks ago
wc-product-functions.php
4 weeks ago
wc-rest-functions.php
6 months ago
wc-stock-functions.php
6 months ago
wc-template-functions.php
4 weeks ago
wc-template-hooks.php
9 months ago
wc-term-functions.php
4 weeks ago
wc-update-functions.php
3 weeks ago
wc-user-functions.php
4 weeks ago
wc-webhook-functions.php
4 weeks ago
wc-widget-functions.php
5 years ago
class-wc-https.php
139 lines
| 1 | <?php |
| 2 | |
| 3 | if ( ! defined( 'ABSPATH' ) ) { |
| 4 | exit; // Exit if accessed directly |
| 5 | } |
| 6 | |
| 7 | /** |
| 8 | * WC_HTTPS class. |
| 9 | * |
| 10 | * @class WC_HTTPS |
| 11 | * @version 2.2.0 |
| 12 | * @package WooCommerce\Classes |
| 13 | * @category Class |
| 14 | * @author WooThemes |
| 15 | */ |
| 16 | class WC_HTTPS { |
| 17 | |
| 18 | /** |
| 19 | * Hook in our HTTPS functions if we're on the frontend. This will ensure any links output to a page (when viewing via HTTPS) are also served over HTTPS. |
| 20 | */ |
| 21 | public static function init() { |
| 22 | if ( 'yes' === get_option( 'woocommerce_force_ssl_checkout' ) && ! is_admin() ) { |
| 23 | // HTTPS urls with SSL on |
| 24 | $filters = array( |
| 25 | 'post_thumbnail_html', |
| 26 | 'wp_get_attachment_image_attributes', |
| 27 | 'wp_get_attachment_url', |
| 28 | 'option_stylesheet_url', |
| 29 | 'option_template_url', |
| 30 | 'script_loader_src', |
| 31 | 'style_loader_src', |
| 32 | 'template_directory_uri', |
| 33 | 'stylesheet_directory_uri', |
| 34 | 'site_url', |
| 35 | ); |
| 36 | |
| 37 | foreach ( $filters as $filter ) { |
| 38 | add_filter( $filter, array( __CLASS__, 'force_https_url' ), 999 ); |
| 39 | } |
| 40 | |
| 41 | add_filter( 'page_link', array( __CLASS__, 'force_https_page_link' ), 10, 2 ); |
| 42 | add_action( 'template_redirect', array( __CLASS__, 'force_https_template_redirect' ) ); |
| 43 | |
| 44 | if ( 'yes' == get_option( 'woocommerce_unforce_ssl_checkout' ) ) { |
| 45 | add_action( 'template_redirect', array( __CLASS__, 'unforce_https_template_redirect' ) ); |
| 46 | } |
| 47 | } |
| 48 | add_action( 'http_api_curl', array( __CLASS__, 'http_api_curl' ), 10, 3 ); |
| 49 | } |
| 50 | |
| 51 | /** |
| 52 | * Force https for urls. |
| 53 | * |
| 54 | * @param mixed $content |
| 55 | * @return string |
| 56 | */ |
| 57 | public static function force_https_url( $content ) { |
| 58 | if ( is_ssl() ) { |
| 59 | if ( is_array( $content ) ) { |
| 60 | $content = array_map( 'WC_HTTPS::force_https_url', $content ); |
| 61 | } else { |
| 62 | $content = str_replace( 'http:', 'https:', (string) $content ); |
| 63 | } |
| 64 | } |
| 65 | return $content; |
| 66 | } |
| 67 | |
| 68 | /** |
| 69 | * Force a post link to be SSL if needed. |
| 70 | * |
| 71 | * @param string $link |
| 72 | * @param int $page_id |
| 73 | * |
| 74 | * @return string |
| 75 | */ |
| 76 | public static function force_https_page_link( $link, $page_id ) { |
| 77 | if ( in_array( $page_id, array( get_option( 'woocommerce_checkout_page_id' ), get_option( 'woocommerce_myaccount_page_id' ) ) ) ) { |
| 78 | $link = str_replace( 'http:', 'https:', $link ); |
| 79 | } elseif ( 'yes' === get_option( 'woocommerce_unforce_ssl_checkout' ) && ! wc_site_is_https() ) { |
| 80 | $link = str_replace( 'https:', 'http:', $link ); |
| 81 | } |
| 82 | return $link; |
| 83 | } |
| 84 | |
| 85 | /** |
| 86 | * Template redirect - if we end up on a page ensure it has the correct http/https url. |
| 87 | */ |
| 88 | public static function force_https_template_redirect() { |
| 89 | if ( ! is_ssl() && ( is_checkout() || is_account_page() || apply_filters( 'woocommerce_force_ssl_checkout', false ) ) ) { |
| 90 | |
| 91 | if ( 0 === strpos( $_SERVER['REQUEST_URI'], 'http' ) ) { |
| 92 | wp_safe_redirect( preg_replace( '|^http://|', 'https://', $_SERVER['REQUEST_URI'] ) ); |
| 93 | exit; |
| 94 | } else { |
| 95 | wp_safe_redirect( 'https://' . ( ! empty( $_SERVER['HTTP_X_FORWARDED_HOST'] ) ? $_SERVER['HTTP_X_FORWARDED_HOST'] : $_SERVER['HTTP_HOST'] ) . $_SERVER['REQUEST_URI'] ); |
| 96 | exit; |
| 97 | } |
| 98 | } |
| 99 | } |
| 100 | |
| 101 | /** |
| 102 | * Template redirect - if we end up on a page ensure it has the correct http/https url. |
| 103 | */ |
| 104 | public static function unforce_https_template_redirect() { |
| 105 | if ( function_exists( 'is_customize_preview' ) && is_customize_preview() ) { |
| 106 | return; |
| 107 | } |
| 108 | |
| 109 | if ( ! wc_site_is_https() && is_ssl() && $_SERVER['REQUEST_URI'] && ! is_checkout() && ! wp_doing_ajax() && ! is_account_page() && apply_filters( 'woocommerce_unforce_ssl_checkout', true ) ) { |
| 110 | |
| 111 | if ( 0 === strpos( $_SERVER['REQUEST_URI'], 'http' ) ) { |
| 112 | wp_safe_redirect( preg_replace( '|^https://|', 'http://', $_SERVER['REQUEST_URI'] ) ); |
| 113 | exit; |
| 114 | } else { |
| 115 | wp_safe_redirect( 'http://' . ( ! empty( $_SERVER['HTTP_X_FORWARDED_HOST'] ) ? $_SERVER['HTTP_X_FORWARDED_HOST'] : $_SERVER['HTTP_HOST'] ) . $_SERVER['REQUEST_URI'] ); |
| 116 | exit; |
| 117 | } |
| 118 | } |
| 119 | } |
| 120 | |
| 121 | /** |
| 122 | * Force posts to PayPal to use TLS v1.2. See: |
| 123 | * https://core.trac.wordpress.org/ticket/36320 |
| 124 | * https://core.trac.wordpress.org/ticket/34924#comment:13 |
| 125 | * https://www.paypal-knowledge.com/infocenter/index?page=content&widgetview=true&id=FAQ1914&viewlocale=en_US |
| 126 | * |
| 127 | * @param string $handle |
| 128 | * @param mixed $r |
| 129 | * @param string $url |
| 130 | */ |
| 131 | public static function http_api_curl( $handle, $r, $url ) { |
| 132 | if ( strstr( $url, 'https://' ) && ( strstr( $url, '.paypal.com/nvp' ) || strstr( $url, '.paypal.com/cgi-bin/webscr' ) ) ) { |
| 133 | curl_setopt( $handle, CURLOPT_SSLVERSION, 6 ); |
| 134 | } |
| 135 | } |
| 136 | } |
| 137 | |
| 138 | WC_HTTPS::init(); |
| 139 |