[Plugin: WordPress HTTPS (SSL)] Subpages

  • Hi, I made a little enhancement: Forcing SSL on subpages. It’s a checkbox next to the Force SSL that makes any page under the current to have SSL forced. It does not require the current page to be served by SSL – you’d have to check the standard box to do that.

    So you could have
    /cart/ <– http ( Force SSL: [ ], for subpages: [X] )
    /cart/checkout/ <– https ( even when Force SSL: [ ], for subpages: [ ] )

    It’s a few lines only… I’ll make a patch if you like.
    Not wild about the label “for subpages” but propagate/inherit seemed too technical.

    https://www.ads-software.com/extend/plugins/wordpress-https/

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author mvied

    (@mvied)

    Hey Marco,

    I actually have plans to add a textarea to the settings page that would allow you to do regex patterns that should be forced to HTTPS. So with that setup, you could just put “/cart/” on one line of the textarea and any URL that contains “/cart/” would be forced to HTTPS. I’ll probably get it into the version after I release 2.0.

    Thanks,
    Mike

    Thread Starter Marco

    (@mimecine)

    That’d be really nice. Anyway I can convince you to use this in 2.0 until you implement (or in addition to) the regex fields? I am just thinking that I’d love to be able to use the normal update channels in case you, me or anyone finds a serious bug, and at the same time I find my solution very adequate in many situations. I suspect a lot of people see their pages as a tree-structure, and kind of expect a ‘secured’ page to have their children secured as well…

    Plugin Author mvied

    (@mvied)

    Hey Marco,

    Probably not. I’d hate to add a feature only to turn around and remove it in the next release. However, in 2.0 I’m allowing people to plugin to WordPress HTTPS. The snippet below will force any page whose parent page has Force SSL checked to be redirected to HTTPS. You can place this in your theme’s functions.php or you can stick it in a plugin so you can turn it on and off.

    function secure_child_pages($force_ssl, $postID) {
	$post = get_post($postID);

	if ( $post->post_parent && get_post_meta($post->post_parent, 'force_ssl', true) ) {
		$force_ssl = true;
	}
	return $force_ssl;
}
add_filter('force_ssl', 'secure_child_pages');

    You can make a slight modification to 1.9.2 to allow this to work. Beneath line 511:
    $forceSSL = get_post_meta($post->ID, 'force_ssl', true);

    Add:
    $forceSSL = apply_filters('force_ssl', $forceSSL, $post->ID);

    Thanks,
    Mike

    Thread Starter Marco

    (@mimecine)

    Understandable.
    Not sure I’ll make a plugin of it since it makes more sense to have the second checkbox next to the current one.
    And just to clarify, the mod would make the force ssl deep – it checks all ancestors for the force_ssl_subpages.
    I felt it had some usability going for it, not requiring additional code in the functions file for a feature I believed many people would want. I agree that the regular expressions would scratch the same itch, but it is also a bit codey for a lot of people.
    Although, if a regex is too codey, one might argue that the user shouldn’t dabble with certificates..

    Plugin Author mvied

    (@mvied)

    Hey Marco,

    Yeah, that snippet was really just a proof of concept. Anyone with the know how could alter it to do anything they need, which is the idea.

    I understand concerns about regex being confusing, but you can also just use plain text like my previous example of “/cart/” which would be fine for most users.

    My initial idea was to create a screen where you could manage which pages are secure and which ones aren’t, but I couldn’t come up with a clean, easy to use interface to accomplish that. So, I just went with the checkbox idea until I could think of something better.

    Thanks,
    Mike

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘[Plugin: WordPress HTTPS (SSL)] Subpages’ is closed to new replies.