LLMS_HTTPS
LLMS_HTTPS
Contents
Source Source
File: includes/class.llms.https.php
class LLMS_HTTPS {
/**
* Constructor
*
* @since 3.0.0
*/
public function __construct() {
if ( 'yes' === get_option( 'lifterlms_checkout_force_ssl' ) ) {
add_action( 'template_redirect', array( $this, 'force_https_redirect' ) );
add_action( 'template_redirect', array( $this, 'unforce_https_redirect' ) );
}
}
/**
* Retrieve the http/s version of the current url.
*
* @since 3.35.1
*
* @param bool $https If true, gets the HTTPS url, otherwise gets url without HTTPS
* @return string
*/
protected function get_force_redirect_url( $https = true ) {
$uri = ! empty( $_SERVER['REQUEST_URI'] ) ? filter_var( wp_unslash( $_SERVER['REQUEST_URI'] ), FILTER_SANITIZE_URL ) : '';
// URI is http, switch it to https.
if ( $uri && 0 === strpos( $uri, 'http' ) ) {
return $https ? preg_replace( '|^http://|', 'https://', $uri ) : preg_replace( '|^https://|', 'http://', $uri );
}
// URI doesn't have a protocol, build a new uri.
$redirect = $https ? 'https://' : 'http://';
if ( ! empty( $_SERVER['HTTP_X_FORWARDED_HOST'] ) ) {
$redirect .= sanitize_text_field( wp_unslash( $_SERVER['HTTP_X_FORWARDED_HOST'] ) );
} elseif ( ! empty( $_SERVER['HTTP_HOST'] ) ) {
$redirect .= sanitize_text_field( wp_unslash( $_SERVER['HTTP_HOST'] ) );
}
$redirect .= $uri;
return $redirect;
}
/**
* Redirect to https checkout page is force is enabled
*
* @since 3.0.0
* @since 3.10.0 Unknown
* @since 3.35.1 Sanitize `$_SERVER` input.
*
* @return void
*/
public function force_https_redirect() {
if ( ! is_ssl() && ( is_llms_checkout() || is_llms_account_page() || apply_filters( 'llms_force_ssl_checkout', false ) ) ) {
llms_redirect_and_exit(
$this->get_force_redirect_url( true ),
array(
'status' => 301,
)
);
}
}
/**
* Redirect back to http when not on checkout if force ssl is enabled and the site isn't fully ssl'd
*
* @since 3.0.0
* @since 3.10.0 Unknown
* @since 3.35.1 Sanitize `$_SERVER` input.
*
* @return void
*/
public function unforce_https_redirect() {
if ( ! llms_is_site_https() && is_ssl() && ! is_llms_checkout() & ! is_llms_account_page() && ! llms_is_ajax() && apply_filters( 'llms_unforce_ssl_checkout', true ) ) {
llms_redirect_and_exit(
$this->get_force_redirect_url( false ),
array(
'status' => 301,
)
);
}
}
}
Expand full source code Collapse full source code View on GitHub
Methods Methods
- __construct — Constructor
- force_https_redirect — Redirect to https checkout page is force is enabled
- get_force_redirect_url — Retrieve the http/s version of the current url.
- unforce_https_redirect — Redirect back to http when not on checkout if force ssl is enabled and the site isn't fully ssl'd
Changelog Changelog
| Version | Description |
|---|---|
| 3.35.1 | Sanitize $_SERVER input. |
| 3.0.0 | Introduced. |