From c790febe36ff57dd8165c3a0b29cd4b438200f4d Mon Sep 17 00:00:00 2001 From: ryan Date: Fri, 6 Jun 2008 07:39:11 +0000 Subject: [PATCH] More use of site_url(), admin_url(), and site_url(). Force login and admin links to be https if FORCE_SSL_LOGIN. see #7001 git-svn-id: http://svn.automattic.com/wordpress/trunk@8058 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/admin.php | 2 +- wp-includes/general-template.php | 8 ++++---- wp-includes/link-template.php | 12 ++++++++---- wp-includes/pluggable.php | 25 +++++++++++-------------- wp-includes/post.php | 2 +- wp-includes/script-loader.php | 8 ++++---- wp-includes/widgets.php | 4 ++-- wp-login.php | 10 +++++----- 8 files changed, 36 insertions(+), 35 deletions(-) diff --git a/wp-admin/admin.php b/wp-admin/admin.php index e0beb289d..53303b590 100644 --- a/wp-admin/admin.php +++ b/wp-admin/admin.php @@ -7,7 +7,7 @@ else require_once('../wp-load.php'); if ( get_option('db_version') != $wp_db_version ) { - wp_redirect(get_option('siteurl') . '/wp-admin/upgrade.php?_wp_http_referer=' . urlencode(stripslashes($_SERVER['REQUEST_URI']))); + wp_redirect(admin_url('upgrade.php?_wp_http_referer=' . urlencode(stripslashes($_SERVER['REQUEST_URI'])))); exit; } diff --git a/wp-includes/general-template.php b/wp-includes/general-template.php index f5680bf51..83b979a4e 100644 --- a/wp-includes/general-template.php +++ b/wp-includes/general-template.php @@ -33,9 +33,9 @@ function get_sidebar( $name = null ) { function wp_loginout() { if ( ! is_user_logged_in() ) - $link = '' . __('Log in') . ''; + $link = '' . __('Log in') . ''; else - $link = '' . __('Log out') . ''; + $link = '' . __('Log out') . ''; echo apply_filters('loginout', $link); } @@ -45,11 +45,11 @@ function wp_register( $before = '
  • ', $after = '
    • ' ) { if ( ! is_user_logged_in() ) { if ( get_option('users_can_register') ) - $link = $before . '' . __('Register') . '' . $after; + $link = $before . '' . __('Register') . '' . $after; else $link = ''; } else { - $link = $before . '' . __('Site Admin') . '' . $after; + $link = $before . '' . __('Site Admin') . '' . $after; } echo apply_filters('register', $link); diff --git a/wp-includes/link-template.php b/wp-includes/link-template.php index 8b58b3d48..cd9f053a8 100644 --- a/wp-includes/link-template.php +++ b/wp-includes/link-template.php @@ -750,7 +750,7 @@ function get_shortcut_link() { var k=d.getSelection; var x=d.selection; var s=(e?e():(k)?k():(x?x.createRange().text:0)); - var f='" . get_settings('siteurl') . '/wp-admin/press-this.php' . "'; + var f='" . admin_url('press-this.php') . "'; var l=d.location; var e=encodeURIComponent; var u= '?u=' + e(l.href); @@ -779,8 +779,12 @@ function get_shortcut_link() { // if $scheme is 'http' or 'https' it will override is_ssl() function site_url($path = '', $scheme = null) { // should the list of allowed schemes be maintained elsewhere? - if ( !in_array($scheme, array('http', 'https')) ) - $scheme = ( is_ssl() ? 'https' : 'http' ); + if ( !in_array($scheme, array('http', 'https')) ) { + if ( ('forceable' == $scheme) && (defined('FORCE_SSL_LOGIN') && FORCE_SSL_LOGIN) ) + $scheme = 'https'; + else + $scheme = ( is_ssl() ? 'https' : 'http' ); + } $url = str_replace( 'http://', "{$scheme}://", get_option('siteurl') ); @@ -793,7 +797,7 @@ function site_url($path = '', $scheme = null) { function admin_url($path = '') { global $_wp_admin_url; - $url = site_url() . '/wp-admin/'; + $url = site_url('wp-admin/', 'forceable'); if ( !empty($path) && is_string($path) && strpos($path, '..') === false ) $url .= ltrim($path, '/'); diff --git a/wp-includes/pluggable.php b/wp-includes/pluggable.php index f666e192f..f8397cde7 100644 --- a/wp-includes/pluggable.php +++ b/wp-includes/pluggable.php @@ -643,11 +643,8 @@ function auth_redirect() { // The cookie is no good so force login nocache_headers(); - $login_url = get_option('siteurl') . '/wp-login.php?redirect_to=' . urlencode($_SERVER['REQUEST_URI']); + $login_url = site_url( 'wp-login.php?redirect_to=' . urlencode($_SERVER['REQUEST_URI']), 'forceable' ); - // Redirect to https if connection is secure - if ( $secure ) - $login_url = str_replace('http://', 'https://', $login_url); wp_redirect($login_url); exit(); } @@ -664,7 +661,7 @@ if ( !function_exists('check_admin_referer') ) : * @param string $query_arg where to look for nonce in $_REQUEST (since 2.5) */ function check_admin_referer($action = -1, $query_arg = '_wpnonce') { - $adminurl = strtolower(get_option('siteurl')).'/wp-admin'; + $adminurl = strtolower(admin_url()); $referer = strtolower(wp_get_referer()); $result = wp_verify_nonce($_REQUEST[$query_arg], $action); if ( !$result && !(-1 == $action && strpos($referer, $adminurl) !== false) ) { @@ -794,7 +791,7 @@ function wp_safe_redirect($location, $status = 302) { $allowed_hosts = (array) apply_filters('allowed_redirect_hosts', array($wpp['host']), isset($lp['host']) ? $lp['host'] : ''); if ( isset($lp['host']) && ( !in_array($lp['host'], $allowed_hosts) && $lp['host'] != strtolower($wpp['host'])) ) - $location = get_option('siteurl') . '/wp-admin/'; + $location = admin_url(); wp_redirect($location, $status); } @@ -848,8 +845,8 @@ function wp_notify_postauthor($comment_id, $comment_type='') { $subject = sprintf( __('[%1$s] Pingback: "%2$s"'), $blogname, $post->post_title ); } $notify_message .= get_permalink($comment->comment_post_ID) . "#comments\r\n\r\n"; - $notify_message .= sprintf( __('Delete it: %s'), get_option('siteurl')."/wp-admin/comment.php?action=cdc&c=$comment_id" ) . "\r\n"; - $notify_message .= sprintf( __('Spam it: %s'), get_option('siteurl')."/wp-admin/comment.php?action=cdc&dt=spam&c=$comment_id" ) . "\r\n"; + $notify_message .= sprintf( __('Delete it: %s'), admin_url("comment.php?action=cdc&c=$comment_id") ) . "\r\n"; + $notify_message .= sprintf( __('Spam it: %s'), admin_url("comment.php?action=cdc&dt=spam&c=$comment_id") ) . "\r\n"; $wp_email = 'wordpress@' . preg_replace('#^www\.#', '', strtolower($_SERVER['SERVER_NAME'])); @@ -928,13 +925,13 @@ function wp_notify_moderator($comment_id) { break; } - $notify_message .= sprintf( __('Approve it: %s'), get_option('siteurl')."/wp-admin/comment.php?action=mac&c=$comment_id" ) . "\r\n"; - $notify_message .= sprintf( __('Delete it: %s'), get_option('siteurl')."/wp-admin/comment.php?action=cdc&c=$comment_id" ) . "\r\n"; - $notify_message .= sprintf( __('Spam it: %s'), get_option('siteurl')."/wp-admin/comment.php?action=cdc&dt=spam&c=$comment_id" ) . "\r\n"; + $notify_message .= sprintf( __('Approve it: %s'), admin_url("comment.php?action=mac&c=$comment_id") ) . "\r\n"; + $notify_message .= sprintf( __('Delete it: %s'), admin_url("comment.php?action=cdc&c=$comment_id") ) . "\r\n"; + $notify_message .= sprintf( __('Spam it: %s'), admin_url("comment.php?action=cdc&dt=spam&c=$comment_id") ) . "\r\n"; $notify_message .= sprintf( __ngettext('Currently %s comment is waiting for approval. Please visit the moderation panel:', 'Currently %s comments are waiting for approval. Please visit the moderation panel:', $comments_waiting), number_format_i18n($comments_waiting) ) . "\r\n"; - $notify_message .= get_option('siteurl') . "/wp-admin/edit-comments.php?comment_status=moderated\r\n"; + $notify_message .= admin_url("edit-comments.php?comment_status=moderated") . "\r\n"; $subject = sprintf( __('[%1$s] Please moderate: "%2$s"'), get_option('blogname'), $post->post_title ); $admin_email = get_option('admin_email'); @@ -974,7 +971,7 @@ function wp_new_user_notification($user_id, $plaintext_pass = '') { $message = sprintf(__('Username: %s'), $user_login) . "\r\n"; $message .= sprintf(__('Password: %s'), $plaintext_pass) . "\r\n"; - $message .= get_option('siteurl') . "/wp-login.php\r\n"; + $message .= site_url("wp-login.php", 'forceable') . "\r\n"; wp_mail($user_email, sprintf(__('[%s] Your username and password'), get_option('blogname')), $message); @@ -1294,7 +1291,7 @@ function get_avatar( $id_or_email, $size = '96', $default = '' ) { elseif ( 'mystery' == $default ) $default = "http://www.gravatar.com/avatar/ad516503a11cd5ca435acc9bb6523536?s={$size}"; // ad516503a11cd5ca435acc9bb6523536 == md5('unknown@gravatar.com') elseif ( 'blank' == $default ) - $default = get_option('siteurl') . '/wp-includes/images/blank.gif'; + $default = includes_url('images/blank.gif'); elseif ( !empty($email) && 'gravatar_default' == $default ) $default = ''; elseif ( 'gravatar_default' == $default ) diff --git a/wp-includes/post.php b/wp-includes/post.php index bb14d8645..5c9409ad0 100644 --- a/wp-includes/post.php +++ b/wp-includes/post.php @@ -2392,7 +2392,7 @@ function wp_mime_type_icon( $mime = 0 ) { if ( !is_array($icon_files) ) { $icon_dir = apply_filters( 'icon_dir', ABSPATH . WPINC . '/images/crystal' ); - $icon_dir_uri = apply_filters( 'icon_dir_uri', trailingslashit(get_option('siteurl')) . WPINC . '/images/crystal' ); + $icon_dir_uri = apply_filters( 'icon_dir_uri', includes_url('images/crystal') ); $dirs = apply_filters( 'icon_dirs', array($icon_dir => $icon_dir_uri) ); $icon_files = array(); while ( $dirs ) { diff --git a/wp-includes/script-loader.php b/wp-includes/script-loader.php index 6b43b60e1..02e686fc8 100644 --- a/wp-includes/script-loader.php +++ b/wp-includes/script-loader.php @@ -71,13 +71,13 @@ function wp_default_scripts( &$scripts ) { $scripts->add( 'suggest', '/wp-includes/js/jquery/suggest.js', array('jquery'), '1.1'); $scripts->add( 'schedule', '/wp-includes/js/jquery/jquery.schedule.js', array('jquery'), '20'); $scripts->add( 'thickbox', '/wp-includes/js/thickbox/thickbox.js', array('jquery'), '3.1-20080430'); - $scripts->add( 'swfupload', '/wp-includes/js/swfupload/swfupload.js', false, '2.0.2-20080430'); - $scripts->add( 'swfupload-degrade', '/wp-includes/js/swfupload/plugins/swfupload.graceful_degradation.js', array('swfupload'), '2.0.2'); + $scripts->add( 'swfupload', '/wp-includes/js/swfupload/swfupload.js', false, '2.1.0'); + $scripts->add( 'swfupload-degrade', '/wp-includes/js/swfupload/plugins/swfupload.graceful_degradation.js', array('swfupload'), '2.1.0'); $scripts->localize( 'swfupload-degrade', 'uploadDegradeOptions', array( 'is_lighttpd_before_150' => is_lighttpd_before_150(), ) ); - $scripts->add( 'swfupload-queue', '/wp-includes/js/swfupload/plugins/swfupload.queue.js', array('swfupload'), '2.0.2'); - $scripts->add( 'swfupload-handlers', '/wp-includes/js/swfupload/handlers.js', array('swfupload'), '2.0.2-20080407'); + $scripts->add( 'swfupload-queue', '/wp-includes/js/swfupload/plugins/swfupload.queue.js', array('swfupload'), '2.1.0'); + $scripts->add( 'swfupload-handlers', '/wp-includes/js/swfupload/handlers.js', array('swfupload'), '2.1.0'); // these error messages came from the sample swfupload js, they might need changing. $scripts->localize( 'swfupload-handlers', 'swfuploadL10n', array( 'queue_limit_exceeded' => __('You have attempted to queue too many files.'), diff --git a/wp-includes/widgets.php b/wp-includes/widgets.php index fb2fee6e2..f39654706 100644 --- a/wp-includes/widgets.php +++ b/wp-includes/widgets.php @@ -1073,9 +1073,9 @@ function wp_widget_rss($args, $widget_args = 1) { $title = apply_filters('widget_title', $title ); $url = clean_url(strip_tags($url)); if ( file_exists(dirname(__FILE__) . '/rss.png') ) - $icon = str_replace(ABSPATH, get_option('siteurl').'/', dirname(__FILE__)) . '/rss.png'; + $icon = str_replace(ABSPATH, site_url() . '/', dirname(__FILE__)) . '/rss.png'; else - $icon = get_option('siteurl').'/wp-includes/images/rss.png'; + $icon = includes_url('images/rss.png'); $title = "RSS $title"; echo $before_widget; diff --git a/wp-login.php b/wp-login.php index 761b7e687..c5bb73a86 100644 --- a/wp-login.php +++ b/wp-login.php @@ -380,8 +380,8 @@ case 'register' : @@ -454,10 +454,10 @@ default: