<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[2259] sites/trunk/wordcamp.org/public_html/wp-content/mu-plugins/ssl.php: SSL Workarounds: Remove some SSL hacks that are no longer necessary.</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta" style="font-size: 105%">
<dt style="float: left; width: 6em; font-weight: bold">Revision</dt> <dd><a style="font-weight: bold" href="http://meta.trac.wordpress.org/changeset/2259">2259</a><script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","description":"Review this Commit","action":{"@type":"ViewAction","url":"http://meta.trac.wordpress.org/changeset/2259","name":"Review Commit"}}</script></dd>
<dt style="float: left; width: 6em; font-weight: bold">Author</dt> <dd>iandunn</dd>
<dt style="float: left; width: 6em; font-weight: bold">Date</dt> <dd>2016-01-08 20:11:47 +0000 (Fri, 08 Jan 2016)</dd>
</dl>
<pre style='padding-left: 1em; margin: 2em 0; border-left: 2px solid #ccc; line-height: 1.25; font-size: 105%; font-family: sans-serif'>SSL Workarounds: Remove some SSL hacks that are no longer necessary.
Now that all sites are covered by SSL certificates, these are unncessary, and `wcorg_use_http_url_scheme` was causing mixed-content warnings.
It may be safe to remove the secure cookie hack as well, but I haven't tested that.</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#sitestrunkwordcamporgpublic_htmlwpcontentmupluginssslphp">sites/trunk/wordcamp.org/public_html/wp-content/mu-plugins/ssl.php</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="sitestrunkwordcamporgpublic_htmlwpcontentmupluginssslphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: sites/trunk/wordcamp.org/public_html/wp-content/mu-plugins/ssl.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- sites/trunk/wordcamp.org/public_html/wp-content/mu-plugins/ssl.php 2016-01-08 17:23:27 UTC (rev 2258)
+++ sites/trunk/wordcamp.org/public_html/wp-content/mu-plugins/ssl.php 2016-01-08 20:11:47 UTC (rev 2259)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1,16 +1,10 @@
</span><span class="cx" style="display: block; padding: 0 10px"> <?php
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /*
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Workarounds for our janky SSL setup. This can be probably removed after the subdirectory migration is complete.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Customizations related to HTTPS.
</ins><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /*
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * We don't support SSL on most of WordCamp.org yet, so users with `use_ssl` turned on from previous years
- * are prevented from accessing the admin of their site. When they try, they're redirected to login again.
- */
-add_action( 'get_user_option_use_ssl', '__return_false' );
-
-/*
</del><span class="cx" style="display: block; padding: 0 10px"> * Disable secure cookies on domains that don't support HTTPS
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * r28609 (shipped in 4.0) changes the behavior of FORCE_SSL_LOGIN so that it is identical to FORCE_SSL_ADMIN.
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -19,91 +13,14 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * See https://core.trac.wordpress.org/ticket/10267#comment:22 for details.
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> if ( ! empty( $_REQUEST['redirect_to'] ) && 'http://' == substr( $_REQUEST['redirect_to'], 0, 7 ) ) {
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ // todo remove this now that all sites have certificates?
+
</ins><span class="cx" style="display: block; padding: 0 10px"> add_filter( 'secure_signon_cookie', '__return_false' );
</span><span class="cx" style="display: block; padding: 0 10px"> add_filter( 'secure_auth_cookie', '__return_false' );
</span><span class="cx" style="display: block; padding: 0 10px"> add_filter( 'secure_logged_in_cookie', '__return_false' );
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Use the HTTP URL scheme when linking to sub-sites.
- *
- * Within the network admin screens, links to sites are being generated as HTTPS because the root domain
- * uses HTTPS. Most of the sites aren't covered by a cert yet, though, so the user gets a browser warning
- * when opening the link.
- */
-function wcorg_use_http_url_scheme( $url, $scheme, $original_scheme ) {
- if ( is_network_admin() ) {
- $hostname = parse_url( $url, PHP_URL_HOST );
-
- if ( $hostname != $_SERVER['HTTP_HOST'] ) {
- $url = str_replace( 'https://', 'http://', $url );
- }
- }
-
- return $url;
-}
-add_filter( 'set_url_scheme', 'wcorg_use_http_url_scheme', 10, 3 );
-
-/**
- * Load certain stylesheets from the WordPress.org CDN instead of their local copies.
- *
- * On the login screen and Network Dashboard, many stylesheets that are loaded from the canonical
- * WordCamp.org domain get redirected to central.wordcamp.org by an Nginx rule, and then blocked
- * by the browser because they're loading over HTTP instead of HTTPS.
- *
- * Note: s.w.org runs trunk while WordCamp.org runs the latest tag, so be careful to only do this for
- * stylesheets that are unlikely to have a significant impact if out of sync.
- *
- * @param WP_Styles $styles
- */
-function wcorg_load_select_core_styles_from_cdn( $styles ) {
- global $pagenow;
-
- if ( ! is_network_admin() && 'wp-login.php' != $pagenow ) {
- return;
- }
-
- $targets = array( 'dashicons' );
-
- foreach ( $targets as $target ) {
- if ( isset( $styles->registered[ $target ]->src ) ) {
- $styles->registered[ $target ]->src = 'https://s.w.org' . $styles->registered[ $target ]->src;
- }
- }
-}
-add_action( 'wp_default_styles', 'wcorg_load_select_core_styles_from_cdn' );
-
-/**
- * Load certain stylesheets from the WordPress.org CDN instead of their local copies.
- *
- * See notes in load_select_core_styles_from_cdn() for details.
- *
- * @param string $hook
- */
-function wcorg_load_select_plugin_styles_from_cdn( $hook ) {
- if ( ! is_network_admin() ) {
- return;
- }
-
- global $wp_styles;
- $targets = array( 'debug-bar' );
-
- foreach ( $targets as $target ) {
- if ( isset( $wp_styles->registered[ $target ]->src ) ) {
- $wp_styles->registered[ $target ]->src = str_replace( 'https://' . $_SERVER['HTTP_HOST'], 'https://s.w.org', $wp_styles->registered[ $target ]->src );
- }
- }
-
-}
-add_action( 'admin_enqueue_scripts', 'wcorg_load_select_plugin_styles_from_cdn' );
-
-/* The bbPress login widget POSTs to the HTTPS login page on individual sites, but the SSL certificate is broken on those, so we need it to post to the main site instead */
-add_action( 'bbp_wp_login_action', 'wcorg_bbpress_post_login_to_main_site' );
-function wcorg_bbpress_post_login_to_main_site( $form_action_url ) {
- return 'https://wordcamp.org/wp-login.php';
-}
-
-/**
</del><span class="cx" style="display: block; padding: 0 10px"> * WP Super Cache puts http and https requests in the same bucket which
</span><span class="cx" style="display: block; padding: 0 10px"> * generates mixed content warnings and generat breakage all around. The
</span><span class="cx" style="display: block; padding: 0 10px"> * following makes sure only HTTPS requests are cached.
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -128,4 +45,4 @@
</span><span class="cx" style="display: block; padding: 0 10px"> exit;
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-add_action( 'muplugins_loaded', 'wcorg_force_ssl' );
</del><span class="cx" style="display: block; padding: 0 10px">\ No newline at end of file
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+add_action( 'muplugins_loaded', 'wcorg_force_ssl' );
</ins></span></pre>
</div>
</div>
</body>
</html>