I am a beginner in PHP & i am in process of converting all my http links to https.
Following is my code footer.php
function css_generator() {
/* #footer_background_image */
.td-footer-wrapper::before {
background-image: url('#footer_background_image');
}
$td_css_compiler->load_setting('footer_background_image');
Where can i apply preg_replace function to replace http link with https?. The value of footer_background_image is always getting generated as http
Thanks
You're looking at this from the wrong way. Wordpress has built-in support for HTTPS for the backend, wich can be enabled in wp-config.php, and for the front-end, wich can be used by changing the URL in your admin->reading page.
If you have a bunch of hardcoded links rather than soft, Wordpress generated links, you can choose to use .htaccess to force the user to change to HTTPS.
Do note that HTTPS data can not be cached and this will may make your site slower for visitors. Depending on the type of site this can be a big deal.
Related
I've been trying to get the URL (including GET parameters) of a site that is displaying my image. This is because I want to extract one parameter of the URL.
A friend told me that she knew someone that could achieve this, but I don't know if he was doing it with an image. Also I don't think I can do it with a link because when going to external sites it will appear a warning page saying that you're being redirected outside, so if I put a link to my page and someone clicks, I will get the referrer URL of redirection warning page. I can't assure if my friend was telling the truth about this, but it's very likely that it was true.
All I could get with the image was the IP and other things of the HTTP header, but the referrer part is empty and I thought that the referrer contained the full URL I'm talking about.
This is what I have tried.
First the img tag in the other site in BBCode:
[img]http://______.com/get_image.php?i=myimage[/img]
And in my site this script in PHP, although any language that does the work would be good for me:
<?php
// Get name of image to be displayed (non-sanitized here for simplicity)
$filename = $_GET["i"];
// Here I want to get the site where image is being viewed
if (!empty($_SERVER['HTTP_REFERER'])) {
$visitor_url = $_SERVER['HTTP_REFERER'];
} else {
$visitor_url = "none";
}
// And write the referrer to a file just to test if it works
$fp = fopen('referer.txt', 'w');
fwrite($fp, $visitor_url);
fclose($fp);
// Eventually display the image
header('Content-Type: image/png');
readfile($filename . '.png');
?>
So my questions are:
Is it possible to get full URL of a site that is displaying my image?
If not, is there any other method to get the full URL?
Thank you in advance.
Note: I don't have any permision in the other site where I'm posting the image, I'm just an user there. Please tell me if I'm missing something or I have to ask this in another way, I'm new to StackOverflow.
Try REMOTE_HOST instead of HTTP_REFERER:
// Here I want to get the site where image is being viewed
if (!empty($_SERVER['REMOTE_HOST'])) {
$visitor_url = $_SERVER['REMOTE_HOST'];
} else {
$visitor_url = "none";
}
The web server where you are serving the image will need to be configured properly. If using Apache, this is with HostNameLookups On.
See http://php.net/manual/en/reserved.variables.server.php
Normally browsers are sending full referer with all URL components including query parameters - $_GET params. If they don't then there is no other way to achieve that URL while passing throught an image content.
Sometimes sending referer may be blocked, for eg. in some batch URL processing using some crawler like program/script or on some proxies.
In PHP receiving referer is done by $_SERVER['HTTP_REFERER'] because it's normally just http header from request and it's the only $_SERVER array key with referer info.
You added the .htaccess tag so I think you're using the Apache web server. If you'd like to prevent the issue entirely, you can disable hotlinking entirely by going one layer lower. Instead of managing in PHP, you can configure the web server to not serve content to domains other than the one you are hosting.
Check out the guide for more details.
I fixed this problem by switching my site (where image is hosted) to HTTPS. The code in my question was doing its job correctly.
It looks that HTTP_REFERER was blank because of it coming from an HTTPS site and my site being HTTP it would always send it blank. I was aware that it could be a problem, but didn't make much sense for me because HTTP_REFERER was also blank when coming from another HTTP site (which I think it's not normal) so I thought the error was in another place.
Usually HTTP_REFERER is sent when it comes from and goes to:
from HTTP to HTTP
from HTTPS to HTTPS
from HTTP to HTTPS
But it's not sent when it comes from and goes to:
from HTTPS to HTTP
And in my case, I don't know why, it wasn't being sent from HTTP to HTTP which was confusing me.
I was wondering if it is possible through htaccess or somehow else (but NOT JS) to make all external links (links that are not domain related) to open in a new tab (target="_blank").
Is this even possible?
Thank you!
Any link that you generate in your page (I'm assuming you are generating the page with PHP), just do
if (strpos($link, 'yourdomain.com') === false)
{
//append your target="_blank" to the link here
}
Then you're searching the link for your domain and if it is not on your domain, then making it open in a new tab.
See http://us1.php.net/strpos
there are only 3 ways to decide this :
target-attribute
JS
Browser-Settings or Plugins (depends on what browser you use, most tend to use JS)
If you don't want to use JS, then you are pretty much only left with target. You could insert it "automatically" by PHP/Ruby/Python/Java-Code (whatever you use to generate your HTML), by using search and replace functions.
If you write your HTML yourself then you can set it for each link by hand.
I see no reason why you would need more options, but if you do: you're fucked.
Browsers don't get to see .htaccess and your server only delivers HTML-Files. It has no control about how they are processed. The browser decides this on it's own (this is where you could suggest to all your users to install a plugin to do this).
CSS3 property is there.
a
{
target-name:new;
target-new:tab;
}
But unfortunately, it's not supported by any browser.
In Drupal 7 the css and javascript files that are compiled together and then added in the header are coming in as 'http://www.example.com/sites/all/css' and I need it to come in as 'https://www.example.com/sites/all/css'.
I've been able to achieve this by changing the baseUrl in settings.php to use https, but then it throws off our site. We are using Drupal as our CMS, and another framework as our LMS. So when the site loads the Drupal baseUrl from our LMS the address doesn't work.
Examples:
If I set baseUrl = 'https://www.example.com/cms' then the css loads properly as 'https://www.example.com/cms/sites/all/css' but then the Drupal admin site fails to load the css because the proper link from there is actually 'https://www.example.com/drupal/sites/all/css'
Same problem happens if I swap the baseUrl to = 'https://www.example.com/drupal'. This way the css doesn't load in our front end, but works properly in the Drupal admin side.
I'm wondering if there is a way to do a generic wildcard baseUrl that just says to use https like baseUrl = 'https:// %' or pulls the current url in the address bar every time to see what the generated url should look like.
I know this is very vague, but I don't know where/how else to ask.
I don't really understand your site structure using multiple subdirectories (/, /drupal, /cms) but what you could do is rewrite the resource URL's and removing the protocol.
In a custom module, implement the YOUR_MODULE_process_html hook and remove all protocols from the CSS & JS includes.
http://www.example.com/css/... will be transformed to //www.example.com/css/...
function YOUR_MODULE_process_html(&$vars)
{
foreach (array('head', 'styles', 'scripts') as $replace) {
if (!isset($vars[$replace])) {
continue;
}
$vars[$replace] = preg_replace('/(src|href|#import )(url\(|=)(")http(s?):/', '$1$2$3', $vars[$replace]);
}
}
I want a url redirect tracer function in the php such as http://www.wheregoes.com/ .
I want to detect four kinds of redirects:
Http 301 redirect
Http 302 redirect
meta tag redirect
javascript redirect
If i use curl, i can easily detect 301, 302 redirect, but it is difficult to detect the other two redirections.
So i want a scriptable web browser, i will use a library as below:
$browser = Browser::createBrowser('chrome');
$delay = 10; // (This is a important parameter for detecting javascript or meta tag redirection).
$browser->load($url, $delay, function onLoadComplete($arr_track_url){
print_r($arr_track_url);
});
I searched and ran into some libraries such as http://www.simpletest.org/en/browser_documentation.html, but they don't support javascript and meta tag redirect.
Is there any php scriptable browser? Or can i detect javascript or meta tag redirection easily?
If I get that right you want to find out where some link finally leads to, if that final url differs from the url actually clicked in the first place?
If so I think the best approach is to let the browser do its work and loko afterwards where it came out. This way you get exactly the 'normal' behaviour of a browser, not that of some library.
Use a (hidden) iframe where you load the url into. Then wait for a window.load event or something and query the documents location afterwards. I didn't try that now, but sounds doable to me...
I have a TYPO3 Web site that needs to have its home page (and only its home page) served over SSL.
My first stab at dealing with this was to install the HTTPS Enforcer extension, which lets you specify particular pages in your TYPO3 site that should be forced to HTTPS. At that level, the extension works as advertised. But the problem is that while requests for one of those pages are indeed handled over SSL, resources included inline in the page (like images) are not delivered over SSL. So you get a warning in your browser (which, depending on the browser, can range from a quiet information message to a full-out screaming warning page) telling you that the page isn't completely secure, which (understandably) freaks people out.
So my question is -- how do you get TYPO3 to deliver a complete page over SSL, including static resources? Is there some way to configure/extend HTTPS Enforcer to do that? Is there another extension that's better in this scenario? Or am I just completely out of luck?
HTTPs Enforcer does a good job.
If it's just one page, you can create a condition to change the baseUrl:
[PIDinRootline = 123]
config.baseURL = https://www.example.com/
[global]
if it should work for a whole subdomain (e.g. ssl.example.com), your condition looks like this:
[globalString = ENV:HTTP_HOST=ssl.example.com]
config.baseURL = https://ssl.example.com/
[global]
With the second way, you can choose on a per page basis if the page should be encrypted or not.
A pitfall might be externally loaded ressources (like Facebook API etc.). They might not offer a SSL encrypted service.
EDIT (from #cascaval's comment) This might be the preferred solution:
[globalString = _SERVER|HTTPS=on]
config.baseURL = https://ssl.example.com/
[global]
EDIT (from #konsolenfreddy's comment)
[globalString = ENV:TYPO3_SSL=1]
config.baseURL = https://ssl.example.com/
[global]
I guess it should be:
[globalVar = IENV:TYPO3_SSL = 1]
config.baseURL = https://ssl.example.com/
[global]
Note the "IENV": This is TYPO3 specific. "ENV" would only use the normal PHP variables in $_ENV or $_SERVER where TYPO3_SSL is not a valid key.
But what this does is only the following: Set a tag in the output so content of relativ links i.e. <img src="uploads/pics/image.jpg" /> will get fetched over SSL.
If you have asset links (images, css, etc.) to absolute URLs in your site this wont help. In such a case you could give the extension "https" a try (merge of https_enforcer and another extension) or stfl_replace to make some regex replacing "http://" links to "https://".