Title: [Plugin: Image Widget] FORCE_SSL_ADMIN results in https:// links to image Last modified: August 20, 2016 --- # [Plugin: Image Widget] FORCE_SSL_ADMIN results in https:// links to image * [aerobrent](https://wordpress.org/support/users/aerobrent/) * (@aerobrent) * [14 years, 3 months ago](https://wordpress.org/support/topic/plugin-image-widget-force_ssl_admin-results-in-https-links-to-image/) * I did not see this posted yet, but I notice that if I have FORCE_SSL_ADMIN configured for my site, and I insert images into the widget when logged in under SSL, the links that get stored pointing to the image source are HTTPS rather than HTTP. This is not always the desired result, and often is not desired at all. * There doesn’t seem to be a way to change the links except manually in the database. Does anyone know a work-around? * Perhaps when inserting a photo, there needs to be a radio button to allow the selection of HTTP or HTTPS when serving up the image. * – Brent * [http://wordpress.org/extend/plugins/image-widget/](http://wordpress.org/extend/plugins/image-widget/) Viewing 12 replies - 1 through 12 (of 12 total) * Thread Starter [aerobrent](https://wordpress.org/support/users/aerobrent/) * (@aerobrent) * [14 years, 3 months ago](https://wordpress.org/support/topic/plugin-image-widget-force_ssl_admin-results-in-https-links-to-image/#post-2573110) * I see where this is happening, and is the result of an “HTTPS” enhancement of the plugin a while back. * if( $_SERVER[“HTTPS”] == “on” ) { $instance[‘imageurl’] = str_replace(‘[http://’](http://’);,‘ [https://’](https://’);, $instance[‘imageurl’]); } * The problem is that this is not a valid assumption. More often than not, people editing with FORCE_SSL_ADMIN enabled will not want their live content being served up via SSL. This is especially true if the live site has a self signed SSL cert. * Perhaps this bit of HTTPS code could be reworked. * [Modern Tribe, Inc.](https://wordpress.org/support/users/moderntribe/) * (@moderntribe) * [14 years, 2 months ago](https://wordpress.org/support/topic/plugin-image-widget-force_ssl_admin-results-in-https-links-to-image/#post-2573445) * You have any suggestions of a rewrite? * [TheFluffyDoneky](https://wordpress.org/support/users/thefluffydoneky/) * (@thefluffydoneky) * [13 years, 11 months ago](https://wordpress.org/support/topic/plugin-image-widget-force_ssl_admin-results-in-https-links-to-image/#post-2573499) * Bump. * if( $_SERVER[“HTTPS”] == “on” ) { $instance[‘imageurl’] = str_replace(‘[http://’](http://’);,‘ [https://’](https://’);, $instance[‘imageurl’]); } * Move it to image-widget/views/widget.php ? * [Peter Chester](https://wordpress.org/support/users/peterchester/) * (@peterchester) * [13 years, 11 months ago](https://wordpress.org/support/topic/plugin-image-widget-force_ssl_admin-results-in-https-links-to-image/#post-2573500) * you guys are awesome! I’m watching this closely and am eager to post the fix. * [Peter Chester](https://wordpress.org/support/users/peterchester/) * (@peterchester) * [13 years, 11 months ago](https://wordpress.org/support/topic/plugin-image-widget-force_ssl_admin-results-in-https-links-to-image/#post-2573501) * so basically what you’re saying is that you’ve got the admin in https so the image widget is trying to put the images behind SSL? * [Peter Chester](https://wordpress.org/support/users/peterchester/) * (@peterchester) * [13 years, 11 months ago](https://wordpress.org/support/topic/plugin-image-widget-force_ssl_admin-results-in-https-links-to-image/#post-2573502) * Are you suggesting that that code should be removed? Or should we use if ( $_SERVER[“ HTTPS”] == “on” && !defined( ‘FORCE_SSL_ADMIN’ ) )? * I added this code based on a user submission but never really tested it since it’s never applied to me. I’m working in the blind on this one. * Thread Starter [aerobrent](https://wordpress.org/support/users/aerobrent/) * (@aerobrent) * [13 years, 11 months ago](https://wordpress.org/support/topic/plugin-image-widget-force_ssl_admin-results-in-https-links-to-image/#post-2573503) * > so basically what you’re saying is that you’ve got the admin in https so the > image widget is trying to put the images behind SSL? * Yeah, that’s the issue, but not sure of the best solution. You can’t really assume the presence or lack of FORCE_SSL_ADMIN would indicate whether you want images to be served with HTTPS or not. * Can the images be inserted with relative links? IE, HTTP or HTTPS isn’t hard coded? * [Peter Chester](https://wordpress.org/support/users/peterchester/) * (@peterchester) * [13 years, 11 months ago](https://wordpress.org/support/topic/plugin-image-widget-force_ssl_admin-results-in-https-links-to-image/#post-2573504) * I don’t know if it’s safe to assume relative links. I am concerned that that sort of update might also break existing installs… but not sure without further investigation. * I assume you’re using FORCE_SSL_ADMIN. Is that just for the admin area? * Here’s another idea…. * Add a new constant just for the image widget. default to not using https at all. But if you defined FORCE_SSL_IMAGE_WIDGET to be true, and HTTPS is on, then the image widget uses https. * That way people who need the existing https feature can reapply it simply by updating the wp-config.php file. * [TheFluffyDoneky](https://wordpress.org/support/users/thefluffydoneky/) * (@thefluffydoneky) * [13 years, 11 months ago](https://wordpress.org/support/topic/plugin-image-widget-force_ssl_admin-results-in-https-links-to-image/#post-2573505) * If the site is loaded over HTTP, the image should be loaded over HTTP as well. If the site is loaded over HTTPS, the image should be loaded over HTTPS as well. * My yesterdays hack was to add some nasty code to **image-widget/views/widget. php** (see line 19-25): * [http://pastebin.com/LaMxiUsF](http://pastebin.com/LaMxiUsF) * Not elegant, but working. * [Peter Chester](https://wordpress.org/support/users/peterchester/) * (@peterchester) * [13 years, 11 months ago](https://wordpress.org/support/topic/plugin-image-widget-force_ssl_admin-results-in-https-links-to-image/#post-2573507) * Cool Thanks! Here’s what I’m thinking then… * in the initialization i’ll add this: * `add_filter( 'image_widget_image_url', array( $this, 'https_cleanup' ) );` * I’ll update the view function as follows: * ``` /** * Widget frontend output * * @param array $args * @param array $instance * @author Modern Tribe, Inc. (Peter Chester) */ function widget( $args, $instance ) { extract( $args ); extract( $instance ); if ( !empty( $imageurl ) ) { $title = apply_filters( 'widget_title', empty( $title ) ? '' : $title ); $imageurl = apply_filters( 'image_widget_image_url', $imageurl, $args, $instance ); include( $this->getTemplateHierarchy( 'widget' ) ); } } ``` * And add the following function: * ``` /** * Adjust the image url on output to account for SSL. * * @param string $imageurl * @return string $imageurl */ function https_cleanup( $imageurl = '' ) { if( isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on" ) { $imageurl = str_replace('http://', 'https://', $imageurl); } else { $imageurl = str_replace('https://', 'http://', $imageurl); } return $imageurl; } ``` * And remove the previous HTTPS code. The benefit of this approach is that someone can choose to remove_filter to bypass this https prefixing or even do their own thing. * I’ve updated trunk as such. I’ve tried it out as a non SSL / non HTTPS user and it’s working fine but I haven’t tested HTTPS / SSL. * Can you guys test it out? * [http://downloads.wordpress.org/plugin/image-widget.zip](http://downloads.wordpress.org/plugin/image-widget.zip) – OR – [http://plugins.svn.wordpress.org/image-widget/trunk](http://plugins.svn.wordpress.org/image-widget/trunk) * [TheFluffyDoneky](https://wordpress.org/support/users/thefluffydoneky/) * (@thefluffydoneky) * [13 years, 11 months ago](https://wordpress.org/support/topic/plugin-image-widget-force_ssl_admin-results-in-https-links-to-image/#post-2573508) * Hmmm. Now all images no load over http, which is much better actually. * Once I moved * > add_filter( ‘image_widget_image_url’, array( $this, ‘https_cleanup’ ) ); * out of **admin_setup()** and added it to the end of **Tribe_Image_Widget()** it’s been working as expected. * I’m happy as is. 🙂 * [webaware](https://wordpress.org/support/users/webaware/) * (@webaware) * [13 years, 7 months ago](https://wordpress.org/support/topic/plugin-image-widget-force_ssl_admin-results-in-https-links-to-image/#post-2573553) * [@peter](https://wordpress.org/support/users/peter/) Chester: - don’t do your own HTTPS detect, use [is_ssl()](http://codex.wordpress.org/Function_Reference/is_ssl), it’s more comprehensive - I wouldn’t bother messing with fixing images for HTTP, they’ll work - if you do want to make the images load on the page with the same protocol as the page, whether that’s HTTP or HTTPS, just trim off the protocol: `preg_replace('/ ^https?:/i', '', $imageurl);` * cheers, Ross Viewing 12 replies - 1 through 12 (of 12 total) The topic ‘[Plugin: Image Widget] FORCE_SSL_ADMIN results in https:// links to image’ is closed to new replies. * ![](https://ps.w.org/image-widget/assets/icon-256x256.png?rev=2489603) * [Image Widget](https://wordpress.org/plugins/image-widget/) * [Frequently Asked Questions](https://wordpress.org/plugins/image-widget/#faq) * [Support Threads](https://wordpress.org/support/plugin/image-widget/) * [Active Topics](https://wordpress.org/support/plugin/image-widget/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/image-widget/unresolved/) * [Reviews](https://wordpress.org/support/plugin/image-widget/reviews/) * 12 replies * 5 participants * Last reply from: [webaware](https://wordpress.org/support/users/webaware/) * Last activity: [13 years, 7 months ago](https://wordpress.org/support/topic/plugin-image-widget-force_ssl_admin-results-in-https-links-to-image/#post-2573553) * Status: not resolved