[Plugin: WordPress HTTPS] help with ssl

You have found a bug! Good job!

Even though I released version 1.5.1 an hour ago, I’ve released 1.5.2 to address the bug you found.

The problem was caused by the rel attribute coming after the href attribute. This is no longer be an issue.

Please update your plugin and let me know how it works.

Thanks for downloading!

seems to still not display correctly… please check again! thanks for your update. i was the first person to contact you when you developed your plugin, remember?

Out of curiosity, do you have the do you have the ‘External HTTPS Elements’ option enabled?

The only things that I can see preventing it from being secure is this: https://www.google.com/cse/brand?form=cse-search-box&lang=en which can be accessed over HTTPS, so the plugin should fix it with that option enabled. I would also enable the ‘Bypass External Check’ option as to not slow down your load times.

Let me know if that works.

yes i have both enabled, i just tried every check box

I just had to make sure. ??

You’ve got a bit of code here:

if (document.images)
{
image1= new Image(34,70);
image1.src="https://aeopowersports.com/wp-content/plugins/wpec_product_slider/themes/wordpress/images/rounded_prev_hover.png"
image2= new Image(34,70);
image2.src="https://aeopowersports.com/wp-content/plugins/wpec_product_slider/themes/wordpress/images/rounded_next_hover.png"
}

Which is the culprit. My plugin definitely can not distinguish these URL’s from any other on the page, because the plugin is aware of the tags that it’s editing.

You need to make the path to these images relative. Something like this:

if (document.images)
{
image1= new Image(34,70);
image1.src="/wp-content/plugins/wpec_product_slider/themes/wordpress/images/rounded_prev_hover.png"
image2= new Image(34,70);
image2.src="/wp-content/plugins/wpec_product_slider/themes/wordpress/images/rounded_next_hover.png"
}

I was going to take a look at the plugin and see if this code was generated by the plugin, but the plugin isn’t free, so I can’t. ??

Let me know! Thanks!

ok i changed templates for the “checkout” page so it doesnt show the slider and it still doesnt ssl the page completely you can still see the blue bar flash by the address bar… so those images shouldnt be affecting it now…

It looks like the last thing is this: https://www.google.com/cse/intl/en/images/google_custom_search_watermark.gif

Which is caused by the Google search bar.

That should do it!

i removed it and it still does it, man this is crazy!

The code for you slider still exists at the bottom and is still trying to load those two insecure elements.

cript type='text/javascript' src='https://aeopowersports.com/wp-includes/js/jquery/ui.core.js?ver=1.7.3'></script>
<script type='text/javascript' src='https://aeopowersports.com/wp-content/plugins/wpec_product_slider/js/jquery-ui-slider.js?ver=3.0.1'></script>
<script type='text/javascript' src='https://aeopowersports.com/wp-content/plugins/wpec_product_slider/js/apple.js?ver=3.0.1'></script>

<script type='text/javascript'>
if (document.images)
{
image1= new Image(34,70);
image1.src="https://aeopowersports.com/wp-content/plugins/wpec_product_slider/themes/apple/images/rounded_prev_hover.png"
image2= new Image(34,70);
image2.src="https://aeopowersports.com/wp-content/plugins/wpec_product_slider/themes/apple/images/rounded_next_hover.png"
}
</script>

ok i guess i need to submit to the developers that problem. i wonder how i can keep the script from even being on that page when its activated for the rest of the theme? i tried putting back the google search and it made it do it again. so its fixed! but do you have any suggestions to fixing my problem?

Thank you for all your help!

Let’s try one more thing. I want you to disable the ‘Disable Automatic HTTPS’ option. This may be changing the function they used to build those links to HTTP from HTTPS.

If that doesn’t fix it, then you definitely need to talk to the developers.

As far as removing that code for that single page, it would probably include a little code block in your theme’s functions.php file. As to what the code block is, again, I can’t tell you because I don’t have access to the plugin to see the code. ??

ok i tried it, that didnt fix it. whats weird is i can use a “template tag with the slider plugin “deactivated” and it works. if i have the slider plugin “activated” (it has some plugin options in the admin panel) it doesnt work. i dont understand that. ill give you access if you want to take a look. cuz they would be pumped to have a problem brought to their attention and a fix for it as well!

Yeah, the plugin adds the code that I copy and pasted into my previous post, even if you’re not using the slider on that page.

Their plugin is in fact coded incorrectly. You can find this function at the very top of wpec_product_slider/wpec_product_slider.php

function product_slider_preload() {
    $theme = product_slider_cur_theme();
    echo "<script type='text/javascript'>\r\n";
    echo "if (document.images)\r\n";
    echo "{\r\n";
    echo "image1= new Image(34,70);\r\n";
    echo "image1.src=\"".WP_PLUGIN_URL."/wpec_product_slider/themes/".$theme."/images/rounded_prev_hover.png\"\r\n";
    echo "image2= new Image(34,70);\r\n";
    echo "image2.src=\"".WP_PLUGIN_URL."/wpec_product_slider/themes/".$theme."/images/rounded_next_hover.png\"\r\n";
    echo "}\r\n";
    echo "</script>\r\n";
}

The problem is with building URL’s with the WP_PLUGIN_URL global variable. They need to use something like get_bloginfo('url').

Normally, it doesn’t matter how a plugin author codes their links, because my plugin goes in behind all the plugins and cleans up anything that needs to be HTTPS. However, as I said before, the plugin can’t discern the URL’s in the JavaScript from any other URL, so it won’t touch them.