Domain Mapping + Multisite Theme manager "Are you sure?"

Hi!

When I have "administration mapping" set to "let the user decide", whenever I want to switch a theme in the admin section on the "mapped domain" I get a SSL security error together with the impossibility of switching a theme.

The mapped domain is http://, the subdomain is https://

It'll give you a wp_nonce error message with the question if you're sure you want to do this.

I'm not sure if it's bound to only Domain Mapping but I'll just leave this here :smiley:

I'll figure out if MS Theme Manager also has something to do with it, but for now I'm too tired :3

Thanks and Good night! :slight_smile:

Edit: Aaaa, the "activate" button has the https scheme >.>
Edit2: The customize button also has the https scheme >.<
Edit3: Seriously, even the admin bar has the https scheme <.<

OK, I'll fix this tomorrow :smiley:

  • Sybre Waaijer

    Hi :slight_smile:

    I found it:

    function domain_mapping_admin_url( $admin_url, $path = '/', $_blog_id = false ) {
    		global $blog_id;
    
    		if ( !$_blog_id ) {
    			$_blog_id = $blog_id;
    		}
    
    		switch ( $this->options['map_admindomain'] ) {
    			case 'user':
    				break;
    			case 'mapped':
    				break;
    			case 'original':
    				// get the mapped url using our filter
    				$mapped_url = site_url( '/' );
    				// remove the http and https parts of the url
    				$mapped_url = str_replace( array( 'https://', 'http://' ), '', $mapped_url );
    				// get the original url now with our filter removed
    				$orig_url = trailingslashit( apply_filters( 'unswap_url', get_option( 'siteurl' ) ) );
    				// remove the http and https parts of the original url
    				$orig_url = str_replace( array( 'https://', 'http://' ), '', $orig_url );
    
    				// Check if we are looking at the admin-ajax.php and if so, we want to leave the domain as mapped
    				if ( $path != 'admin-ajax.php' && strpos($admin_url, "admin-ajax.php") === false ) {
    					// swap the mapped url with the original one
    					$admin_url = str_replace( $mapped_url, $orig_url, $admin_url );
    				} else {
    					if ( !is_admin() ) {
    						// swap the original url with the mapped one
    						$admin_url = str_replace( $orig_url, $mapped_url, $admin_url );
    					}
    
    				}
    				break;
    		}
    
            /**
             * If admin ssl is forced and user is viewing admin page, then force https
             * Other than the above set scheme based on the current viewed scheme
             */
             return $this->options['map_force_admin_ssl'] && is_admin() ? set_url_scheme($admin_url, "https") :  set_url_scheme( $admin_url, is_ssl() ? 'https' : 'http' );
    
    	}

    This function above is the culprit. I'll try to fix it ^^

  • Sybre Waaijer

    Fixed :slight_smile:

    It's so simple ^^ Just a single line edited :smiley: <3

    function domain_mapping_admin_url( $admin_url, $path = '/', $_blog_id = false ) {
            global $blog_id;
    
            if ( !$_blog_id ) {
                $_blog_id = $blog_id;
            }
    
            switch ( $this->options['map_admindomain'] ) {
                case 'user':
                    break;
                case 'mapped':
                    break;
                case 'original':
                    // get the mapped url using our filter
                    $mapped_url = site_url( '/' );
                    // remove the http and https parts of the url
                    $mapped_url = str_replace( array( 'https://', 'http://' ), '', $mapped_url );
                    // get the original url now with our filter removed
                    $orig_url = trailingslashit( apply_filters( 'unswap_url', get_option( 'siteurl' ) ) );
                    // remove the http and https parts of the original url
                    $orig_url = str_replace( array( 'https://', 'http://' ), '', $orig_url );
    
                    // Check if we are looking at the admin-ajax.php and if so, we want to leave the domain as mapped
                    if ( $path != 'admin-ajax.php' && strpos($admin_url, "admin-ajax.php") === false ) {
                        // swap the mapped url with the original one
                        $admin_url = str_replace( $mapped_url, $orig_url, $admin_url );
                    } else {
                        if ( !is_admin() ) {
                            // swap the original url with the mapped one
                            $admin_url = str_replace( $orig_url, $mapped_url, $admin_url );
                        }
    
                    }
                    break;
            }
    
            /**
             * If admin ssl is forced and user is viewing admin page, then force https
             * Other than the above set scheme based on the current viewed scheme
             */
             return $this->options['map_force_admin_ssl'] && is_admin() && $this->is_original_domain() ? set_url_scheme($admin_url, "https") :  set_url_scheme( $admin_url, is_ssl() ? 'https' : 'http' );
    
        }

    It's this line:
    return $this->options['map_force_admin_ssl'] && is_admin() && $this->is_original_domain() ? set_url_scheme($admin_url, "https") : set_url_scheme( $admin_url, is_ssl() ? 'https' : 'http' );
    I added a $this->is_original_domain() check :slight_smile: Because the map_force_admin_ssl shouldn't be forced on mapped domains :smiley:

    You can make this even more advanced by adding this check as well but I think is_ssl would suffice :smiley: is_SSL also makes sure the pages are accessible even though it's misconfigured :slight_smile:

    $mappedscheme = wp_cache_get('wap_mapped_scheme_' . $blog_id, 'domain_mapping' );
    if ( false === $scheme ) {
    			$mappedscheme = $wpdb->get_var( $wpdb->prepare( "SELECT scheme FROM {$wpdb->base_prefix}domain_mapping WHERE blog_id = %d", $blog_id ) ); //bool
    			wp_cache_set('wap_mapped_scheme_' . $blog_id, $mappedscheme, 'domain_mapping', 3600 ); // 1 hour
    }
    
    //* Get scheme of mapped domain
    if ($mappedscheme === '1') {
    			$scheme_mapped = 'https';
    } else if ($mappedscheme === '0') {
    			$scheme_mapped = 'http';
    }

    @Sam <3

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.