You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We have a site with both Duplicator Pro and Really Simple SSL plugins installed. Duplicator Pro is a backup/copy site plugin, which generates a site archive and a PHP installer script for it. After downloading an installer it generated, we noticed it generates an error due to an unclosed comment tag at the very end:
My investigation revelated it was happening due to the "Mixed content fixer" function active in the Really Simple SSL plugin, which was filtering the content produced by an AJAX action serving the installer file content. More specifically, it was adding "data-rsssl=1" attributes to tags inside the script:
At the same time HTTP headers were already sent including the Content-Length, which was set to the original file length forcing the file to be cut at the same exact position. Thus causing the end of the file to be cut due to the content inserted in the middle.
While the "Mixed content fixer" feature could be switched off to prevent the installer file corruption, I believe Really Simple SSL plugin shouldn't filter the installer file at all. Unfortunately, this issue couldn't be reproduced with their free Duplicator plugin version as it uses slightly different code to output the installer file, which doesn't involve an output buffering. So it only applies to the paid Duplicator Pro version.
I suggest \rsssl_mixed_content_fixer::replace_insecure_links method should be modified to either ignore the case when HTTP headers are already sent (using headers_sent() function) or ignore "duplicator_pro_download_package_file" WP AJAX action.
I can provide patch files or make a pull request if needed.
The text was updated successfully, but these errors were encountered:
We have a site with both Duplicator Pro and Really Simple SSL plugins installed. Duplicator Pro is a backup/copy site plugin, which generates a site archive and a PHP installer script for it. After downloading an installer it generated, we noticed it generates an error due to an unclosed comment tag at the very end:
My investigation revelated it was happening due to the "Mixed content fixer" function active in the Really Simple SSL plugin, which was filtering the content produced by an AJAX action serving the installer file content. More specifically, it was adding "data-rsssl=1" attributes to tags inside the script:
At the same time HTTP headers were already sent including the Content-Length, which was set to the original file length forcing the file to be cut at the same exact position. Thus causing the end of the file to be cut due to the content inserted in the middle.
While the "Mixed content fixer" feature could be switched off to prevent the installer file corruption, I believe Really Simple SSL plugin shouldn't filter the installer file at all. Unfortunately, this issue couldn't be reproduced with their free Duplicator plugin version as it uses slightly different code to output the installer file, which doesn't involve an output buffering. So it only applies to the paid Duplicator Pro version.
I suggest \rsssl_mixed_content_fixer::replace_insecure_links method should be modified to either ignore the case when HTTP headers are already sent (using headers_sent() function) or ignore "duplicator_pro_download_package_file" WP AJAX action.
I can provide patch files or make a pull request if needed.
The text was updated successfully, but these errors were encountered: