47 * @see site_url() |
47 * @see site_url() |
48 * |
48 * |
49 * @return bool True if using HTTPS, false otherwise. |
49 * @return bool True if using HTTPS, false otherwise. |
50 */ |
50 */ |
51 function wp_is_site_url_using_https() { |
51 function wp_is_site_url_using_https() { |
52 // Use direct option access for 'siteurl' and manually run the 'site_url' |
52 /* |
53 // filter because `site_url()` will adjust the scheme based on what the |
53 * Use direct option access for 'siteurl' and manually run the 'site_url' |
54 // current request is using. |
54 * filter because `site_url()` will adjust the scheme based on what the |
|
55 * current request is using. |
|
56 */ |
55 /** This filter is documented in wp-includes/link-template.php */ |
57 /** This filter is documented in wp-includes/link-template.php */ |
56 $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); |
58 $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); |
57 |
59 |
58 return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); |
60 return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); |
59 } |
61 } |
82 /** |
84 /** |
83 * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. |
85 * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. |
84 * |
86 * |
85 * This internal function is called by a regular Cron hook to ensure HTTPS support is detected and maintained. |
87 * This internal function is called by a regular Cron hook to ensure HTTPS support is detected and maintained. |
86 * |
88 * |
87 * @since 5.7.0 |
89 * @since 6.4.0 |
88 * @access private |
90 * @access private |
89 */ |
91 */ |
90 function wp_update_https_detection_errors() { |
92 function wp_get_https_detection_errors() { |
91 /** |
93 /** |
92 * Short-circuits the process of detecting errors related to HTTPS support. |
94 * Short-circuits the process of detecting errors related to HTTPS support. |
93 * |
95 * |
94 * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote |
96 * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote |
95 * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. |
97 * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. |
96 * |
98 * |
97 * @since 5.7.0 |
99 * @since 6.4.0 |
98 * |
100 * |
99 * @param null|WP_Error $pre Error object to short-circuit detection, |
101 * @param null|WP_Error $pre Error object to short-circuit detection, |
100 * or null to continue with the default behavior. |
102 * or null to continue with the default behavior. |
|
103 * @return null|WP_Error Error object if HTTPS detection errors are found, null otherwise. |
101 */ |
104 */ |
102 $support_errors = apply_filters( 'pre_wp_update_https_detection_errors', null ); |
105 $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); |
103 if ( is_wp_error( $support_errors ) ) { |
106 if ( is_wp_error( $support_errors ) ) { |
104 update_option( 'https_detection_errors', $support_errors->errors ); |
107 return $support_errors->errors; |
105 return; |
|
106 } |
108 } |
107 |
109 |
108 $support_errors = new WP_Error(); |
110 $support_errors = new WP_Error(); |
109 |
111 |
110 $response = wp_remote_request( |
112 $response = wp_remote_request( |
149 } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { |
151 } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { |
150 $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); |
152 $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); |
151 } |
153 } |
152 } |
154 } |
153 |
155 |
154 update_option( 'https_detection_errors', $support_errors->errors ); |
156 return $support_errors->errors; |
155 } |
|
156 |
|
157 /** |
|
158 * Schedules the Cron hook for detecting HTTPS support. |
|
159 * |
|
160 * @since 5.7.0 |
|
161 * @access private |
|
162 */ |
|
163 function wp_schedule_https_detection() { |
|
164 if ( wp_installing() ) { |
|
165 return; |
|
166 } |
|
167 |
|
168 if ( ! wp_next_scheduled( 'wp_https_detection' ) ) { |
|
169 wp_schedule_event( time(), 'twicedaily', 'wp_https_detection' ); |
|
170 } |
|
171 } |
|
172 |
|
173 /** |
|
174 * Disables SSL verification if the 'cron_request' arguments include an HTTPS URL. |
|
175 * |
|
176 * This prevents an issue if HTTPS breaks, where there would be a failed attempt to verify HTTPS. |
|
177 * |
|
178 * @since 5.7.0 |
|
179 * @access private |
|
180 * |
|
181 * @param array $request The Cron request arguments. |
|
182 * @return array The filtered Cron request arguments. |
|
183 */ |
|
184 function wp_cron_conditionally_prevent_sslverify( $request ) { |
|
185 if ( 'https' === wp_parse_url( $request['url'], PHP_URL_SCHEME ) ) { |
|
186 $request['args']['sslverify'] = false; |
|
187 } |
|
188 return $request; |
|
189 } |
157 } |
190 |
158 |
191 /** |
159 /** |
192 * Checks whether a given HTML string is likely an output from this WordPress site. |
160 * Checks whether a given HTML string is likely an output from this WordPress site. |
193 * |
161 * |
203 */ |
171 */ |
204 function wp_is_local_html_output( $html ) { |
172 function wp_is_local_html_output( $html ) { |
205 // 1. Check if HTML includes the site's Really Simple Discovery link. |
173 // 1. Check if HTML includes the site's Really Simple Discovery link. |
206 if ( has_action( 'wp_head', 'rsd_link' ) ) { |
174 if ( has_action( 'wp_head', 'rsd_link' ) ) { |
207 $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). |
175 $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). |
208 return false !== strpos( $html, $pattern ); |
176 return str_contains( $html, $pattern ); |
209 } |
177 } |
210 |
178 |
211 // 2. Check if HTML includes the site's Windows Live Writer manifest link. |
179 // 2. Check if HTML includes the site's REST API link. |
212 if ( has_action( 'wp_head', 'wlwmanifest_link' ) ) { |
|
213 // Try both HTTPS and HTTP since the URL depends on context. |
|
214 $pattern = preg_replace( '#^https?:(?=//)#', '', includes_url( 'wlwmanifest.xml' ) ); // See wlwmanifest_link(). |
|
215 return false !== strpos( $html, $pattern ); |
|
216 } |
|
217 |
|
218 // 3. Check if HTML includes the site's REST API link. |
|
219 if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { |
180 if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { |
220 // Try both HTTPS and HTTP since the URL depends on context. |
181 // Try both HTTPS and HTTP since the URL depends on context. |
221 $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). |
182 $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). |
222 return false !== strpos( $html, $pattern ); |
183 return str_contains( $html, $pattern ); |
223 } |
184 } |
224 |
185 |
225 // Otherwise the result cannot be determined. |
186 // Otherwise the result cannot be determined. |
226 return null; |
187 return null; |
227 } |
188 } |