wp/wp-includes/https-detection.php
changeset 21 48c4eec2b7e6
parent 19 3d72ae0968f4
child 22 8c2e4d02f4ef
equal deleted inserted replaced
20:7b1b88e27a20 21:48c4eec2b7e6
    47  * @see site_url()
    47  * @see site_url()
    48  *
    48  *
    49  * @return bool True if using HTTPS, false otherwise.
    49  * @return bool True if using HTTPS, false otherwise.
    50  */
    50  */
    51 function wp_is_site_url_using_https() {
    51 function wp_is_site_url_using_https() {
    52 	// Use direct option access for 'siteurl' and manually run the 'site_url'
    52 	/*
    53 	// filter because `site_url()` will adjust the scheme based on what the
    53 	 * Use direct option access for 'siteurl' and manually run the 'site_url'
    54 	// current request is using.
    54 	 * filter because `site_url()` will adjust the scheme based on what the
       
    55 	 * current request is using.
       
    56 	 */
    55 	/** This filter is documented in wp-includes/link-template.php */
    57 	/** This filter is documented in wp-includes/link-template.php */
    56 	$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
    58 	$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
    57 
    59 
    58 	return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
    60 	return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
    59 }
    61 }
    82 /**
    84 /**
    83  * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
    85  * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
    84  *
    86  *
    85  * This internal function is called by a regular Cron hook to ensure HTTPS support is detected and maintained.
    87  * This internal function is called by a regular Cron hook to ensure HTTPS support is detected and maintained.
    86  *
    88  *
    87  * @since 5.7.0
    89  * @since 6.4.0
    88  * @access private
    90  * @access private
    89  */
    91  */
    90 function wp_update_https_detection_errors() {
    92 function wp_get_https_detection_errors() {
    91 	/**
    93 	/**
    92 	 * Short-circuits the process of detecting errors related to HTTPS support.
    94 	 * Short-circuits the process of detecting errors related to HTTPS support.
    93 	 *
    95 	 *
    94 	 * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
    96 	 * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
    95 	 * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
    97 	 * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
    96 	 *
    98 	 *
    97 	 * @since 5.7.0
    99 	 * @since 6.4.0
    98 	 *
   100 	 *
    99 	 * @param null|WP_Error $pre Error object to short-circuit detection,
   101 	 * @param null|WP_Error $pre Error object to short-circuit detection,
   100 	 *                           or null to continue with the default behavior.
   102 	 *                           or null to continue with the default behavior.
       
   103 	 * @return null|WP_Error Error object if HTTPS detection errors are found, null otherwise.
   101 	 */
   104 	 */
   102 	$support_errors = apply_filters( 'pre_wp_update_https_detection_errors', null );
   105 	$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
   103 	if ( is_wp_error( $support_errors ) ) {
   106 	if ( is_wp_error( $support_errors ) ) {
   104 		update_option( 'https_detection_errors', $support_errors->errors );
   107 		return $support_errors->errors;
   105 		return;
       
   106 	}
   108 	}
   107 
   109 
   108 	$support_errors = new WP_Error();
   110 	$support_errors = new WP_Error();
   109 
   111 
   110 	$response = wp_remote_request(
   112 	$response = wp_remote_request(
   149 		} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
   151 		} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
   150 			$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
   152 			$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
   151 		}
   153 		}
   152 	}
   154 	}
   153 
   155 
   154 	update_option( 'https_detection_errors', $support_errors->errors );
   156 	return $support_errors->errors;
   155 }
       
   156 
       
   157 /**
       
   158  * Schedules the Cron hook for detecting HTTPS support.
       
   159  *
       
   160  * @since 5.7.0
       
   161  * @access private
       
   162  */
       
   163 function wp_schedule_https_detection() {
       
   164 	if ( wp_installing() ) {
       
   165 		return;
       
   166 	}
       
   167 
       
   168 	if ( ! wp_next_scheduled( 'wp_https_detection' ) ) {
       
   169 		wp_schedule_event( time(), 'twicedaily', 'wp_https_detection' );
       
   170 	}
       
   171 }
       
   172 
       
   173 /**
       
   174  * Disables SSL verification if the 'cron_request' arguments include an HTTPS URL.
       
   175  *
       
   176  * This prevents an issue if HTTPS breaks, where there would be a failed attempt to verify HTTPS.
       
   177  *
       
   178  * @since 5.7.0
       
   179  * @access private
       
   180  *
       
   181  * @param array $request The Cron request arguments.
       
   182  * @return array The filtered Cron request arguments.
       
   183  */
       
   184 function wp_cron_conditionally_prevent_sslverify( $request ) {
       
   185 	if ( 'https' === wp_parse_url( $request['url'], PHP_URL_SCHEME ) ) {
       
   186 		$request['args']['sslverify'] = false;
       
   187 	}
       
   188 	return $request;
       
   189 }
   157 }
   190 
   158 
   191 /**
   159 /**
   192  * Checks whether a given HTML string is likely an output from this WordPress site.
   160  * Checks whether a given HTML string is likely an output from this WordPress site.
   193  *
   161  *
   203  */
   171  */
   204 function wp_is_local_html_output( $html ) {
   172 function wp_is_local_html_output( $html ) {
   205 	// 1. Check if HTML includes the site's Really Simple Discovery link.
   173 	// 1. Check if HTML includes the site's Really Simple Discovery link.
   206 	if ( has_action( 'wp_head', 'rsd_link' ) ) {
   174 	if ( has_action( 'wp_head', 'rsd_link' ) ) {
   207 		$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
   175 		$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
   208 		return false !== strpos( $html, $pattern );
   176 		return str_contains( $html, $pattern );
   209 	}
   177 	}
   210 
   178 
   211 	// 2. Check if HTML includes the site's Windows Live Writer manifest link.
   179 	// 2. Check if HTML includes the site's REST API link.
   212 	if ( has_action( 'wp_head', 'wlwmanifest_link' ) ) {
       
   213 		// Try both HTTPS and HTTP since the URL depends on context.
       
   214 		$pattern = preg_replace( '#^https?:(?=//)#', '', includes_url( 'wlwmanifest.xml' ) ); // See wlwmanifest_link().
       
   215 		return false !== strpos( $html, $pattern );
       
   216 	}
       
   217 
       
   218 	// 3. Check if HTML includes the site's REST API link.
       
   219 	if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
   180 	if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
   220 		// Try both HTTPS and HTTP since the URL depends on context.
   181 		// Try both HTTPS and HTTP since the URL depends on context.
   221 		$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
   182 		$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
   222 		return false !== strpos( $html, $pattern );
   183 		return str_contains( $html, $pattern );
   223 	}
   184 	}
   224 
   185 
   225 	// Otherwise the result cannot be determined.
   186 	// Otherwise the result cannot be determined.
   226 	return null;
   187 	return null;
   227 }
   188 }