WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Site Health: Conditionally run Authorization header test. 

The test to confirm if Authorization headers can be used and recognized by WordPress needs to include a username and password combination that WordPress can compare against during the testing phase. The inclusion of credentials here would unfortunately also invalidate any existing basic auth session for the site, for example if the user had added this as an extra layer of security on their back-end.

This test is now skipped if the `wp_is_site_protected_by_basic_auth()` function detects that basic auth is being used, since the act of using basic auth to access the site confirms that this feature is working as expected in the first place.

Props WebDragon, TimothyBlynJacobs, costdev.
Fixes #52642.
Built from https://develop.svn.wordpress.org/trunk@51057


git-svn-id: http://core.svn.wordpress.org/trunk@50666 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Clorith 2021-06-02 00:51:57 +00:00
parent 033c742a4e
commit 918610fb88
2 changed files with 11 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
wp-admin/includes/class-wp-site-health.php
View File

@ -2348,15 +2348,21 @@ class WP_Site_Health {
'has_rest' => true,
'async_direct_test' => array( WP_Site_Health::get_instance(), 'get_test_https_status' ),
),
'authorization_header' => array(
),
);
// Conditionally include Authorization header test if the site isn't protected by Basic Auth.
if ( function_exists( 'wp_is_site_protected_by_basic_auth' ) ) {
if ( ! wp_is_site_protected_by_basic_auth() ) {
$tests['async']['authorization_header'] = array(
'label' => __( 'Authorization header' ),
'test' => rest_url( 'wp-site-health/v1/tests/authorization-header' ),
'has_rest' => true,
'headers' => array( 'Authorization' => 'Basic ' . base64_encode( 'user:pwd' ) ),
'skip_cron' => true,
),
),
);
);
}
}
// Conditionally include REST rules if the function for it exists.
if ( function_exists( 'rest_url' ) ) {

2
wp-includes/version.php
View File

@ -13,7 +13,7 @@
*
* @global string $wp_version
*/
$wp_version = '5.8-alpha-51056';
$wp_version = '5.8-alpha-51057';
/**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.