From 918610fb88cb1e8dec46f46323d7b04ca1a1d4f3 Mon Sep 17 00:00:00 2001 From: Clorith Date: Wed, 2 Jun 2021 00:51:57 +0000 Subject: [PATCH] Site Health: Conditionally run Authorization header test. The test to confirm if Authorization headers can be used and recognized by WordPress needs to include a username and password combination that WordPress can compare against during the testing phase. The inclusion of credentials here would unfortunately also invalidate any existing basic auth session for the site, for example if the user had added this as an extra layer of security on their back-end. This test is now skipped if the `wp_is_site_protected_by_basic_auth()` function detects that basic auth is being used, since the act of using basic auth to access the site confirms that this feature is working as expected in the first place. Props WebDragon, TimothyBlynJacobs, costdev. Fixes #52642. Built from https://develop.svn.wordpress.org/trunk@51057 git-svn-id: http://core.svn.wordpress.org/trunk@50666 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/includes/class-wp-site-health.php | 14 ++++++++++---- wp-includes/version.php | 2 +- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/wp-admin/includes/class-wp-site-health.php b/wp-admin/includes/class-wp-site-health.php index be1d439aee..81908008d3 100644 --- a/wp-admin/includes/class-wp-site-health.php +++ b/wp-admin/includes/class-wp-site-health.php @@ -2348,15 +2348,21 @@ class WP_Site_Health { 'has_rest' => true, 'async_direct_test' => array( WP_Site_Health::get_instance(), 'get_test_https_status' ), ), - 'authorization_header' => array( + ), + ); + + // Conditionally include Authorization header test if the site isn't protected by Basic Auth. + if ( function_exists( 'wp_is_site_protected_by_basic_auth' ) ) { + if ( ! wp_is_site_protected_by_basic_auth() ) { + $tests['async']['authorization_header'] = array( 'label' => __( 'Authorization header' ), 'test' => rest_url( 'wp-site-health/v1/tests/authorization-header' ), 'has_rest' => true, 'headers' => array( 'Authorization' => 'Basic ' . base64_encode( 'user:pwd' ) ), 'skip_cron' => true, - ), - ), - ); + ); + } + } // Conditionally include REST rules if the function for it exists. if ( function_exists( 'rest_url' ) ) { diff --git a/wp-includes/version.php b/wp-includes/version.php index f80aeb865f..f8a29a00c5 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -13,7 +13,7 @@ * * @global string $wp_version */ -$wp_version = '5.8-alpha-51056'; +$wp_version = '5.8-alpha-51057'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.