Standardise on performing api.WordPress.org requests over SSL when possible, falling back to non-SSL when appropriate.

This also standardises the `User-Agent` used when communicating with WordPress.org, allowing for more consistent version detection. Fixes #42004. Built from https://develop.svn.wordpress.org/trunk@41605 git-svn-id: http://core.svn.wordpress.org/trunk@41440 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-27 08:00:49 +00:00 · 2017-09-27 08:00:49 +00:00 · db86c635ba
parent b32256701a
commit db86c635ba
8 changed files with 51 additions and 12 deletions
--- a/wp-admin/includes/class-wp-community-events.php
+++ b/wp-admin/includes/class-wp-community-events.php
@ -92,8 +92,17 @@ class WP_Community_Events {
 			return $cached_events;
 		}

-		$api_url        = 'https://api.wordpress.org/events/1.0/';
-		$request_args   = $this->get_request_args( $location_search, $timezone );
+		// include an unmodified $wp_version
+		include( ABSPATH . WPINC . '/version.php' );
+
+		$api_url      = 'http://api.wordpress.org/events/1.0/';
+		$request_args = $this->get_request_args( $location_search, $timezone );
+		$request_args['user-agent'] = 'WordPress/' . $wp_version . '; ' . home_url( '/' );
+
+		if ( wp_http_supports( array( 'ssl' ) ) ) {
+			$api_url = set_url_scheme( $api_url, 'https' );
+		}
+
 		$response       = wp_remote_get( $api_url, $request_args );
 		$response_code  = wp_remote_retrieve_response_code( $response );
 		$response_body  = json_decode( wp_remote_retrieve_body( $response ), true );
--- a/wp-admin/includes/credits.php
+++ b/wp-admin/includes/credits.php
@ -15,7 +15,9 @@
 * @return array|false A list of all of the contributors, or false on error.
 */
 function wp_credits() {
-	$wp_version = get_bloginfo( 'version' );
+	// include an unmodified $wp_version
+	include( ABSPATH . WPINC . '/version.php' );
+
 	$locale = get_user_locale();

 	$results = get_site_transient( 'wordpress_credits_' . $locale );
@ -24,7 +26,14 @@ function wp_credits() {
 		|| false !== strpos( $wp_version, '-' )
 		|| ( isset( $results['data']['version'] ) && strpos( $wp_version, $results['data']['version'] ) !== 0 )
 	) {
-		$response = wp_remote_get( "http://api.wordpress.org/core/credits/1.1/?version={$wp_version}&locale={$locale}" );
+		$url = "http://api.wordpress.org/core/credits/1.1/?version={$wp_version}&locale={$locale}";
+		$options = array( 'user-agent' => 'WordPress/' . $wp_version . '; ' . home_url( '/' ) );
+
+		if ( wp_http_supports( array( 'ssl' ) ) ) {
+			$url = set_url_scheme( $url, 'https' );
+		}
+
+		$response = wp_remote_get( $url, $options );

 		if ( is_wp_error( $response ) || 200 != wp_remote_retrieve_response_code( $response ) )
 			return false;
--- a/wp-admin/includes/dashboard.php
+++ b/wp-admin/includes/dashboard.php
@ -1509,12 +1509,20 @@ function wp_check_browser_version() {
 	$key = md5( $_SERVER['HTTP_USER_AGENT'] );

 	if ( false === ($response = get_site_transient('browser_' . $key) ) ) {
+		// include an unmodified $wp_version
+		include( ABSPATH . WPINC . '/version.php' );
+
+		$url = 'http://api.wordpress.org/core/browse-happy/1.1/';
 		$options = array(
-			'body'			=> array( 'useragent' => $_SERVER['HTTP_USER_AGENT'] ),
-			'user-agent'	=> 'WordPress/' . get_bloginfo( 'version' ) . '; ' . home_url()
+			'body'       => array( 'useragent' => $_SERVER['HTTP_USER_AGENT'] ),
+			'user-agent' => 'WordPress/' . $wp_version . '; ' . home_url( '/' )
 		);

-		$response = wp_remote_post( 'http://api.wordpress.org/core/browse-happy/1.1/', $options );
+		if ( wp_http_supports( array( 'ssl' ) ) ) {
+			$url = set_url_scheme( $url, 'https' );
+		}
+
+		$response = wp_remote_post( $url, $options );

 		if ( is_wp_error( $response ) || 200 != wp_remote_retrieve_response_code( $response ) )
 			return false;
--- a/wp-admin/includes/import.php
+++ b/wp-admin/includes/import.php
@ -131,10 +131,15 @@ function wp_get_popular_importers() {

 	if ( ! $popular_importers ) {
 		$url = add_query_arg( array(
-			'locale'  => get_user_locale(),
+			'locale'  => $locale,
 			'version' => $wp_version,
 		), 'http://api.wordpress.org/core/importers/1.1/' );
-		$options = array( 'user-agent' => 'WordPress/' . $wp_version . '; ' . home_url() );
+		$options = array( 'user-agent' => 'WordPress/' . $wp_version . '; ' . home_url( '/' ) );
+
+		if ( wp_http_supports( array( 'ssl' ) ) ) {
+			$url = set_url_scheme( $url, 'https' );
+		}
+
 		$response = wp_remote_get( $url, $options );
 		$popular_importers = json_decode( wp_remote_retrieve_body( $response ), true );

--- a/wp-admin/includes/plugin-install.php
+++ b/wp-admin/includes/plugin-install.php
@ -141,12 +141,16 @@ function plugins_api( $action, $args = array() ) {
 	$res = apply_filters( 'plugins_api', false, $action, $args );

 	if ( false === $res ) {
+		// include an unmodified $wp_version
+		include( ABSPATH . WPINC . '/version.php' );
+
 		$url = $http_url = 'http://api.wordpress.org/plugins/info/1.0/';
 		if ( $ssl = wp_http_supports( array( 'ssl' ) ) )
 			$url = set_url_scheme( $url, 'https' );

 		$http_args = array(
 			'timeout' => 15,
+			'user-agent' => 'WordPress/' . $wp_version . '; ' . home_url( '/' ),
 			'body' => array(
 				'action' => $action,
 				'request' => serialize( $args )
--- a/wp-admin/includes/theme.php
+++ b/wp-admin/includes/theme.php
@ -448,11 +448,15 @@ function themes_api( $action, $args = array() ) {
 	$res = apply_filters( 'themes_api', false, $action, $args );

 	if ( ! $res ) {
+		// include an unmodified $wp_version
+		include( ABSPATH . WPINC . '/version.php' );
+
 		$url = $http_url = 'http://api.wordpress.org/themes/info/1.0/';
 		if ( $ssl = wp_http_supports( array( 'ssl' ) ) )
 			$url = set_url_scheme( $url, 'https' );

 		$http_args = array(
+			'user-agent' => 'WordPress/' . $wp_version . '; ' . home_url( '/' ),
 			'body' => array(
 				'action' => $action,
 				'request' => serialize( $args )
--- a/wp-includes/update.php
+++ b/wp-includes/update.php
@ -301,7 +301,7 @@ function wp_update_plugins( $extra_stats = array() ) {
 			'locale'       => wp_json_encode( $locales ),
 			'all'          => wp_json_encode( true ),
 		),
-		'user-agent' => 'WordPress/' . $wp_version . '; ' . get_bloginfo( 'url' )
+		'user-agent' => 'WordPress/' . $wp_version . '; ' . home_url( '/' )
 	);

 	if ( $extra_stats ) {
@ -479,7 +479,7 @@ function wp_update_themes( $extra_stats = array() ) {
 			'translations' => wp_json_encode( $translations ),
 			'locale'       => wp_json_encode( $locales ),
 		),
-		'user-agent'	=> 'WordPress/' . $wp_version . '; ' . get_bloginfo( 'url' )
+		'user-agent'	=> 'WordPress/' . $wp_version . '; ' . home_url( '/' )
 	);

 	if ( $extra_stats ) {
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@ -4,7 +4,7 @@
 *
 * @global string $wp_version
 */
-$wp_version = '4.9-alpha-41604';
+$wp_version = '4.9-alpha-41605';

 /**
 * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.