Commit Graph

14 Commits

Author SHA1 Message Date
Felix Arntz f7d4ea3ceb Site Health: Remove use of deprecated function from `wp_is_https_supported()`.
Follow up to [56664].

Props peter8nss, debarghyabanerjee, sebastienserre, geekofshire, swissspidy, desrosj.
Fixes #62252.
See #58494.

Built from https://develop.svn.wordpress.org/trunk@59517


git-svn-id: http://core.svn.wordpress.org/trunk@58903 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-12-16 14:08:24 +00:00
Adam Silverstein 77582c4be9 Security: remove the cron event that checked for https support.
Fix an issue where a cron job ran every 12 hours to check for https support - even when https support was already enabled. The check is now run only when the user visits the Site Health page. Reducing the unneeded requests lowers the impact and load of hosting WordPress sites.

The `wp_update_https_detection_errors` function is deprecated and the `https_detection_errors` option that was previously set by the cron job is no longer maintained. The `pre_wp_update_https_detection_errors` filter is deprecated and replaced by the `pre_wp_get_https_detection_errors` filter  which serves the same function.

Props audrasjb, johnbillion, Michi91.
Fixes #58494.


Built from https://develop.svn.wordpress.org/trunk@56664


git-svn-id: http://core.svn.wordpress.org/trunk@56176 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-22 19:08:19 +00:00
audrasjb 321158f726 Docs: Replace multiple single line comments with multi-line comments.
This changeset updates various comments as per WordPress PHP Inline Documentation Standards.
See https://developer.wordpress.org/coding-standards/inline-documentation-standards/php/#5-inline-comments.

Follow-up to [56174], [56175], [56176], [56177], [56178], [56179], [56180].

Props costdev, audrasjb.
See #58459.



Built from https://develop.svn.wordpress.org/trunk@56191


git-svn-id: http://core.svn.wordpress.org/trunk@55703 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-07-10 22:38:25 +00:00
Sergey Biryukov 1ce5dc7444 Code Modernization: Replace usage of `strpos()` with `str_contains()`.
`str_contains()` was introduced in PHP 8.0 to perform a case-sensitive check indicating if the string to search in (haystack) contains the given substring (needle).

WordPress core includes a polyfill for `str_contains()` on PHP < 8.0 as of WordPress 5.9.

This commit replaces `false !== strpos( ... )` with `str_contains()` in core files, making the code more readable and consistent, as well as better aligned with modern development practices.

Follow-up to [52039], [52040], [52326], [55703], [55710], [55987].

Props Soean, spacedmonkey, costdev, dingo_d, azaozz, mikeschroder, flixos90, peterwilsoncc, SergeyBiryukov.
Fixes #58206.
Built from https://develop.svn.wordpress.org/trunk@55988


git-svn-id: http://core.svn.wordpress.org/trunk@55500 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-06-22 14:36:26 +00:00
Sergey Biryukov e3360c89e2 General: Remove Windows Live Writer manifest file.
The XML manifest was originally added in WordPress 2.3.1 to turn on tagging support in Windows Live Writer.

Given that the last major release of the software came out in 2012, and it was completely discontinued in January 2017, including this file in core no longer provides any benefit.

Follow-up to [6192], [49904].

Props joostdevalk, ayeshrajans, flixos90, jhabdas, frank-klein, wtranch, SergeyBiryukov.
Fixes #41404.
Built from https://develop.svn.wordpress.org/trunk@55620


git-svn-id: http://core.svn.wordpress.org/trunk@55132 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-04-04 14:56:22 +00:00
John Blackbourn 77bf28a1b7 Docs: Miscellaneous inline documentation improvements.
See #55646

Built from https://develop.svn.wordpress.org/trunk@53878


git-svn-id: http://core.svn.wordpress.org/trunk@53437 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-08-11 14:11:08 +00:00
John Blackbourn 39bff93b6b Docs: Various inline documentation corrections and improvements.
See #53399

Built from https://develop.svn.wordpress.org/trunk@52332


git-svn-id: http://core.svn.wordpress.org/trunk@51924 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-12-07 12:20:02 +00:00
Sergey Biryukov 63ea8284a3 Docs: Miscellaneous DocBlock corrections.
See #52628.
Built from https://develop.svn.wordpress.org/trunk@50916


git-svn-id: http://core.svn.wordpress.org/trunk@50525 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-05-15 17:38:05 +00:00
Sergey Biryukov e1239d91a9 Security, Site Health: Do not store HTTPS request error messages in an option.
This changes the logic in `update_https_detection_errors()` to never store error messages from the actual request since they could use a different encoding, which would make storing them in an option potentially fail, leading WordPress to then falsely assume that HTTPS is supported.

While this doesn't actually fix the encoding issue, it is not crucial to do so anyway, since these messages are not used anywhere. A simple differentiation between whether the overall HTTPS request or only the SSL verification failed should be sufficient for the purpose of this function.

Props flixos90, tmatsuur, lukecarbis.
Fixes #52484.
Built from https://develop.svn.wordpress.org/trunk@50471


git-svn-id: http://core.svn.wordpress.org/trunk@50082 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-03-02 15:08:09 +00:00
Felix Arntz f7fd9adee1 Security: Fix bug in `wp_is_local_html_output()`.
Prior to this changeset, the check for the correct RSD link output was relying on a specific protocol, although it needs to accept both the HTTP and HTTPS version of the URL.

Props TimothyBlynJacobs.
Fixes #52542. See #47577.

Built from https://develop.svn.wordpress.org/trunk@50391


git-svn-id: http://core.svn.wordpress.org/trunk@50002 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-19 21:13:08 +00:00
Felix Arntz d9d883468b Security: Allow short-circuiting the `wp_update_https_detection_errors()` process.
This changeset introduces a `pre_wp_update_https_detection_errors` filter which can be used to short-circuit the default logic for detecting problems with HTTPS support for the site, by returning a `WP_Error` object.

Props timothyblynjacobs.
See #47577.

Built from https://develop.svn.wordpress.org/trunk@50075


git-svn-id: http://core.svn.wordpress.org/trunk@49775 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-29 20:00:02 +00:00
Felix Arntz 9d348e26f3 Security, Site Health: Improve accuracy in messaging about HTTPS support.
Following up on [49904], this changeset focuses mainly on improving the guidance about the current state of HTTPS in Site Health.

* Correct the existing copy to indicate that both the Site Address and the WordPress Address need to be changed to fully switch to HTTPS.
* Link to the respective input fields via anchor links rather than to the overall General Settings screen.
* Show different copy if the site is using HTTPS for the WordPress Address (for example to have only the administration panel in HTTPS), but not for the Site Address.
* Inform the user about potential problems even when the site is already using HTTPS, for example if the SSL certificate was no longer valid.
* Always rely on fresh information for determining HTTPS support issues in Site Health, and therefore change the `https_status` test to become asynchronous.
* Rename the new private `wp_is_owned_html_output()` function to a more appropriate `wp_is_local_html_output()`.

Props adamsilverstein, flixos90, johnjamesjacoby, timothyblynjacobs.
See #47577.

Built from https://develop.svn.wordpress.org/trunk@50072


git-svn-id: http://core.svn.wordpress.org/trunk@49773 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-29 19:10:58 +00:00
Gary Pendergast 4dc59b954a Site Health: Check that WordPress is installed before scheduling the HTTPS cron.
Trying to schedule cron jobs before WordPress is installed results in DB errors, which is suboptimal.

See #47577.


Built from https://develop.svn.wordpress.org/trunk@49909


git-svn-id: http://core.svn.wordpress.org/trunk@49608 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-12-28 01:45:06 +00:00
Felix Arntz c81db1f6e6 Security, Site Health: Detect HTTPS support and encourage switching.
This changeset modifies the Site Health panel for HTTPS to provide more accurate recommendations based on whether the environment is already set up for HTTPS.

* Introduces `wp_is_using_https()` to check whether the site is configured to use HTTPS (via its Site Address and WordPress Address).
* Introduces `wp_is_https_supported()` to check whether the environment supports HTTPS. This relies on a cron job which periodically checks support using a loopback request.

Props Clorith, flixos90, miinasikk, westonruter.
Fixes #47577.

Built from https://develop.svn.wordpress.org/trunk@49904


git-svn-id: http://core.svn.wordpress.org/trunk@49603 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-12-23 19:13:04 +00:00