array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( $unverified_response->get_error_code(), $unverified_response->get_error_message() ); } else { $support_errors->add( 'ssl_verification_failed', $response->get_error_message() ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_owned_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } update_option( 'https_detection_errors', $support_errors->errors ); } /** * Schedules the Cron hook for detecting HTTPS support. * * @since 5.7.0 * @access private */ function wp_schedule_https_detection() { if ( wp_installing() ) { return; } if ( ! wp_next_scheduled( 'wp_https_detection' ) ) { wp_schedule_event( time(), 'twicedaily', 'wp_https_detection' ); } } /** * Disables SSL verification if the 'cron_request' arguments include an HTTPS URL. * * This prevents an issue if HTTPS breaks, where there would be a failed attempt to verify HTTPS. * * @since 5.7.0 * @access private * * @param array $request The Cron request arguments. * @return array $request The filtered Cron request arguments. */ function wp_cron_conditionally_prevent_sslverify( $request ) { if ( 'https' === wp_parse_url( $request['url'], PHP_URL_SCHEME ) ) { $request['args']['sslverify'] = false; } return $request; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_owned_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ); // See rsd_link(). return false !== strpos( $html, $pattern ); } // 2. Check if HTML includes the site's Windows Live Writer manifest link. if ( has_action( 'wp_head', 'wlwmanifest_link' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', includes_url( 'wlwmanifest.xml' ) ); // See wlwmanifest_link(). return false !== strpos( $html, $pattern ); } // 3. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = esc_url( preg_replace( '#^https?:(?=//)#', '', get_rest_url() ) ); // See rest_output_link_wp_head(). return false !== strpos( $html, $pattern ); } // Otherwise the result cannot be determined. return null; }