WordPress/wp-includes/https-migration.php

143 lines
4.6 KiB
PHP
Raw Permalink Normal View History

Security, Site Health: Make migrating a site to HTTPS a one-click interaction. Switching a WordPress site from HTTP to HTTPS has historically been a tedious task. While on the surface the Site Address and WordPress Address have to be updated, existing content still remains using HTTP URLs where hard-coded in the database. Furthermore, updating _two_ URLs to migrate to HTTPS is still a fairly unintuitive step which is not clearly explained. This changeset simplifies migration from HTTP to HTTPS and, where possible, makes it a one-click interaction. * Automatically replace insecure versions of the Site Address (`home_url()`) with its HTTPS counterpart on the fly if the site has been migrated from HTTP to HTTPS. This is accomplished by introducing a `https_migration_required` option and enabling it when the `home_url()` is accordingly changed. * A new `wp_replace_insecure_home_url()` function is hooked into various pieces of content to replace URLs accordingly. * The migration only kicks in when the Site Address (`home_url()`) and WordPress Address (`site_url()`) match, which is the widely common case. Configurations where these differ are often maintained by more advanced users, where this migration routine would be less essential - something to potentially iterate on in the future though. * The migration does not actually update content in the database. More savvy users that prefer to do that can prevent the migration logic from running by either deleting the `https_migration_required` option or using the new `wp_should_replace_insecure_home_url` filter. * For fresh sites that do not have any content yet at the point of changing the URLs to HTTPS, the migration will also be skipped since it would not be relevant. * Expose a primary action in the Site Health recommendation, if HTTPS is already supported by the environment, built on top of the HTTPS detection mechanism from [49904]. When clicked, the default behavior is to update `home_url()` and `site_url()` in one go to their HTTPS counterpart. * A new `wp_update_urls_to_https()` function takes care of the update routine. * A new `update_https` meta capability is introduced to control access. * If the site's URLs are controlled by constants, this update is not automatically possible, so in these scenarios the user is informed about that in the HTTPS status check in Site Health. * Allow hosting providers to modify the URLs linked to in the HTTPS status check in Site Health, similar to how that is possible for the URLs around updating the PHP version. * A `WP_UPDATE_HTTPS_URL` environment variable or `wp_update_https_url` filter can be used to provide a custom URL with guidance about updating the site to use HTTPS. * A `WP_DIRECT_UPDATE_HTTPS_URL` environment variable or `wp_direct_update_https_url` filter can be used to provide a custom URL for the primary CTA to update the site to use HTTPS. Props flixos90, timothyblynjacobs. Fixes #51437. Built from https://develop.svn.wordpress.org/trunk@50131 git-svn-id: http://core.svn.wordpress.org/trunk@49810 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 01:10:01 +01:00
<?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
Security, Site Health: Make migrating a site to HTTPS a one-click interaction. Switching a WordPress site from HTTP to HTTPS has historically been a tedious task. While on the surface the Site Address and WordPress Address have to be updated, existing content still remains using HTTP URLs where hard-coded in the database. Furthermore, updating _two_ URLs to migrate to HTTPS is still a fairly unintuitive step which is not clearly explained. This changeset simplifies migration from HTTP to HTTPS and, where possible, makes it a one-click interaction. * Automatically replace insecure versions of the Site Address (`home_url()`) with its HTTPS counterpart on the fly if the site has been migrated from HTTP to HTTPS. This is accomplished by introducing a `https_migration_required` option and enabling it when the `home_url()` is accordingly changed. * A new `wp_replace_insecure_home_url()` function is hooked into various pieces of content to replace URLs accordingly. * The migration only kicks in when the Site Address (`home_url()`) and WordPress Address (`site_url()`) match, which is the widely common case. Configurations where these differ are often maintained by more advanced users, where this migration routine would be less essential - something to potentially iterate on in the future though. * The migration does not actually update content in the database. More savvy users that prefer to do that can prevent the migration logic from running by either deleting the `https_migration_required` option or using the new `wp_should_replace_insecure_home_url` filter. * For fresh sites that do not have any content yet at the point of changing the URLs to HTTPS, the migration will also be skipped since it would not be relevant. * Expose a primary action in the Site Health recommendation, if HTTPS is already supported by the environment, built on top of the HTTPS detection mechanism from [49904]. When clicked, the default behavior is to update `home_url()` and `site_url()` in one go to their HTTPS counterpart. * A new `wp_update_urls_to_https()` function takes care of the update routine. * A new `update_https` meta capability is introduced to control access. * If the site's URLs are controlled by constants, this update is not automatically possible, so in these scenarios the user is informed about that in the HTTPS status check in Site Health. * Allow hosting providers to modify the URLs linked to in the HTTPS status check in Site Health, similar to how that is possible for the URLs around updating the PHP version. * A `WP_UPDATE_HTTPS_URL` environment variable or `wp_update_https_url` filter can be used to provide a custom URL with guidance about updating the site to use HTTPS. * A `WP_DIRECT_UPDATE_HTTPS_URL` environment variable or `wp_direct_update_https_url` filter can be used to provide a custom URL for the primary CTA to update the site to use HTTPS. Props flixos90, timothyblynjacobs. Fixes #51437. Built from https://develop.svn.wordpress.org/trunk@50131 git-svn-id: http://core.svn.wordpress.org/trunk@49810 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 01:10:01 +01:00
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}