From 068df26686bdc8b423097067e91751072e981448 Mon Sep 17 00:00:00 2001 From: Dion Hulse Date: Mon, 9 Sep 2013 07:54:11 +0000 Subject: [PATCH] Switch to using HTTPS connections for Plugin and Theme API requests when SSL is available. See #18577 Built from https://develop.svn.wordpress.org/trunk@25308 git-svn-id: http://core.svn.wordpress.org/trunk@25270 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/includes/plugin-install.php | 13 ++++++++++++- wp-admin/includes/theme.php | 12 +++++++++++- wp-includes/update.php | 13 ++++++++++--- 3 files changed, 33 insertions(+), 5 deletions(-) diff --git a/wp-admin/includes/plugin-install.php b/wp-admin/includes/plugin-install.php index f1451ddd6b..e1c1ec059d 100644 --- a/wp-admin/includes/plugin-install.php +++ b/wp-admin/includes/plugin-install.php @@ -41,7 +41,18 @@ function plugins_api($action, $args = null) { $res = apply_filters('plugins_api', false, $action, $args); if ( false === $res ) { - $request = wp_remote_post('http://api.wordpress.org/plugins/info/1.0/', array( 'timeout' => 15, 'body' => array('action' => $action, 'request' => serialize($args))) ); + $url = 'http://api.wordpress.org/plugins/info/1.0/'; + if ( wp_http_supports( array( 'ssl' ) ) ) + $url = set_url_scheme( $url, 'https' ); + + $request = wp_remote_post( $url, array( + 'timeout' => 15, + 'body' => array( + 'action' => $action, + 'request' => serialize( $args ) + ) + ) ); + if ( is_wp_error($request) ) { $res = new WP_Error('plugins_api_failed', __( 'An unexpected error occurred. Something may be wrong with WordPress.org or this server’s configuration. If you continue to have problems, please try the support forums.' ), $request->get_error_message() ); } else { diff --git a/wp-admin/includes/theme.php b/wp-admin/includes/theme.php index 315f021386..0e48bac887 100644 --- a/wp-admin/includes/theme.php +++ b/wp-admin/includes/theme.php @@ -282,7 +282,17 @@ function themes_api($action, $args = null) { $res = apply_filters('themes_api', false, $action, $args); //NOTE: Allows a theme to completely override the builtin WordPress.org API. if ( ! $res ) { - $request = wp_remote_post('http://api.wordpress.org/themes/info/1.0/', array( 'body' => array('action' => $action, 'request' => serialize($args))) ); + $url = 'http://api.wordpress.org/themes/info/1.0/'; + if ( wp_http_supports( array( 'ssl' ) ) ) + $url = set_url_scheme( $url, 'https' ); + + $request = wp_remote_post( $url, array( + 'body' => array( + 'action' => $action, + 'request' => serialize( $args ) + ) + ) ); + if ( is_wp_error($request) ) { $res = new WP_Error('themes_api_failed', __( 'An unexpected error occurred. Something may be wrong with WordPress.org or this server’s configuration. If you continue to have problems, please try the support forums.' ), $request->get_error_message() ); } else { diff --git a/wp-includes/update.php b/wp-includes/update.php index 203bf5447b..7c426a13e9 100644 --- a/wp-includes/update.php +++ b/wp-includes/update.php @@ -76,7 +76,6 @@ function wp_version_check() { ); $url = 'http://api.wordpress.org/core/version-check/1.7/?' . http_build_query( $query, null, '&' ); - if ( wp_http_supports( array( 'ssl' ) ) ) $url = set_url_scheme( $url, 'https' ); @@ -205,7 +204,11 @@ function wp_update_plugins() { 'user-agent' => 'WordPress/' . $wp_version . '; ' . get_bloginfo( 'url' ) ); - $raw_response = wp_remote_post('http://api.wordpress.org/plugins/update-check/1.0/', $options); + $url = 'http://api.wordpress.org/plugins/update-check/1.0/'; + if ( wp_http_supports( array( 'ssl' ) ) ) + $url = set_url_scheme( $url, 'https' ); + + $raw_response = wp_remote_post( $url, $options ); if ( is_wp_error( $raw_response ) || 200 != wp_remote_retrieve_response_code( $raw_response ) ) return false; @@ -310,7 +313,11 @@ function wp_update_themes() { 'user-agent' => 'WordPress/' . $wp_version . '; ' . get_bloginfo( 'url' ) ); - $raw_response = wp_remote_post( 'http://api.wordpress.org/themes/update-check/1.0/', $options ); + $url = 'http://api.wordpress.org/themes/update-check/1.0/'; + if ( wp_http_supports( array( 'ssl' ) ) ) + $url = set_url_scheme( $url, 'https' ); + + $raw_response = wp_remote_post( $url, $options ); if ( is_wp_error( $raw_response ) || 200 != wp_remote_retrieve_response_code( $raw_response ) ) return false;