From 4d9c482e7923bfae6c82b60d9ce1adc2fb62ecd7 Mon Sep 17 00:00:00 2001 From: Dominik Schilling Date: Sat, 21 Sep 2019 15:59:56 +0000 Subject: [PATCH] File Editor: Don't verify SSL certificate when doing loopback requests for checking for fatal errors. Props Clorith. See #47957. Built from https://develop.svn.wordpress.org/trunk@46230 git-svn-id: http://core.svn.wordpress.org/trunk@46042 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/includes/file.php | 5 ++++- wp-includes/version.php | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/wp-admin/includes/file.php b/wp-admin/includes/file.php index 9d5244202e..93bdebfa8d 100644 --- a/wp-admin/includes/file.php +++ b/wp-admin/includes/file.php @@ -518,6 +518,9 @@ function wp_edit_theme_plugin_file( $args ) { 'Cache-Control' => 'no-cache', ); + /** This filter is documented in wp-includes/class-wp-http-streams.php */ + $sslverify = apply_filters( 'https_local_ssl_verify', false ); + // Include Basic auth in loopback requests. if ( isset( $_SERVER['PHP_AUTH_USER'] ) && isset( $_SERVER['PHP_AUTH_PW'] ) ) { $headers['Authorization'] = 'Basic ' . base64_encode( wp_unslash( $_SERVER['PHP_AUTH_USER'] ) . ':' . wp_unslash( $_SERVER['PHP_AUTH_PW'] ) ); @@ -547,7 +550,7 @@ function wp_edit_theme_plugin_file( $args ) { $url = admin_url(); } $url = add_query_arg( $scrape_params, $url ); - $r = wp_remote_get( $url, compact( 'cookies', 'headers', 'timeout' ) ); + $r = wp_remote_get( $url, compact( 'cookies', 'headers', 'timeout', 'sslverify' ) ); $body = wp_remote_retrieve_body( $r ); $scrape_result_position = strpos( $body, $needle_start ); diff --git a/wp-includes/version.php b/wp-includes/version.php index 3eec13a91d..e22d5c3e03 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -13,7 +13,7 @@ * * @global string $wp_version */ -$wp_version = '5.3-alpha-46229'; +$wp_version = '5.3-alpha-46230'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.