Fix an issue where a cron job ran every 12 hours to check for https support - even when https support was already enabled. The check is now run only when the user visits the Site Health page. Reducing the unneeded requests lowers the impact and load of hosting WordPress sites.
The `wp_update_https_detection_errors` function is deprecated and the `https_detection_errors` option that was previously set by the cron job is no longer maintained. The `pre_wp_update_https_detection_errors` filter is deprecated and replaced by the `pre_wp_get_https_detection_errors` filter which serves the same function.
Props audrasjb, johnbillion, Michi91.
Fixes#58494.
Built from https://develop.svn.wordpress.org/trunk@56664
git-svn-id: http://core.svn.wordpress.org/trunk@56176 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`str_contains()` was introduced in PHP 8.0 to perform a case-sensitive check indicating if the string to search in (haystack) contains the given substring (needle).
WordPress core includes a polyfill for `str_contains()` on PHP < 8.0 as of WordPress 5.9.
This commit replaces `false !== strpos( ... )` with `str_contains()` in core files, making the code more readable and consistent, as well as better aligned with modern development practices.
Follow-up to [52039], [52040], [52326], [55703], [55710], [55987].
Props Soean, spacedmonkey, costdev, dingo_d, azaozz, mikeschroder, flixos90, peterwilsoncc, SergeyBiryukov.
Fixes#58206.
Built from https://develop.svn.wordpress.org/trunk@55988
git-svn-id: http://core.svn.wordpress.org/trunk@55500 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The XML manifest was originally added in WordPress 2.3.1 to turn on tagging support in Windows Live Writer.
Given that the last major release of the software came out in 2012, and it was completely discontinued in January 2017, including this file in core no longer provides any benefit.
Follow-up to [6192], [49904].
Props joostdevalk, ayeshrajans, flixos90, jhabdas, frank-klein, wtranch, SergeyBiryukov.
Fixes#41404.
Built from https://develop.svn.wordpress.org/trunk@55620
git-svn-id: http://core.svn.wordpress.org/trunk@55132 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changes the logic in `update_https_detection_errors()` to never store error messages from the actual request since they could use a different encoding, which would make storing them in an option potentially fail, leading WordPress to then falsely assume that HTTPS is supported.
While this doesn't actually fix the encoding issue, it is not crucial to do so anyway, since these messages are not used anywhere. A simple differentiation between whether the overall HTTPS request or only the SSL verification failed should be sufficient for the purpose of this function.
Props flixos90, tmatsuur, lukecarbis.
Fixes#52484.
Built from https://develop.svn.wordpress.org/trunk@50471
git-svn-id: http://core.svn.wordpress.org/trunk@50082 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset introduces a `pre_wp_update_https_detection_errors` filter which can be used to short-circuit the default logic for detecting problems with HTTPS support for the site, by returning a `WP_Error` object.
Props timothyblynjacobs.
See #47577.
Built from https://develop.svn.wordpress.org/trunk@50075
git-svn-id: http://core.svn.wordpress.org/trunk@49775 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Following up on [49904], this changeset focuses mainly on improving the guidance about the current state of HTTPS in Site Health.
* Correct the existing copy to indicate that both the Site Address and the WordPress Address need to be changed to fully switch to HTTPS.
* Link to the respective input fields via anchor links rather than to the overall General Settings screen.
* Show different copy if the site is using HTTPS for the WordPress Address (for example to have only the administration panel in HTTPS), but not for the Site Address.
* Inform the user about potential problems even when the site is already using HTTPS, for example if the SSL certificate was no longer valid.
* Always rely on fresh information for determining HTTPS support issues in Site Health, and therefore change the `https_status` test to become asynchronous.
* Rename the new private `wp_is_owned_html_output()` function to a more appropriate `wp_is_local_html_output()`.
Props adamsilverstein, flixos90, johnjamesjacoby, timothyblynjacobs.
See #47577.
Built from https://develop.svn.wordpress.org/trunk@50072
git-svn-id: http://core.svn.wordpress.org/trunk@49773 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset modifies the Site Health panel for HTTPS to provide more accurate recommendations based on whether the environment is already set up for HTTPS.
* Introduces `wp_is_using_https()` to check whether the site is configured to use HTTPS (via its Site Address and WordPress Address).
* Introduces `wp_is_https_supported()` to check whether the environment supports HTTPS. This relies on a cron job which periodically checks support using a loopback request.
Props Clorith, flixos90, miinasikk, westonruter.
Fixes#47577.
Built from https://develop.svn.wordpress.org/trunk@49904
git-svn-id: http://core.svn.wordpress.org/trunk@49603 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Adam Silverstein
audrasjb
Sergey Biryukov
John Blackbourn
Felix Arntz
Gary Pendergast