Commit Graph

136 Commits

Author SHA1 Message Date
Clorith
f277e8c168 Site Health: Improve the details provided by the REST API checks.
The descriptions provided whenever a REST API check failed lacked details that would help in troubleshooting any issues, most notably the actual REST API endpoint that was being tested.

Adding this vital piece of detail, along with a revamp of the error messages shown, where previously there was a risk that the markup of your website was included as an error message, improves the overall user experience, and gives more accurate details that can be looked when looking up how to fix or improve the behavior of the REST API.

Props dingo_d, shetheliving.
Fixes #54617.
Built from https://develop.svn.wordpress.org/trunk@54205


git-svn-id: http://core.svn.wordpress.org/trunk@53764 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-09-19 15:30:09 +00:00
Clorith
3c1cd858dd Site Health: Improve the description for Authorization header checks.
Previously the description left the user stuck with no path forward if flushing their permalinks was not enough.

This change givers a clearer description of what approving an application may involve (allowing these to connect to the users site), but also an additional step towards resolution if flushing permalinks are not enough; pointing them towards their host.

Props Presskopp, webcommsat.
Fixes #54508.
Built from https://develop.svn.wordpress.org/trunk@54196


git-svn-id: http://core.svn.wordpress.org/trunk@53755 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-09-17 23:51:08 +00:00
Andrew Ozz
c9d23006db Site health:
- Add a check to `wp_check_php_version()` whether the current PHP version is lower than the next (desired) minimum version.
- Set the next desired minimum PHP version to 7.2.
- Use that check to update the warnings in the `wp_dashboard_php_nag()` widget, and on the Site Health screen.

Props Clorith, SergeyBiryukov, ironprogrammer, azaozz.
See #56199.
Built from https://develop.svn.wordpress.org/trunk@54169


git-svn-id: http://core.svn.wordpress.org/trunk@53728 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-09-14 22:19:14 +00:00
Sergey Biryukov
c03305852e Code Modernization: Add AllowDynamicProperties attribute to all (parent) classes.
Dynamic (non-explicitly declared) properties are deprecated as of PHP 8.2 and are expected to become a fatal error in PHP 9.0.

There are a number of ways to mitigate this:
* If it is an accidental typo for a declared property: fix the typo.
* For known properties: declare them on the class.
* For unknown properties: add the magic `__get()`, `__set()`, et al. methods to the class or let the class extend `stdClass` which has highly optimized versions of these magic methods built in.
* For unknown ''use'' of dynamic properties, the `#[AllowDynamicProperties]` attribute can be added to the class. The attribute will automatically be inherited by child classes.

Trac ticket #56034 is open to investigate and handle the third and fourth type of situations, however it has become clear this will need more time and will not be ready in time for WP 6.1.

To reduce “noise” in the meantime, both in the error logs of WP users moving onto PHP 8.2, in the test run logs of WP itself, in test runs of plugins and themes, as well as to prevent duplicate tickets from being opened for the same issue, this commit adds the `#[AllowDynamicProperties]` attribute to all “parent” classes in WP.

The logic used for this commit is as follows:
* If a class already has the attribute: no action needed.
* If a class does not `extend`: add the attribute.
* If a class does `extend`:
 - If it extends `stdClass`: no action needed (as `stdClass` supports dynamic properties).
 - If it extends a PHP native class: add the attribute.
 - If it extends a class from one of WP's external dependencies: add the attribute.
* In all other cases: no action — the attribute should not be needed as child classes inherit from the parent.

Whether or not a class contains magic methods has not been taken into account, as a review of the currently existing magic methods has shown that those are generally not sturdy enough and often even set dynamic properties (which they should not). See the [https://www.youtube.com/watch?v=vDZWepDQQVE live stream from August 16, 2022] for more details.

This commit only affects classes in the `src` directory of WordPress core.
* Tests should not get this attribute, but should be fixed to not use dynamic properties instead. Patches for this are already being committed under ticket #56033.
* While a number bundled themes (2014, 2019, 2020, 2021) contain classes, they are not a part of this commit and may be updated separately.

Reference: [https://wiki.php.net/rfc/deprecate_dynamic_properties PHP RFC: Deprecate dynamic properties].

Follow-up to [53922].

Props jrf, hellofromTonya, markjaquith, peterwilsoncc, costdev, knutsp, aristath.
See #56513, #56034.
Built from https://develop.svn.wordpress.org/trunk@54133


git-svn-id: http://core.svn.wordpress.org/trunk@53692 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-09-12 15:47:14 +00:00
audrasjb
7c20a1d2d5 Docs: Various docblock fixes in Site Health related files, as per documentation standards.
This addresses some files modified in changeset [54113].

See #55646.

Built from https://develop.svn.wordpress.org/trunk@54114


git-svn-id: http://core.svn.wordpress.org/trunk@53673 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-09-09 08:47:08 +00:00
audrasjb
c7fe0f88d2 Coding Standards: Clarify time units for various timeout or expiration values.
This changeset implements a clearer and more consistent timeout/duration/expiration format. It updates time durations used in various files, as per WordPress coding standards:

- If the value can be represented as an integer (not a fractional) number of minutes (hours, etc.), use the appropriate constant (e.g.: `MINUTE_IN_SECONDS`) multiplied by that number.
- Otherwise, keep the value as is and add a comment with the units for clarity.

Follow-up to [11823], [13177], [21996], [37747], [53714].

Props hztyfoon, audrasjb, arrasel403, krupalpanchal, GaryJ, SergeyBiryukov, peterwilsoncc, rudlinkon, costdev, robinwpdeveloper.
Fixes #56293.
See #55647.

Built from https://develop.svn.wordpress.org/trunk@54113


git-svn-id: http://core.svn.wordpress.org/trunk@53672 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-09-09 08:16:18 +00:00
Sergey Biryukov
b43dcea01e Site Health: Bump the recommended MySQL and MariaDB versions.
* MySQL 5.6 has reached EOL (“End of Life”) in February 2021. The recommended minimum is bumped to 5.7 for now.
* MariaDB 10.2 has reached EOL in May 2022. The recommended minimum is bumped to 10.3 for now.

This commit brings the Site Health recommendations in line with `readme.html`.

Includes:
* Adding two unit tests to ensure the SQL server versions recommended by Site Health match `readme.html`.
* Consistently declaring the recommended and required versions as the `WP_Site_Health` class properties.
* Renaming some pre-existing private properties for clarity.

Follow-up to [44986], [52319], [52358], [52420], [52424], [53431], [53433], [53435], [meta11407], [meta11866].

See #55791, #meta5999, #meta6322.
Built from https://develop.svn.wordpress.org/trunk@54069


git-svn-id: http://core.svn.wordpress.org/trunk@53628 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-09-05 15:20:09 +00:00
Sergey Biryukov
e5fd46da70 Site Health: Use $wpdb->db_server_info() to retrieve database server type.
This updates an older fragment in `WP_Site_Health::prepare_sql_data()` to use a dedicated `$wpdb` method introduced later in WordPress 5.5 specifically for retrieving the database server information.

Follow-up to [44986], [47451].

Props hilayt24, mukesh27, Clorith, SergeyBiryukov.
Fixes #56484.
Built from https://develop.svn.wordpress.org/trunk@54065


git-svn-id: http://core.svn.wordpress.org/trunk@53624 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-09-04 14:40:14 +00:00
Felix Arntz
7f4f1ead61 Site Health: Ensure persistent object cache check short-circuit filter also short-circuits multisite.
Follow up to [54053].

See #56040.

Built from https://develop.svn.wordpress.org/trunk@54054


git-svn-id: http://core.svn.wordpress.org/trunk@53613 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-09-01 17:47:09 +00:00
Sergey Biryukov
acf94cb859 Site Health: Some documentation and test improvements for WP_Site_Health:
* Add a `@coversDefaultClass` annotation to address `@covers ::get_test_page_cache" is invalid` notices.
* Rename data providers to start with the `data_` prefix and match the test method names, for consistency.
* Move data providers next to the test methods they are used in.
* Move `::get_test_page_cache()` closer to `::get_test_persistent_object_cache()`, for a bit more predictable placement.
* Fix a typo in `::get_test_persistent_object_cache()` description.

Follow-up to [53955], [54043], [54044], [54045].

See #56041.
Built from https://develop.svn.wordpress.org/trunk@54047


git-svn-id: http://core.svn.wordpress.org/trunk@53606 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-09-01 15:28:16 +00:00
Sergey Biryukov
7a94e6c200 Site Health: Minor i18n cleanup in page cache and persistent object cache tests.
Includes:
* Moving leading and trailing spaces out of a translatable string.
* Using the established format for translator comments.
* Using a consistent typography for the apostrophe.

Follow-up to [53955], [54043].

See #56041.
Built from https://develop.svn.wordpress.org/trunk@54044


git-svn-id: http://core.svn.wordpress.org/trunk@53603 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-09-01 00:19:18 +00:00
Felix Arntz
fab7a3bb92 Site Health: Introduce page cache check.
This changeset adds a new `page_cache` check which determines whether the site uses a full page cache, and in addition assesses the server response time. If no page cache is present and the server response time is slow, the check will suggest use of a page cache.

A few filters are included for customization of the check:
* `site_status_good_response_time_threshold` filters the number of milliseconds below which the server response time is considered good. The default value is based on the `server-response-time` Lighthouse audit and can be altered using this filter.
* `site_status_page_cache_supported_cache_headers` filters the map of supported cache headers and their callback to determine whether it was a cache hit. The default list includes commonly used cache headers, and it is filterable to support e.g. additional cache headers used by specific vendors.

Note that due to the nature of this check it is only run in production environments.

Props furi3r, westonruter, spacedmonkey, swissspidy, Clorith.
Fixes #56041.

Built from https://develop.svn.wordpress.org/trunk@54043


git-svn-id: http://core.svn.wordpress.org/trunk@53602 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-08-31 22:46:11 +00:00
Felix Arntz
7322419ced Site Health: Update persistent object cache check documentation URL.
The anchor for the relevant documentation section had changed since the original code had been written.

Props furi3r.
See #56040.

Built from https://develop.svn.wordpress.org/trunk@54042


git-svn-id: http://core.svn.wordpress.org/trunk@53601 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-08-31 22:19:12 +00:00
Felix Arntz
09369981e1 Site Health: Introduce persistent object cache check.
This changeset adds a new `persistent_object_cache` check which determines whether the site uses a persistent object cache, and if not, recommends it if it is beneficial for the site. A support resource to learn more about object caching has been created and is linked in the check.

A few filters are included for customization of the check, aimed primarily at hosting providers to provide more specific information in regards to their environment:

* `site_status_persistent_object_cache_url` filters the URL to learn more about object caching, so that e.g. a hosting-specific object caching support resource could be linked.
* `site_status_persistent_object_cache_notes` filters the notes added to the check description, so that more fine tuned information on object caching based on the environment can be provided.
* `site_status_should_suggest_persistent_object_cache` is a short-circuit filter which allows using entirely custom logic to determine whether a persistent object cache would make sense for the site.
* `site_status_persistent_object_cache_thresholds` filters the thresholds in the default logic to determine whether a persistent object cache would make sense for the site, which is based on the amount of data in the database.

Note that due to the nature of this check it is only run in production environments.

Props furi3r, tillkruss, spacedmonkey, audrasjb, Clorith.
Fixes #56040.

Built from https://develop.svn.wordpress.org/trunk@53955


git-svn-id: http://core.svn.wordpress.org/trunk@53514 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-08-29 16:54:12 +00:00
Sergey Biryukov
de97f21367 Coding Standards: Remove extra space in two conditionals.
This fixes WPCS errors in `WP_Site_Health::get_test_plugin_version()` and `::get_test_theme_version()`:

* `Expected exactly one space between closing parenthesis and opening control structure; " " found.`
* `Expected 1 space(s) after closing parenthesis; found 2`

Follow-up to [53816].

See #56134.
Built from https://develop.svn.wordpress.org/trunk@53817


git-svn-id: http://core.svn.wordpress.org/trunk@53376 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-08-03 14:32:12 +00:00
Sergey Biryukov
1f39318123 Site Health: Improve the wording in plugin and theme version tests.
This displays a more appropriate message in case the site does not have any active plugins or installed themes.

Follow-up to [44986], [45099], [45336].

Props Presskopp, costdev, martin.krcho, Clorith, SergeyBiryukov.
Fixes #56134.
Built from https://develop.svn.wordpress.org/trunk@53816


git-svn-id: http://core.svn.wordpress.org/trunk@53375 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-08-03 13:09:09 +00:00
Sergey Biryukov
7997df84a8 Site Health: Remove unused variables in WP_Site_Health::get_test_plugin_version().
Follow-up to [44986].

Props david.binda, mukesh27.
Fixes #55683.
Built from https://develop.svn.wordpress.org/trunk@53355


git-svn-id: http://core.svn.wordpress.org/trunk@52944 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-05-05 16:29:08 +00:00
Sergey Biryukov
0c12438eed Code Modernization: Rename parameters that use reserved keywords in wp-admin/includes/class-wp-site-health.php.
While using reserved PHP keywords as parameter name labels is allowed, in the context of function calls using named parameters in PHP 8.0+, this will easily lead to confusion. To avoid that, it is recommended not to use reserved keywords as function parameter names.

This commit:
* Renames the `$class` parameter to `$class_name` in `WP_Site_Health::test_php_extension_availability()`.
* Renames some other parameters for consistency.

Follow-up to [52946], [52996], [52997], [52998], [53003], [53014], [53029], [53039], [53116].

Props jrf, aristath, poena, justinahinon, SergeyBiryukov.
See #55327.
Built from https://develop.svn.wordpress.org/trunk@53117


git-svn-id: http://core.svn.wordpress.org/trunk@52706 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-04-10 14:29:04 +00:00
audrasjb
223cda987f Administration: Replace contracted verb forms for better consistency.
This changeset replaces contracted verb forms like `doesn't`, `can't`, or `isn't` with non-contracted forms like `does not`, `cannot`, or `is not`, for better consistency across the WordPress administration. It also updates some corresponding unit tests strings.

Props Presskopp, socalchristina, aandrewdixon, francina, SergeyBiryukov, JeffPaul, audrasjb, hellofromTonya.
Fixes #38913.
See #39176.

Built from https://develop.svn.wordpress.org/trunk@52978


git-svn-id: http://core.svn.wordpress.org/trunk@52567 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-03-22 16:25:03 +00:00
audrasjb
e05557e222 Administration: Replace "Current theme" with "Active theme" in user facing strings.
This change replaces "Current theme" with "Active theme" in user-facing strings. It brings better consistency across the Administration.

Props Presskopp, audrasjb, costdev.
Fixes #54770.

Built from https://develop.svn.wordpress.org/trunk@52580


git-svn-id: http://core.svn.wordpress.org/trunk@52170 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-01-15 08:44:03 +00:00
Peter Wilson
88b1019dc3 Upgrade/install: Revert upgrader rollback features.
Revert the rollback features introduced for theme and plugin upgrades during the WordPress 5.9 cycle. A bug (suspected to be in third party virtualisation software) causes the upgrades to fail consistently on some set ups. The revert is to allow contributors further time to investigate mitigation options.

Reverts [52337], [52289], [52284], [51951], [52192], [51902], [51899], [51898], [51815].

Props pbiron, dlh, peterwilsoncc, galbaras, SergeyBiryukov, afragen, costdev, bronsonquick, aristath, noisysocks, desrosj, TobiasBg, hellofromTonya, francina, Boniu91.
See #54543, #54166, #51857.



Built from https://develop.svn.wordpress.org/trunk@52351


git-svn-id: http://core.svn.wordpress.org/trunk@51943 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-12-10 00:06:04 +00:00
johnjamesjacoby
6d451fb64b Admin/UI-Copy: reword some "we" usages.
This changes some admin-area, user-facing text, to better match the guidelines and recommendations set forth in the make/core handbook, specifically:

> the word “we” should be avoided (...) unless its made very clear which group is speaking

(There are several more usages of "we" that will receive this same scrutiny in future commits/releases.)

Props audrasjb, johnbillion, marybaum, peterwilsoncc, sergeybiryukov, shital-patel.

Fixes  #46057.
Built from https://develop.svn.wordpress.org/trunk@51979


git-svn-id: http://core.svn.wordpress.org/trunk@51568 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-02 17:37:57 +00:00
Sergey Biryukov
0e2f9ad5b6 Coding Standards: Correct alignment in WP_Site_Health::get_test_update_temp_backup_writable().
This fixes an `Equals sign not aligned with surrounding assignments; expected 1 space but found 6 spaces` WPCS warning.

Follow-up to [51815].

See #51857, #53359.
Built from https://develop.svn.wordpress.org/trunk@51951


git-svn-id: http://core.svn.wordpress.org/trunk@51540 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-29 16:52:57 +00:00
hellofromTonya
234877c9c3 Coding Standards: Add public visibility to methods in src directory.
This commit adds the `public` visibility keyword to each method which did not have an explicit visibility keyword.

Why `public`?

With no visibility previously declared, these methods are implicitly `public` and available for use. Changing them to anything else would be a backwards-compatibility break.

Props costdev, jrf.
See #54177.
Built from https://develop.svn.wordpress.org/trunk@51919


git-svn-id: http://core.svn.wordpress.org/trunk@51512 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-18 17:52:58 +00:00
Sergey Biryukov
0f2d2264b5 Site Health: Use an integer value as a fallback in the available disk space check.
This avoids a few type problems further in the code: boolean divided by a number, or passing `false` to `size_format()` which is documented to accept integers or strings only.

Follow-up to [51815].

Props TobiasBg.
See #51857.
Built from https://develop.svn.wordpress.org/trunk@51898


git-svn-id: http://core.svn.wordpress.org/trunk@51491 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-09 02:50:56 +00:00
Sergey Biryukov
dcca93232b Upgrade/Install: Create a temporary backup of plugins and themes before updating.
This aims to make the update process more reliable and ensures that if a plugin or theme update fails, the previous version can be safely restored.

* When updating a plugin or theme, the old version is moved to a temporary backup directory:
 * `wp-content/upgrade/temp-backup/plugins/[plugin-slug]` for plugins
 * `wp-content/upgrade/temp-backup/themes/[theme-slug]` for themes.

* If the update fails, then the temporary backup kept in the `upgrade/temp-backup` directory is restored to its original location.
* If the update succeeds, the temporary backup is deleted.

To further help troubleshoot plugin and theme updates, two new checks were added to the Site Health screen:
* A check to make sure that the `temp-backup` directory is writable.
* A check that there is enough disk space available to safely perform updates.

To avoid confusion: The `temp-backup` directory will NOT be used to "roll back" a plugin to a previous version after a completed update. This directory will simply contain a transient backup of the previous version of a plugin or theme being updated, and as soon as the update process finishes, the directory will be empty.

Props aristath, afragen, pbiron, dd32, poena, TimothyBlynJacobs, audrasjb, mikeschroder, a2hosting, hellofromTonya, KZeni, galbaras, richards1052, Boniu91, mai21, francina, SergeyBiryukov.
See #51857.
Built from https://develop.svn.wordpress.org/trunk@51815


git-svn-id: http://core.svn.wordpress.org/trunk@51422 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-09-15 18:41:00 +00:00
Sergey Biryukov
65ff35bb75 Site Health: Move the Imagick entry higher in the list of recommended PHP extensions.
This better matches its position in the [https://make.wordpress.org/hosting/handbook/server-environment/#php-extensions Hosting Team's handbook] recommendations.

Follow-up to [44986], [46268], [51804].

See #52654.
Built from https://develop.svn.wordpress.org/trunk@51805


git-svn-id: http://core.svn.wordpress.org/trunk@51412 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-09-12 10:09:57 +00:00
Sergey Biryukov
e76b896881 Site Health: Add Intl to the list of recommended PHP extensions.
**Why is the PHP Intl extension important?**

WordPress is a global, international software, with support for a multitude of languages and with infinite combinations. Approximately half of the installations are in a language that is not the default (English), and this leads us to think about localization, transliteration, encoding conversions, calendar operations, collation… in short, everything you have with the different languages and formats that are around the planet. And this is what the [https://www.php.net/manual/en/intro.intl.php PHP Intl extension] provides.

**What do we as the WordPress Community gain from this extension?**

This extension provides a lot of functions for better internationalization support, including but not limited to:
* [https://www.php.net/manual/en/collator.compare.php collator_compare()] to compare Unicode text strings
* [https://www.php.net/manual/en/numberformatter.format.php numfmt_format()] to format a number according to the selected locale
* the [https://www.php.net/manual/en/normalizer.normalize.php normalization] of characters
* the [https://www.php.net/manual/en/messageformatter.formatmessage.php formatting] of messages
* getting the [https://www.php.net/manual/en/intlcalendar.getfirstdayofweek.php first day of the week] according to the locale.


In addition to functionality and ease of development, the extension can also help improve security, with classes like `Spoofchecker` that can tell you [https://www.php.net/manual/en/spoofchecker.areconfusable.php if ‘google.com’, ‘goog1e.com’ can confuse the user], or functions related to Internet domains, both to convert an [https://www.php.net/manual/en/function.idn-to-ascii.php IDN domain to text] and [https://www.php.net/manual/en/function.idn-to-utf8.php text to IDN].

**Hosting Team Recommendation**

Taking into account that WordPress continues to grow, the Hosting Team has considered a good recommendation, but not an obligation, for all hosts that work with WordPress to offer this extension, by default, to all users.

Reference: [https://make.wordpress.org/hosting/2021/05/20/why-hosters-should-install-the-php-intl-extension/ Why hosters should install the PHP-intl extension].

Follow-up to [44986], [46268].

Props zodiac1978, JavierCasares, jrf, Clorith, josklever.
Fixes #52654.
Built from https://develop.svn.wordpress.org/trunk@51804


git-svn-id: http://core.svn.wordpress.org/trunk@51411 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-09-11 18:20:59 +00:00
John Blackbourn
8935467410 Site Health: Standardise site health check status message punctuation.
Fixes #53594

Built from https://develop.svn.wordpress.org/trunk@51519


git-svn-id: http://core.svn.wordpress.org/trunk@51130 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-07-30 19:38:57 +00:00
John Blackbourn
00a0c0f3d5 Docs: Fix the documentation for the $tests parameter of the site_status_tests filter.
Tests are contained within `direct` and `async` properties of this array, not directly in the array itself. This also clarifies the properties that differ between direct and async tests.

See #53399, #46573

Built from https://develop.svn.wordpress.org/trunk@51297


git-svn-id: http://core.svn.wordpress.org/trunk@50906 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-07-01 20:37:57 +00:00
Sergey Biryukov
f637014b61 Site Health: Remove unnecessary function_exists() checks from WP_Site_Health::get_tests().
By the time the tests run, both `wp_is_site_protected_by_basic_auth()` and `rest_url()` functions are available, so there is no need to check for their existence.

Follow-up to [44986], [51057].

Props Clorith, costdev, SergeyBiryukov.
Fixes #52642.
Built from https://develop.svn.wordpress.org/trunk@51066


git-svn-id: http://core.svn.wordpress.org/trunk@50675 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-06-03 11:14:56 +00:00
Clorith
918610fb88 Site Health: Conditionally run Authorization header test.
The test to confirm if Authorization headers can be used and recognized by WordPress needs to include a username and password combination that WordPress can compare against during the testing phase. The inclusion of credentials here would unfortunately also invalidate any existing basic auth session for the site, for example if the user had added this as an extra layer of security on their back-end.

This test is now skipped if the `wp_is_site_protected_by_basic_auth()` function detects that basic auth is being used, since the act of using basic auth to access the site confirms that this feature is working as expected in the first place.

Props WebDragon, TimothyBlynJacobs, costdev.
Fixes #52642.
Built from https://develop.svn.wordpress.org/trunk@51057


git-svn-id: http://core.svn.wordpress.org/trunk@50666 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-06-02 00:51:57 +00:00
Clorith
c47c99900c Site Health: Skip REST tests during scheduled events.
This change fixes a false positive that would appear during scheduled events, by only running the REST test when a user visits the Site Health page, meaning an active session is available.

The test checking if the REST API is available, includes a parameter for `context=edit` to make sure the block editor can function properly. This means a user session with editor capabilities is required for the test to pass, which is not the case during a scheduled event.

Props szaqal21, TimothyBlynJacobs, hermpheus.
Fixes #52112.
Built from https://develop.svn.wordpress.org/trunk@50939


git-svn-id: http://core.svn.wordpress.org/trunk@50548 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-05-20 11:09:56 +00:00
Sergey Biryukov
63ea8284a3 Docs: Miscellaneous DocBlock corrections.
See #52628.
Built from https://develop.svn.wordpress.org/trunk@50916


git-svn-id: http://core.svn.wordpress.org/trunk@50525 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-05-15 17:38:05 +00:00
Clorith
eea98a5426 Site Health: Support custom sub-menus and pages.
Allow developers to extend the Site Health screen with their own custom navigation tabs and pages.

This implements a new filter, `site_health_navigation_tabs`, which takes an associated array of tab identifiers/slugs, and tab labels, allowing developers to add their own subpage to the Site Health interface as new tabs.

To output a custom page, or add to an existing page, the `site_health_tab_content` action is triggered whenever the `tab` query argument is present and not empty. This action includes the current tab as its argument, which a developer would match against to only output content when relevant.

Props ramiy for initial patch.
Fixes #47225.
Built from https://develop.svn.wordpress.org/trunk@50764


git-svn-id: http://core.svn.wordpress.org/trunk@50373 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-04-17 01:14:01 +00:00
Sergey Biryukov
0cd72ec474 Site Health: Correct test result status for the HTTPS test.
The supported status values for Site Health tests are `good`, `recommended`, and `critical`.

Follow-up to [50660].

Props TimothyBlynJacobs.
Fixes #52783.
Built from https://develop.svn.wordpress.org/trunk@50710


git-svn-id: http://core.svn.wordpress.org/trunk@50319 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-04-14 13:02:08 +00:00
Peter Wilson
7442fe63a0 Site Health: Reduce false reports of HTTPS failures.
Reduce severity of failing HTTPS tests from critical to warning. Stop reporting failures if the site is being accessed over HTTPS but `wp_is_https_supported()` indicates a lack of support.

Props annalamprou, AnotherDave, ayeshrajans, bobbingwide, Clorith, dragongate, eatsleepcode, gab81, geoffrey1963, Ipstenu, k3nsai, mmuyskens, nicegamer7, peterwilsoncc, pwallner, SergeyBiryukov, TimothyBlynJacobs, Toru.
Fixes #52783.

Built from https://develop.svn.wordpress.org/trunk@50659


git-svn-id: http://core.svn.wordpress.org/trunk@50271 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-04-06 03:24:08 +00:00
Peter Wilson
0b9c7b7cdf Site Health: Update loopback test to POST to wp-cron.
Replace loopback health check URL with a `POST` request to `wp-cron.php` in the WordPress install directory. This more closely represents how WordPress uses loopback requests.

A `POST` request is used to cause `wp-cron.php` to exit prior to running any cron jobs. This allows the test to indicate success quicker and accounts for sites that set the `DISABLE_WP_CRON` constant to avoid running cron jobs on loopback requests.

Props clorith, peterwilsoncc, TimothyBlynJacobs.
Fixes #52547.


Built from https://develop.svn.wordpress.org/trunk@50399


git-svn-id: http://core.svn.wordpress.org/trunk@50010 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-22 00:51:09 +00:00
Peter Wilson
c6af819b3a Site Health: Use home page for loopback test.
Use `home_url()` for asynchronous loopback test to ensure correct results on sites with WordPress installed elsewhere, for example WordPress in a sub-directory.

Props Levdbas.
Fixes #52547.


Built from https://develop.svn.wordpress.org/trunk@50381


git-svn-id: http://core.svn.wordpress.org/trunk@49992 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-17 23:10:04 +00:00
Sergey Biryukov
ea2ff553e9 Site Health: Clarify the recommendation in file uploads test when post_max_size is defined as 0.
This adds a more descriptive text in scenarios where `post_max_size` and `upload_max_filesize` differ, and `post_max_size` is set to a value of `0`.

In some scenarios, PHP may read `0` as a literal zero size, and not as unlimited, which it also means in other scenarios.

See https://www.php.net/manual/en/ini.core.php#ini.post-max-size for details, as PHP 5.3.4 introduced this behavior for literal zero interpretation when the content type of a request is `application/x-www-form-urlencoded` or is not registered with PHP.

Props Clorith, pixolin, helen, ratneshk.
Fixes #51466.
Built from https://develop.svn.wordpress.org/trunk@50263


git-svn-id: http://core.svn.wordpress.org/trunk@49908 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-09 12:05:07 +00:00
Felix Arntz
dbfbf5501a Security, Site Health: Make migrating a site to HTTPS a one-click interaction.
Switching a WordPress site from HTTP to HTTPS has historically been a tedious task. While on the surface the Site Address and WordPress Address have to be updated, existing content still remains using HTTP URLs where hard-coded in the database. Furthermore, updating _two_ URLs to migrate to HTTPS is still a fairly unintuitive step which is not clearly explained.

This changeset simplifies migration from HTTP to HTTPS and, where possible, makes it a one-click interaction.

* Automatically replace insecure versions of the Site Address (`home_url()`) with its HTTPS counterpart on the fly if the site has been migrated from HTTP to HTTPS. This is accomplished by introducing a `https_migration_required` option and enabling it when the `home_url()` is accordingly changed.
    * A new `wp_replace_insecure_home_url()` function is hooked into various pieces of content to replace URLs accordingly.
    * The migration only kicks in when the Site Address (`home_url()`) and WordPress Address (`site_url()`) match, which is the widely common case. Configurations where these differ are often maintained by more advanced users, where this migration routine would be less essential - something to potentially iterate on in the future though.
    * The migration does not actually update content in the database. More savvy users that prefer to do that can prevent the migration logic from running by either deleting the `https_migration_required` option or using the new `wp_should_replace_insecure_home_url` filter.
    * For fresh sites that do not have any content yet at the point of changing the URLs to HTTPS, the migration will also be skipped since it would not be relevant.
* Expose a primary action in the Site Health recommendation, if HTTPS is already supported by the environment, built on top of the HTTPS detection mechanism from [49904]. When clicked, the default behavior is to update `home_url()` and `site_url()` in one go to their HTTPS counterpart.
    * A new `wp_update_urls_to_https()` function takes care of the update routine.
    * A new `update_https` meta capability is introduced to control access.
    * If the site's URLs are controlled by constants, this update is not automatically possible, so in these scenarios the user is informed about that in the HTTPS status check in Site Health.
* Allow hosting providers to modify the URLs linked to in the HTTPS status check in Site Health, similar to how that is possible for the URLs around updating the PHP version.
    * A `WP_UPDATE_HTTPS_URL` environment variable or `wp_update_https_url` filter can be used to provide a custom URL with guidance about updating the site to use HTTPS.
    * A `WP_DIRECT_UPDATE_HTTPS_URL` environment variable or `wp_direct_update_https_url` filter can be used to provide a custom URL for the primary CTA to update the site to use HTTPS.

Props flixos90, timothyblynjacobs.
Fixes #51437.

Built from https://develop.svn.wordpress.org/trunk@50131


git-svn-id: http://core.svn.wordpress.org/trunk@49810 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 00:10:01 +00:00
Felix Arntz
9d348e26f3 Security, Site Health: Improve accuracy in messaging about HTTPS support.
Following up on [49904], this changeset focuses mainly on improving the guidance about the current state of HTTPS in Site Health.

* Correct the existing copy to indicate that both the Site Address and the WordPress Address need to be changed to fully switch to HTTPS.
* Link to the respective input fields via anchor links rather than to the overall General Settings screen.
* Show different copy if the site is using HTTPS for the WordPress Address (for example to have only the administration panel in HTTPS), but not for the Site Address.
* Inform the user about potential problems even when the site is already using HTTPS, for example if the SSL certificate was no longer valid.
* Always rely on fresh information for determining HTTPS support issues in Site Health, and therefore change the `https_status` test to become asynchronous.
* Rename the new private `wp_is_owned_html_output()` function to a more appropriate `wp_is_local_html_output()`.

Props adamsilverstein, flixos90, johnjamesjacoby, timothyblynjacobs.
See #47577.

Built from https://develop.svn.wordpress.org/trunk@50072


git-svn-id: http://core.svn.wordpress.org/trunk@49773 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-29 19:10:58 +00:00
whyisjake
d3d95965dd Site Health: Update php update strings to not overpromise performance.
Fixes #52327.

Props chanthaboune, SergeyBiryukov, audrasjb, Clorith, whyisjake.


Built from https://develop.svn.wordpress.org/trunk@50041


git-svn-id: http://core.svn.wordpress.org/trunk@49742 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-28 00:17:58 +00:00
TimothyBlynJacobs
33cb202f07 Site Health: Use a front-end URL for loopback tests.
In [49154] the async Site Health tests were changed to use the REST API instead of admin-ajax. An unintended side effect of this change was that the loopback tests which tried to ping the site's `admin_url()` were no longer authenticated because admin-cookies aren't provided to the REST API.

This commit adjusts the loopback test to use the front-end `site_url` which checks that cron will function properly. A follow-up ticket will focus on tests that will cover the file editor checks.

Props Clorith.
Fixes #52097.
See #48105.

Built from https://develop.svn.wordpress.org/trunk@49917


git-svn-id: http://core.svn.wordpress.org/trunk@49616 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-02 20:09:08 +00:00
Felix Arntz
c81db1f6e6 Security, Site Health: Detect HTTPS support and encourage switching.
This changeset modifies the Site Health panel for HTTPS to provide more accurate recommendations based on whether the environment is already set up for HTTPS.

* Introduces `wp_is_using_https()` to check whether the site is configured to use HTTPS (via its Site Address and WordPress Address).
* Introduces `wp_is_https_supported()` to check whether the environment supports HTTPS. This relies on a cron job which periodically checks support using a loopback request.

Props Clorith, flixos90, miinasikk, westonruter.
Fixes #47577.

Built from https://develop.svn.wordpress.org/trunk@49904


git-svn-id: http://core.svn.wordpress.org/trunk@49603 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-12-23 19:13:04 +00:00
Sergey Biryukov
05125ed8bf Site Health: Add missing i18n for the App Passwords documentation link.
Follow-up to [49334].

Props tai.
Fixes #51815.
Built from https://develop.svn.wordpress.org/trunk@49650


git-svn-id: http://core.svn.wordpress.org/trunk@49387 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-11-18 15:04:05 +00:00
TimothyBlynJacobs
2df94804d4 Site Health, App Passwords: Test if the Authorization header is populated correctly.
App Passwords rely on the Authorization header to transport the Basic Auth credentials. For Apache web servers, WordPress automatically includes a RewriteRule to populate the value for servers running in CGI or FastCGI that wouldn't ordinarily populate the value. 

This tests if the header is being filled with the expected values. For Apache users, we direct the user to visit the Permalinks settings to flush their permalinks. For all other users, we direct them to a help document on developer.wordpress.org.

Props Clorith, marybaum, TimothyBlynJacobs.
Fixes #51638.

Built from https://develop.svn.wordpress.org/trunk@49334


git-svn-id: http://core.svn.wordpress.org/trunk@49095 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-27 18:32:07 +00:00
Sergey Biryukov
ecf8e59918 Docs: Add a @since note about async_direct_test key to the site_status_tests filter.
Follow-up to [49232].

See #51547.
Built from https://develop.svn.wordpress.org/trunk@49266


git-svn-id: http://core.svn.wordpress.org/trunk@49028 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-21 14:55:09 +00:00
Sergey Biryukov
e38c5ca7d4 Upgrade/Install: Introduce a wrapper for the auto_update_{$type} filter checks.
This allows for cleaner checks whether auto-updates are forced for a plugin or theme.

Follow-up to [48750].

Props rebasaurus, garrett-eclipse, SergeyBiryukov.
Fixes #50875.
Built from https://develop.svn.wordpress.org/trunk@49241


git-svn-id: http://core.svn.wordpress.org/trunk@49003 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-20 17:39:07 +00:00
Sergey Biryukov
35681b0e9a Site Health: Introduce the WP_Site_Health::is_development_environment() method.
This allows Site Health tests to check if the current environment type is set to `development` or `local`.

Use the new method:
* In HTTPS tests, instead of a hardcoded check for `localhost`.
* In `WP_DEBUG` and `WP_DEBUG_DISPLAY` tests, to set the status to `recommended` instead of `critical`.

Props dkotter, Clorith, DavidAnderson, joyously, knutsp, afragen, SergeyBiryukov.
Fixes #47058.
Built from https://develop.svn.wordpress.org/trunk@49237


git-svn-id: http://core.svn.wordpress.org/trunk@48999 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-20 16:23:07 +00:00