mirror of
https://github.com/WordPress/WordPress.git
synced 2024-11-07 19:31:54 +01:00
e3360c89e2
The XML manifest was originally added in WordPress 2.3.1 to turn on tagging support in Windows Live Writer. Given that the last major release of the software came out in 2012, and it was completely discontinued in January 2017, including this file in core no longer provides any benefit. Follow-up to [6192], [49904]. Props joostdevalk, ayeshrajans, flixos90, jhabdas, frank-klein, wtranch, SergeyBiryukov. Fixes #41404. Built from https://develop.svn.wordpress.org/trunk@55620 git-svn-id: http://core.svn.wordpress.org/trunk@55132 1a063a9b-81f0-0310-95a4-ce76da25c4cd
221 lines
6.4 KiB
PHP
221 lines
6.4 KiB
PHP
<?php
|
|
/**
|
|
* HTTPS detection functions.
|
|
*
|
|
* @package WordPress
|
|
* @since 5.7.0
|
|
*/
|
|
|
|
/**
|
|
* Checks whether the website is using HTTPS.
|
|
*
|
|
* This is based on whether both the home and site URL are using HTTPS.
|
|
*
|
|
* @since 5.7.0
|
|
* @see wp_is_home_url_using_https()
|
|
* @see wp_is_site_url_using_https()
|
|
*
|
|
* @return bool True if using HTTPS, false otherwise.
|
|
*/
|
|
function wp_is_using_https() {
|
|
if ( ! wp_is_home_url_using_https() ) {
|
|
return false;
|
|
}
|
|
|
|
return wp_is_site_url_using_https();
|
|
}
|
|
|
|
/**
|
|
* Checks whether the current site URL is using HTTPS.
|
|
*
|
|
* @since 5.7.0
|
|
* @see home_url()
|
|
*
|
|
* @return bool True if using HTTPS, false otherwise.
|
|
*/
|
|
function wp_is_home_url_using_https() {
|
|
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
|
|
}
|
|
|
|
/**
|
|
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
|
|
*
|
|
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
|
|
* are accessible.
|
|
*
|
|
* @since 5.7.0
|
|
* @see site_url()
|
|
*
|
|
* @return bool True if using HTTPS, false otherwise.
|
|
*/
|
|
function wp_is_site_url_using_https() {
|
|
// Use direct option access for 'siteurl' and manually run the 'site_url'
|
|
// filter because `site_url()` will adjust the scheme based on what the
|
|
// current request is using.
|
|
/** This filter is documented in wp-includes/link-template.php */
|
|
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
|
|
|
|
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
|
|
}
|
|
|
|
/**
|
|
* Checks whether HTTPS is supported for the server and domain.
|
|
*
|
|
* @since 5.7.0
|
|
*
|
|
* @return bool True if HTTPS is supported, false otherwise.
|
|
*/
|
|
function wp_is_https_supported() {
|
|
$https_detection_errors = get_option( 'https_detection_errors' );
|
|
|
|
// If option has never been set by the Cron hook before, run it on-the-fly as fallback.
|
|
if ( false === $https_detection_errors ) {
|
|
wp_update_https_detection_errors();
|
|
|
|
$https_detection_errors = get_option( 'https_detection_errors' );
|
|
}
|
|
|
|
// If there are no detection errors, HTTPS is supported.
|
|
return empty( $https_detection_errors );
|
|
}
|
|
|
|
/**
|
|
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
|
|
*
|
|
* This internal function is called by a regular Cron hook to ensure HTTPS support is detected and maintained.
|
|
*
|
|
* @since 5.7.0
|
|
* @access private
|
|
*/
|
|
function wp_update_https_detection_errors() {
|
|
/**
|
|
* Short-circuits the process of detecting errors related to HTTPS support.
|
|
*
|
|
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
|
|
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
|
|
*
|
|
* @since 5.7.0
|
|
*
|
|
* @param null|WP_Error $pre Error object to short-circuit detection,
|
|
* or null to continue with the default behavior.
|
|
*/
|
|
$support_errors = apply_filters( 'pre_wp_update_https_detection_errors', null );
|
|
if ( is_wp_error( $support_errors ) ) {
|
|
update_option( 'https_detection_errors', $support_errors->errors );
|
|
return;
|
|
}
|
|
|
|
$support_errors = new WP_Error();
|
|
|
|
$response = wp_remote_request(
|
|
home_url( '/', 'https' ),
|
|
array(
|
|
'headers' => array(
|
|
'Cache-Control' => 'no-cache',
|
|
),
|
|
'sslverify' => true,
|
|
)
|
|
);
|
|
|
|
if ( is_wp_error( $response ) ) {
|
|
$unverified_response = wp_remote_request(
|
|
home_url( '/', 'https' ),
|
|
array(
|
|
'headers' => array(
|
|
'Cache-Control' => 'no-cache',
|
|
),
|
|
'sslverify' => false,
|
|
)
|
|
);
|
|
|
|
if ( is_wp_error( $unverified_response ) ) {
|
|
$support_errors->add(
|
|
'https_request_failed',
|
|
__( 'HTTPS request failed.' )
|
|
);
|
|
} else {
|
|
$support_errors->add(
|
|
'ssl_verification_failed',
|
|
__( 'SSL verification failed.' )
|
|
);
|
|
}
|
|
|
|
$response = $unverified_response;
|
|
}
|
|
|
|
if ( ! is_wp_error( $response ) ) {
|
|
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
|
|
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
|
|
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
|
|
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
|
|
}
|
|
}
|
|
|
|
update_option( 'https_detection_errors', $support_errors->errors );
|
|
}
|
|
|
|
/**
|
|
* Schedules the Cron hook for detecting HTTPS support.
|
|
*
|
|
* @since 5.7.0
|
|
* @access private
|
|
*/
|
|
function wp_schedule_https_detection() {
|
|
if ( wp_installing() ) {
|
|
return;
|
|
}
|
|
|
|
if ( ! wp_next_scheduled( 'wp_https_detection' ) ) {
|
|
wp_schedule_event( time(), 'twicedaily', 'wp_https_detection' );
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Disables SSL verification if the 'cron_request' arguments include an HTTPS URL.
|
|
*
|
|
* This prevents an issue if HTTPS breaks, where there would be a failed attempt to verify HTTPS.
|
|
*
|
|
* @since 5.7.0
|
|
* @access private
|
|
*
|
|
* @param array $request The cron request arguments.
|
|
* @return array The filtered cron request arguments.
|
|
*/
|
|
function wp_cron_conditionally_prevent_sslverify( $request ) {
|
|
if ( 'https' === wp_parse_url( $request['url'], PHP_URL_SCHEME ) ) {
|
|
$request['args']['sslverify'] = false;
|
|
}
|
|
return $request;
|
|
}
|
|
|
|
/**
|
|
* Checks whether a given HTML string is likely an output from this WordPress site.
|
|
*
|
|
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
|
|
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
|
|
* that it was not possible to determine ownership.
|
|
*
|
|
* @since 5.7.0
|
|
* @access private
|
|
*
|
|
* @param string $html Full HTML output string, e.g. from a HTTP response.
|
|
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
|
|
*/
|
|
function wp_is_local_html_output( $html ) {
|
|
// 1. Check if HTML includes the site's Really Simple Discovery link.
|
|
if ( has_action( 'wp_head', 'rsd_link' ) ) {
|
|
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
|
|
return false !== strpos( $html, $pattern );
|
|
}
|
|
|
|
// 2. Check if HTML includes the site's REST API link.
|
|
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
|
|
// Try both HTTPS and HTTP since the URL depends on context.
|
|
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
|
|
return false !== strpos( $html, $pattern );
|
|
}
|
|
|
|
// Otherwise the result cannot be determined.
|
|
return null;
|
|
}
|