Edit File by line
/home/barbar84/public_h.../wp-inclu...
File: https-detection.php
<?php
[0] Fix | Delete
/**
[1] Fix | Delete
* HTTPS detection functions.
[2] Fix | Delete
*
[3] Fix | Delete
* @package WordPress
[4] Fix | Delete
* @since 5.7.0
[5] Fix | Delete
*/
[6] Fix | Delete
[7] Fix | Delete
/**
[8] Fix | Delete
* Checks whether the website is using HTTPS.
[9] Fix | Delete
*
[10] Fix | Delete
* This is based on whether both the home and site URL are using HTTPS.
[11] Fix | Delete
*
[12] Fix | Delete
* @since 5.7.0
[13] Fix | Delete
* @see wp_is_home_url_using_https()
[14] Fix | Delete
* @see wp_is_site_url_using_https()
[15] Fix | Delete
*
[16] Fix | Delete
* @return bool True if using HTTPS, false otherwise.
[17] Fix | Delete
*/
[18] Fix | Delete
function wp_is_using_https() {
[19] Fix | Delete
if ( ! wp_is_home_url_using_https() ) {
[20] Fix | Delete
return false;
[21] Fix | Delete
}
[22] Fix | Delete
[23] Fix | Delete
return wp_is_site_url_using_https();
[24] Fix | Delete
}
[25] Fix | Delete
[26] Fix | Delete
/**
[27] Fix | Delete
* Checks whether the current site URL is using HTTPS.
[28] Fix | Delete
*
[29] Fix | Delete
* @since 5.7.0
[30] Fix | Delete
* @see home_url()
[31] Fix | Delete
*
[32] Fix | Delete
* @return bool True if using HTTPS, false otherwise.
[33] Fix | Delete
*/
[34] Fix | Delete
function wp_is_home_url_using_https() {
[35] Fix | Delete
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
[36] Fix | Delete
}
[37] Fix | Delete
[38] Fix | Delete
/**
[39] Fix | Delete
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
[40] Fix | Delete
*
[41] Fix | Delete
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) are
[42] Fix | Delete
* accessible.
[43] Fix | Delete
*
[44] Fix | Delete
* @since 5.7.0
[45] Fix | Delete
* @see site_url()
[46] Fix | Delete
*
[47] Fix | Delete
* @return bool True if using HTTPS, false otherwise.
[48] Fix | Delete
*/
[49] Fix | Delete
function wp_is_site_url_using_https() {
[50] Fix | Delete
// Use direct option access for 'siteurl' and manually run the 'site_url'
[51] Fix | Delete
// filter because `site_url()` will adjust the scheme based on what the
[52] Fix | Delete
// current request is using.
[53] Fix | Delete
/** This filter is documented in wp-includes/link-template.php */
[54] Fix | Delete
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
[55] Fix | Delete
[56] Fix | Delete
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
[57] Fix | Delete
}
[58] Fix | Delete
[59] Fix | Delete
/**
[60] Fix | Delete
* Checks whether HTTPS is supported for the server and domain.
[61] Fix | Delete
*
[62] Fix | Delete
* @since 5.7.0
[63] Fix | Delete
*
[64] Fix | Delete
* @return bool True if HTTPS is supported, false otherwise.
[65] Fix | Delete
*/
[66] Fix | Delete
function wp_is_https_supported() {
[67] Fix | Delete
$https_detection_errors = get_option( 'https_detection_errors' );
[68] Fix | Delete
[69] Fix | Delete
// If option has never been set by the Cron hook before, run it on-the-fly as fallback.
[70] Fix | Delete
if ( false === $https_detection_errors ) {
[71] Fix | Delete
wp_update_https_detection_errors();
[72] Fix | Delete
[73] Fix | Delete
$https_detection_errors = get_option( 'https_detection_errors' );
[74] Fix | Delete
}
[75] Fix | Delete
[76] Fix | Delete
// If there are no detection errors, HTTPS is supported.
[77] Fix | Delete
return empty( $https_detection_errors );
[78] Fix | Delete
}
[79] Fix | Delete
[80] Fix | Delete
/**
[81] Fix | Delete
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
[82] Fix | Delete
*
[83] Fix | Delete
* This internal function is called by a regular Cron hook to ensure HTTPS support is detected and maintained.
[84] Fix | Delete
*
[85] Fix | Delete
* @since 5.7.0
[86] Fix | Delete
* @access private
[87] Fix | Delete
*/
[88] Fix | Delete
function wp_update_https_detection_errors() {
[89] Fix | Delete
/**
[90] Fix | Delete
* Short-circuits the process of detecting errors related to HTTPS support.
[91] Fix | Delete
*
[92] Fix | Delete
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
[93] Fix | Delete
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
[94] Fix | Delete
*
[95] Fix | Delete
* @since 5.7.0
[96] Fix | Delete
*
[97] Fix | Delete
* @param null|WP_Error $pre Error object to short-circuit detection,
[98] Fix | Delete
* or null to continue with the default behavior.
[99] Fix | Delete
*/
[100] Fix | Delete
$support_errors = apply_filters( 'pre_wp_update_https_detection_errors', null );
[101] Fix | Delete
if ( is_wp_error( $support_errors ) ) {
[102] Fix | Delete
update_option( 'https_detection_errors', $support_errors->errors );
[103] Fix | Delete
return;
[104] Fix | Delete
}
[105] Fix | Delete
[106] Fix | Delete
$support_errors = new WP_Error();
[107] Fix | Delete
[108] Fix | Delete
$response = wp_remote_request(
[109] Fix | Delete
home_url( '/', 'https' ),
[110] Fix | Delete
array(
[111] Fix | Delete
'headers' => array(
[112] Fix | Delete
'Cache-Control' => 'no-cache',
[113] Fix | Delete
),
[114] Fix | Delete
'sslverify' => true,
[115] Fix | Delete
)
[116] Fix | Delete
);
[117] Fix | Delete
[118] Fix | Delete
if ( is_wp_error( $response ) ) {
[119] Fix | Delete
$unverified_response = wp_remote_request(
[120] Fix | Delete
home_url( '/', 'https' ),
[121] Fix | Delete
array(
[122] Fix | Delete
'headers' => array(
[123] Fix | Delete
'Cache-Control' => 'no-cache',
[124] Fix | Delete
),
[125] Fix | Delete
'sslverify' => false,
[126] Fix | Delete
)
[127] Fix | Delete
);
[128] Fix | Delete
[129] Fix | Delete
if ( is_wp_error( $unverified_response ) ) {
[130] Fix | Delete
$support_errors->add(
[131] Fix | Delete
'https_request_failed',
[132] Fix | Delete
__( 'HTTPS request failed.' )
[133] Fix | Delete
);
[134] Fix | Delete
} else {
[135] Fix | Delete
$support_errors->add(
[136] Fix | Delete
'ssl_verification_failed',
[137] Fix | Delete
__( 'SSL verification failed.' )
[138] Fix | Delete
);
[139] Fix | Delete
}
[140] Fix | Delete
[141] Fix | Delete
$response = $unverified_response;
[142] Fix | Delete
}
[143] Fix | Delete
[144] Fix | Delete
if ( ! is_wp_error( $response ) ) {
[145] Fix | Delete
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
[146] Fix | Delete
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
[147] Fix | Delete
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
[148] Fix | Delete
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
[149] Fix | Delete
}
[150] Fix | Delete
}
[151] Fix | Delete
[152] Fix | Delete
update_option( 'https_detection_errors', $support_errors->errors );
[153] Fix | Delete
}
[154] Fix | Delete
[155] Fix | Delete
/**
[156] Fix | Delete
* Schedules the Cron hook for detecting HTTPS support.
[157] Fix | Delete
*
[158] Fix | Delete
* @since 5.7.0
[159] Fix | Delete
* @access private
[160] Fix | Delete
*/
[161] Fix | Delete
function wp_schedule_https_detection() {
[162] Fix | Delete
if ( wp_installing() ) {
[163] Fix | Delete
return;
[164] Fix | Delete
}
[165] Fix | Delete
[166] Fix | Delete
if ( ! wp_next_scheduled( 'wp_https_detection' ) ) {
[167] Fix | Delete
wp_schedule_event( time(), 'twicedaily', 'wp_https_detection' );
[168] Fix | Delete
}
[169] Fix | Delete
}
[170] Fix | Delete
[171] Fix | Delete
/**
[172] Fix | Delete
* Disables SSL verification if the 'cron_request' arguments include an HTTPS URL.
[173] Fix | Delete
*
[174] Fix | Delete
* This prevents an issue if HTTPS breaks, where there would be a failed attempt to verify HTTPS.
[175] Fix | Delete
*
[176] Fix | Delete
* @since 5.7.0
[177] Fix | Delete
* @access private
[178] Fix | Delete
*
[179] Fix | Delete
* @param array $request The Cron request arguments.
[180] Fix | Delete
* @return array $request The filtered Cron request arguments.
[181] Fix | Delete
*/
[182] Fix | Delete
function wp_cron_conditionally_prevent_sslverify( $request ) {
[183] Fix | Delete
if ( 'https' === wp_parse_url( $request['url'], PHP_URL_SCHEME ) ) {
[184] Fix | Delete
$request['args']['sslverify'] = false;
[185] Fix | Delete
}
[186] Fix | Delete
return $request;
[187] Fix | Delete
}
[188] Fix | Delete
[189] Fix | Delete
/**
[190] Fix | Delete
* Checks whether a given HTML string is likely an output from this WordPress site.
[191] Fix | Delete
*
[192] Fix | Delete
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
[193] Fix | Delete
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
[194] Fix | Delete
* that it was not possible to determine ownership.
[195] Fix | Delete
*
[196] Fix | Delete
* @since 5.7.0
[197] Fix | Delete
* @access private
[198] Fix | Delete
*
[199] Fix | Delete
* @param string $html Full HTML output string, e.g. from a HTTP response.
[200] Fix | Delete
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
[201] Fix | Delete
*/
[202] Fix | Delete
function wp_is_local_html_output( $html ) {
[203] Fix | Delete
// 1. Check if HTML includes the site's Really Simple Discovery link.
[204] Fix | Delete
if ( has_action( 'wp_head', 'rsd_link' ) ) {
[205] Fix | Delete
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
[206] Fix | Delete
return false !== strpos( $html, $pattern );
[207] Fix | Delete
}
[208] Fix | Delete
[209] Fix | Delete
// 2. Check if HTML includes the site's Windows Live Writer manifest link.
[210] Fix | Delete
if ( has_action( 'wp_head', 'wlwmanifest_link' ) ) {
[211] Fix | Delete
// Try both HTTPS and HTTP since the URL depends on context.
[212] Fix | Delete
$pattern = preg_replace( '#^https?:(?=//)#', '', includes_url( 'wlwmanifest.xml' ) ); // See wlwmanifest_link().
[213] Fix | Delete
return false !== strpos( $html, $pattern );
[214] Fix | Delete
}
[215] Fix | Delete
[216] Fix | Delete
// 3. Check if HTML includes the site's REST API link.
[217] Fix | Delete
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
[218] Fix | Delete
// Try both HTTPS and HTTP since the URL depends on context.
[219] Fix | Delete
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
[220] Fix | Delete
return false !== strpos( $html, $pattern );
[221] Fix | Delete
}
[222] Fix | Delete
[223] Fix | Delete
// Otherwise the result cannot be determined.
[224] Fix | Delete
return null;
[225] Fix | Delete
}
[226] Fix | Delete
[227] Fix | Delete
It is recommended that you Edit text format, this type of Fix handles quite a lot in one request
Function