Ticket #47528: patch.diff
File patch.diff, 5.9 KB (added by , 15 months ago) |
---|
-
src/wp-admin/admin-ajax.php
From c826b5b7c1e5bf029bdee7352ca9b479c5c65765 Mon Sep 17 00:00:00 2001 From: Michael <github@michaelplas.de> Date: Sat, 9 Sep 2023 00:17:01 +0200 Subject: [PATCH] Refreshed Patch for #47528 - including check for development enviroment and releases --- src/wp-admin/admin-ajax.php | 1 + src/wp-admin/includes/ajax-actions.php | 19 ++++ .../includes/class-wp-site-health.php | 96 ++++++++++++++++++- 3 files changed, 115 insertions(+), 1 deletion(-) diff --git a/src/wp-admin/admin-ajax.php b/src/wp-admin/admin-ajax.php index fb19110029..64d0a002c9 100644
a b $core_actions_post = array( 139 139 'health-check-background-updates', 140 140 'health-check-loopback-requests', 141 141 'health-check-get-sizes', 142 'health-check-core-integrity', 142 143 'toggle-auto-updates', 143 144 'send-password-reset', 144 145 ); -
src/wp-admin/includes/ajax-actions.php
diff --git a/src/wp-admin/includes/ajax-actions.php b/src/wp-admin/includes/ajax-actions.php index 16b827d7bd..01bc4a3d8d 100644
a b function wp_ajax_health_check_get_sizes() { 5486 5486 wp_send_json_success( $all_sizes ); 5487 5487 } 5488 5488 5489 /** 5490 * Ajax handler for site health checks on code integrity. 5491 * 5492 * @since 6.4.0 5493 */ 5494 function wp_ajax_health_check_core_integrity() { 5495 check_ajax_referer( 'health-check-site-status' ); 5496 5497 if ( ! current_user_can( 'view_site_health_checks' ) ) { 5498 wp_send_json_error(); 5499 } 5500 5501 if ( ! class_exists( 'WP_Site_Health' ) ) { 5502 require_once( ABSPATH . 'wp-admin/includes/class-wp-site-health.php' ); 5503 } 5504 5505 $site_health = new WP_Site_Health(); 5506 wp_send_json_success( $site_health->get_test_core_integrity() ); 5507 } 5489 5508 /** 5490 5509 * Handles renewing the REST API nonce via AJAX. 5491 5510 * -
src/wp-admin/includes/class-wp-site-health.php
diff --git a/src/wp-admin/includes/class-wp-site-health.php b/src/wp-admin/includes/class-wp-site-health.php index 5ab784af40..5d157636b3 100644
a b class WP_Site_Health { 2697 2697 return $result; 2698 2698 } 2699 2699 2700 /** 2701 * Scan the WordPress core files for modified and/or missing files. 2702 * 2703 * Files that have been modified or that have gone missing may indicate that the site 2704 * has been compromised, installation failure, or that the code has been customized. 2705 * Users that know the code base should be unaltered will be offered to reinstall or 2706 * upgrade WordPress in response. 2707 * 2708 * @since 6.4.0 2709 * 2710 * @return array The test results. 2711 */ 2712 public function get_test_core_integrity() { 2713 $result = array( 2714 'label' => __( 'No changes to the core files are detected' ), 2715 'status' => 'good', 2716 'badge' => array( 2717 'label' => __( 'Security' ), 2718 'color' => 'blue', 2719 ), 2720 'description' => __( 'A scan for changes to the core WordPress files was performed. No changes are detected.' ), 2721 'actions' => '', 2722 'test' => 'core_integrity', 2723 ); 2724 2725 $wp_version = get_bloginfo( 'version' ); 2726 $wp_locale = get_locale(); 2727 2728 // Retrieve a list of checksums from the remote server for verification 2729 2730 $checksums = get_transient( 'health-check-code-integrity-checksums' ); 2731 if ( false === $checksums ) { 2732 $checksums = get_core_checksums( $wp_version, $wp_locale ); 2733 if ( false === $checksums && false !== strpos( $wp_version, '-' ) ) { 2734 $checksums = get_core_checksums( (float) $wp_version - 0.1, $wp_locale ); 2735 } 2736 2737 set_transient( 'health-check-code-integrity-checksums', $checksums, HOUR_IN_SECONDS ); 2738 } 2739 2740 if ( empty( $checksums ) ) { 2741 $result['status'] = 'critical'; 2742 $result['label'] = __( 'Unable to scan core files for changes' ); 2743 $result['description'] = __( 'The checksum file list could not be downloaded. There maybe a connection issue or a list is not available for this version. Please try to run this test again at a later time.' ); 2744 return $result; 2745 } 2746 2747 $changed_files = false; 2748 foreach ( $checksums as $file => $checksum ) { 2749 2750 if ( 0 === strncmp( $file, 'wp-content', 10 ) ) { 2751 continue; 2752 } 2753 2754 if ( ! file_exists( ABSPATH . $file ) ) { 2755 $changed_files = true; 2756 break; 2757 } 2758 2759 $existing_checksum = md5_file( ABSPATH . $file ); 2760 if ( $existing_checksum !== $checksum ) { 2761 $changed_files = true; 2762 break; 2763 } 2764 2765 } 2766 2767 if ( true === $changed_files ) { 2768 2769 $result['status'] = 'recommended'; 2770 $result['label'] = __( 'Some core files may have been modified' ); 2771 $result['description'] = __( 'Some WordPress core files may have been changed. One reason this check can fail is that you need to install a version that makes use of the right translation files. If you have the ability to do so, a simple fix is to reinstall WordPress. Reinstall of the core system should not affect any plugins, themes, or content that you have posted.' ); 2772 $result['actions'] = sprintf( 2773 '<a href="%s">%s</a>', 2774 esc_url( admin_url( 'update-core.php?force_check=1' ) ), 2775 __( 'Reinstall WordPress manually' ) 2776 ); 2777 2778 } 2779 2780 return $result; 2781 } 2782 2700 2783 /** 2701 2784 * Returns a set of tests that belong to the site status page. 2702 2785 * … … class WP_Site_Health { 2840 2923 ); 2841 2924 } 2842 2925 2926 /* 2927 * Check integrity only for non-development environments and releases. 2928 * WordPress Nightly Builds, Alphas, and Betas contain a version suffix starting with "-", such as 6.4-alpha-56267-src. 2929 */ 2930 if ( !wp_is_development_mode(false) && !strpos(get_bloginfo('version'), '-') ) { 2931 $tests['direct']['core_integrity'] = array( 2932 'label' => __( 'WordPress Core Files Integrity Check' ), 2933 'test' => 'core_integrity' 2934 ); 2935 } 2936 2843 2937 /** 2844 2938 * Filters which site status tests are run on a site. 2845 * 2939 * 2846 2940 * The site health is determined by a set of tests based on best practices from 2847 2941 * both the WordPress Hosting Team and web standards in general. 2848 2942 *