WordPress.org
Get WordPress

Make WordPress Core

Ticket #47528: patch.diff

File patch.diff, 5.9 KB (added by Michi91, 2 years ago)

Refreshed Patch for #47528 - including check for development environment and releases

  • src/wp-admin/admin-ajax.php 

    From c826b5b7c1e5bf029bdee7352ca9b479c5c65765 Mon Sep 17 00:00:00 2001
From: Michael <github@michaelplas.de>
Date: Sat, 9 Sep 2023 00:17:01 +0200
Subject: [PATCH] Refreshed Patch for #47528 - including check for development
 enviroment and releases

---
 src/wp-admin/admin-ajax.php                   |  1 +
 src/wp-admin/includes/ajax-actions.php        | 19 ++++
 .../includes/class-wp-site-health.php         | 96 ++++++++++++++++++-
 3 files changed, 115 insertions(+), 1 deletion(-)

diff --git a/src/wp-admin/admin-ajax.php b/src/wp-admin/admin-ajax.php
index fb19110029..64d0a002c9 100644
    a b $core_actions_post = array( 
    139139        'health-check-background-updates',
    140140        'health-check-loopback-requests',
    141141        'health-check-get-sizes',
     142        'health-check-core-integrity',
    142143        'toggle-auto-updates',
    143144        'send-password-reset',
    144145);

  • src/wp-admin/includes/ajax-actions.php 

    diff --git a/src/wp-admin/includes/ajax-actions.php b/src/wp-admin/includes/ajax-actions.php
index 16b827d7bd..01bc4a3d8d 100644
    a b function wp_ajax_health_check_get_sizes() { 
    54865486        wp_send_json_success( $all_sizes );
    54875487}
    54885488
     5489/**
     5490 * Ajax handler for site health checks on code integrity.
     5491 *
     5492 * @since 6.4.0
     5493 */
     5494function wp_ajax_health_check_core_integrity() {
     5495        check_ajax_referer( 'health-check-site-status' );
     5496
     5497        if ( ! current_user_can( 'view_site_health_checks' ) ) {
     5498                        wp_send_json_error();
     5499        }
     5500
     5501        if ( ! class_exists( 'WP_Site_Health' ) ) {
     5502                        require_once( ABSPATH . 'wp-admin/includes/class-wp-site-health.php' );
     5503        }
     5504
     5505        $site_health = new WP_Site_Health();
     5506        wp_send_json_success( $site_health->get_test_core_integrity() );
     5507}
    54895508/**
    54905509 * Handles renewing the REST API nonce via AJAX.
    54915510 *

  • src/wp-admin/includes/class-wp-site-health.php 

    diff --git a/src/wp-admin/includes/class-wp-site-health.php b/src/wp-admin/includes/class-wp-site-health.php
index 5ab784af40..5d157636b3 100644
    a b class WP_Site_Health { 
    26972697                return $result;
    26982698        }
    26992699
     2700        /**
     2701         * Scan the WordPress core files for modified and/or missing files.
     2702         *
     2703         * Files that have been modified or that have gone missing may indicate that the site
     2704         * has been compromised, installation failure, or that the code has been customized.
     2705         * Users that know the code base should be unaltered will be offered to reinstall or
     2706         * upgrade WordPress in response.
     2707         *
     2708         * @since 6.4.0
     2709         *
     2710         * @return array The test results.
     2711         */
     2712        public function get_test_core_integrity() {
     2713                $result = array(
     2714                        'label'       => __( 'No changes to the core files are detected' ),
     2715                        'status'      => 'good',
     2716                        'badge'       => array(
     2717                                'label' => __( 'Security' ),
     2718                                'color' => 'blue',
     2719                        ),
     2720                        'description' => __( 'A scan for changes to the core WordPress files was performed. No changes are detected.' ),
     2721                        'actions'     => '',
     2722                        'test'        => 'core_integrity',
     2723                );
     2724
     2725                $wp_version = get_bloginfo( 'version' );
     2726                $wp_locale  = get_locale();
     2727
     2728                // Retrieve a list of checksums from the remote server for verification
     2729
     2730                $checksums = get_transient( 'health-check-code-integrity-checksums' );
     2731                if ( false === $checksums ) {
     2732                        $checksums = get_core_checksums( $wp_version, $wp_locale );
     2733                        if ( false === $checksums && false !== strpos( $wp_version, '-' ) ) {
     2734                                $checksums = get_core_checksums( (float) $wp_version - 0.1, $wp_locale );
     2735                        }
     2736
     2737                        set_transient( 'health-check-code-integrity-checksums', $checksums, HOUR_IN_SECONDS );
     2738                }
     2739
     2740                if ( empty( $checksums ) ) {
     2741                        $result['status']      = 'critical';
     2742                        $result['label']       = __( 'Unable to scan core files for changes' );
     2743                        $result['description'] = __( 'The checksum file list could not be downloaded. There maybe a connection issue or a list is not available for this version. Please try to run this test again at a later time.' );
     2744                        return $result;
     2745                }
     2746
     2747                $changed_files = false;
     2748                foreach ( $checksums as $file => $checksum ) {
     2749
     2750                        if ( 0 === strncmp( $file, 'wp-content', 10 ) ) {
     2751                                continue;
     2752                        }
     2753
     2754                        if ( ! file_exists( ABSPATH . $file ) ) {
     2755                                $changed_files = true;
     2756                                break;
     2757                        }
     2758
     2759                        $existing_checksum = md5_file( ABSPATH . $file );
     2760                        if ( $existing_checksum !== $checksum ) {
     2761                                $changed_files = true;
     2762                                break;
     2763                        }
     2764
     2765                }
     2766
     2767                if ( true === $changed_files ) {
     2768
     2769                        $result['status'] = 'recommended';
     2770                        $result['label']  = __( 'Some core files may have been modified' );
     2771                        $result['description'] = __( 'Some WordPress core files may have been changed. One reason this check can fail is that you need to install a version that makes use of the right translation files. If you have the ability to do so, a simple fix is to reinstall WordPress. Reinstall of the core system should not affect any plugins, themes, or content that you have posted.' );
     2772                        $result['actions'] = sprintf(
     2773                                '<a href="%s">%s</a>',
     2774                                esc_url( admin_url( 'update-core.php?force_check=1' ) ),
     2775                                __( 'Reinstall WordPress manually' )
     2776                        );
     2777
     2778                }
     2779
     2780                return $result;
     2781        }
     2782
    27002783        /**
    27012784         * Returns a set of tests that belong to the site status page.
    27022785         *
    class WP_Site_Health { 
    28402923                        );
    28412924                }
    28422925
     2926                /*
     2927                 * Check integrity only for non-development environments and releases.
     2928                 * WordPress Nightly Builds, Alphas, and Betas contain a version suffix starting with "-", such as 6.4-alpha-56267-src.
     2929                 */
     2930                if ( !wp_is_development_mode(false) && !strpos(get_bloginfo('version'), '-') ) {
     2931                        $tests['direct']['core_integrity']  = array(
     2932                                'label' => __( 'WordPress Core Files Integrity Check' ),
     2933                                'test'  => 'core_integrity'
     2934                        );
     2935                }
     2936
    28432937                /**
    28442938                 * Filters which site status tests are run on a site.
    2845                  *
     2939                 * 
    28462940                 * The site health is determined by a set of tests based on best practices from
    28472941                 * both the WordPress Hosting Team and web standards in general.
    28482942                 *