Make WordPress Core


Ignore:
Timestamp:
01/29/2021 07:09:49 PM (4 years ago)
Author:
flixos90
Message:

Security, Site Health: Improve accuracy in messaging about HTTPS support.

Following up on [49904], this changeset focuses mainly on improving the guidance about the current state of HTTPS in Site Health.

  • Correct the existing copy to indicate that both the Site Address and the WordPress Address need to be changed to fully switch to HTTPS.
  • Link to the respective input fields via anchor links rather than to the overall General Settings screen.
  • Show different copy if the site is using HTTPS for the WordPress Address (for example to have only the administration panel in HTTPS), but not for the Site Address.
  • Inform the user about potential problems even when the site is already using HTTPS, for example if the SSL certificate was no longer valid.
  • Always rely on fresh information for determining HTTPS support issues in Site Health, and therefore change the https_status test to become asynchronous.
  • Rename the new private wp_is_owned_html_output() function to a more appropriate wp_is_local_html_output().

Props adamsilverstein, flixos90, johnjamesjacoby, timothyblynjacobs.
See #47577.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/tests/phpunit/tests/https-detection.php

    r49904 r50072  
    142142     * @ticket 47577
    143143     */
    144     public function test_wp_is_owned_html_output_via_rsd_link() {
     144    public function test_wp_is_local_html_output_via_rsd_link() {
    145145        // HTML includes RSD link.
    146146        $head_tag = get_echo( 'rsd_link' );
    147147        $html     = $this->get_sample_html_string( $head_tag );
    148         $this->assertTrue( wp_is_owned_html_output( $html ) );
     148        $this->assertTrue( wp_is_local_html_output( $html ) );
    149149
    150150        // HTML includes modified RSD link but same URL.
    151151        $head_tag = str_replace( ' />', '>', get_echo( 'rsd_link' ) );
    152152        $html     = $this->get_sample_html_string( $head_tag );
    153         $this->assertTrue( wp_is_owned_html_output( $html ) );
     153        $this->assertTrue( wp_is_local_html_output( $html ) );
    154154
    155155        // HTML does not include RSD link.
    156156        $html = $this->get_sample_html_string();
    157         $this->assertFalse( wp_is_owned_html_output( $html ) );
    158     }
    159 
    160     /**
    161      * @ticket 47577
    162      */
    163     public function test_wp_is_owned_html_output_via_wlwmanifest_link() {
     157        $this->assertFalse( wp_is_local_html_output( $html ) );
     158    }
     159
     160    /**
     161     * @ticket 47577
     162     */
     163    public function test_wp_is_local_html_output_via_wlwmanifest_link() {
    164164        remove_action( 'wp_head', 'rsd_link' );
    165165
     
    167167        $head_tag = get_echo( 'wlwmanifest_link' );
    168168        $html     = $this->get_sample_html_string( $head_tag );
    169         $this->assertTrue( wp_is_owned_html_output( $html ) );
     169        $this->assertTrue( wp_is_local_html_output( $html ) );
    170170
    171171        // HTML includes modified WLW manifest link but same URL.
    172172        $head_tag = str_replace( ' />', '>', get_echo( 'wlwmanifest_link' ) );
    173173        $html     = $this->get_sample_html_string( $head_tag );
    174         $this->assertTrue( wp_is_owned_html_output( $html ) );
     174        $this->assertTrue( wp_is_local_html_output( $html ) );
    175175
    176176        // HTML includes WLW manifest link with alternative URL scheme.
     
    178178        $head_tag = false !== strpos( $head_tag, 'https://' ) ? str_replace( 'https://', 'http://', $head_tag ) : str_replace( 'http://', 'https://', $head_tag );
    179179        $html     = $this->get_sample_html_string( $head_tag );
    180         $this->assertTrue( wp_is_owned_html_output( $html ) );
     180        $this->assertTrue( wp_is_local_html_output( $html ) );
    181181
    182182        // HTML does not include WLW manifest link.
    183183        $html = $this->get_sample_html_string();
    184         $this->assertFalse( wp_is_owned_html_output( $html ) );
    185     }
    186 
    187     /**
    188      * @ticket 47577
    189      */
    190     public function test_wp_is_owned_html_output_via_rest_link() {
     184        $this->assertFalse( wp_is_local_html_output( $html ) );
     185    }
     186
     187    /**
     188     * @ticket 47577
     189     */
     190    public function test_wp_is_local_html_output_via_rest_link() {
    191191        remove_action( 'wp_head', 'rsd_link' );
    192192        remove_action( 'wp_head', 'wlwmanifest_link' );
     
    195195        $head_tag = get_echo( 'rest_output_link_wp_head' );
    196196        $html     = $this->get_sample_html_string( $head_tag );
    197         $this->assertTrue( wp_is_owned_html_output( $html ) );
     197        $this->assertTrue( wp_is_local_html_output( $html ) );
    198198
    199199        // HTML includes modified REST API link but same URL.
    200200        $head_tag = str_replace( ' />', '>', get_echo( 'rest_output_link_wp_head' ) );
    201201        $html     = $this->get_sample_html_string( $head_tag );
    202         $this->assertTrue( wp_is_owned_html_output( $html ) );
     202        $this->assertTrue( wp_is_local_html_output( $html ) );
    203203
    204204        // HTML includes REST API link with alternative URL scheme.
     
    206206        $head_tag = false !== strpos( $head_tag, 'https://' ) ? str_replace( 'https://', 'http://', $head_tag ) : str_replace( 'http://', 'https://', $head_tag );
    207207        $html     = $this->get_sample_html_string( $head_tag );
    208         $this->assertTrue( wp_is_owned_html_output( $html ) );
     208        $this->assertTrue( wp_is_local_html_output( $html ) );
    209209
    210210        // HTML does not include REST API link.
    211211        $html = $this->get_sample_html_string();
    212         $this->assertFalse( wp_is_owned_html_output( $html ) );
    213     }
    214 
    215     /**
    216      * @ticket 47577
    217      */
    218     public function test_wp_is_owned_html_output_cannot_determine() {
     212        $this->assertFalse( wp_is_local_html_output( $html ) );
     213    }
     214
     215    /**
     216     * @ticket 47577
     217     */
     218    public function test_wp_is_local_html_output_cannot_determine() {
    219219        remove_action( 'wp_head', 'rsd_link' );
    220220        remove_action( 'wp_head', 'wlwmanifest_link' );
     
    223223        // The HTML here doesn't matter because all hooks are removed.
    224224        $html = $this->get_sample_html_string();
    225         $this->assertNull( wp_is_owned_html_output( $html ) );
     225        $this->assertNull( wp_is_local_html_output( $html ) );
    226226    }
    227227
Note: See TracChangeset for help on using the changeset viewer.