Make WordPress Core


Ignore:
Timestamp:
01/29/2021 07:58:39 PM (4 years ago)
Author:
flixos90
Message:

Security: Allow short-circuiting the wp_update_https_detection_errors() process.

This changeset introduces a pre_wp_update_https_detection_errors filter which can be used to short-circuit the default logic for detecting problems with HTTPS support for the site, by returning a WP_Error object.

Props timothyblynjacobs.
See #47577.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/tests/phpunit/tests/https-detection.php

    r50072 r50075  
    108108        // Check that the requests are made to the correct URL.
    109109        $this->assertEquals( 'https://example.com/', $this->last_request_url );
     110    }
     111
     112    /**
     113     * @ticket 47577
     114     */
     115    public function test_pre_wp_update_https_detection_errors() {
     116        // Override to enforce no errors being detected.
     117        add_filter(
     118            'pre_wp_update_https_detection_errors',
     119            function() {
     120                return new WP_Error();
     121            }
     122        );
     123        wp_update_https_detection_errors();
     124        $this->assertEquals( array(), get_option( 'https_detection_errors' ) );
     125
     126        // Override to enforce an error being detected.
     127        add_filter(
     128            'pre_wp_update_https_detection_errors',
     129            function() {
     130                return new WP_Error(
     131                    'ssl_verification_failed',
     132                    'Bad SSL certificate.'
     133                );
     134            }
     135        );
     136        wp_update_https_detection_errors();
     137        $this->assertEquals(
     138            array( 'ssl_verification_failed' => array( 'Bad SSL certificate.' ) ),
     139            get_option( 'https_detection_errors' )
     140        );
    110141    }
    111142
Note: See TracChangeset for help on using the changeset viewer.