Changeset 50131
- Timestamp:
- 02/02/2021 12:08:01 AM (4 years ago)
- Location:
- trunk
- Files:
-
- 2 added
- 7 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-admin/includes/class-wp-site-health.php
r50072 r50131 1503 1503 wp_update_https_detection_errors(); 1504 1504 1505 $default_update_url = wp_get_default_update_https_url(); 1506 1505 1507 $result = array( 1506 1508 'label' => __( 'Your website is using an active HTTPS connection' ), … … 1515 1517 ), 1516 1518 'actions' => sprintf( 1517 '<p><a href="%s" target="_blank" rel="noopener">%s <span class="screen-reader-text">%s</span><span aria-hidden="true" class="dashicons dashicons-external"></span></a></p>', 1518 /* translators: Documentation explaining HTTPS and why it should be used. */ 1519 esc_url( __( 'https://wordpress.org/support/article/why-should-i-use-https/' ) ), 1519 '<p><a href="%s" target="_blank" rel="noopener">%s<span class="screen-reader-text"> %s</span><span aria-hidden="true" class="dashicons dashicons-external"></span></a></p>', 1520 esc_url( $default_update_url ), 1520 1521 __( 'Learn more about why you should use HTTPS' ), 1521 1522 /* translators: Accessibility text. */ … … 1581 1582 ); 1582 1583 1583 $result['actions'] = sprintf( 1584 '<p><a href="%s">%s</a></p>', 1585 esc_url( admin_url( 'options-general.php' ) ), 1586 __( 'Update your site addresses' ) 1587 ); 1584 if ( defined( 'WP_HOME' ) || defined( 'WP_SITEURL' ) ) { 1585 $result['description'] .= sprintf( 1586 '<p>%s</p>', 1587 sprintf( 1588 /* translators: 1: wp-config.php, 2: WP_HOME, 3: WP_SITEURL */ 1589 __( 'However, your WordPress Address is currently controlled by a PHP constant and therefore cannot be updated. You need to edit your %1$s and remove or update the definitions of %2$s and %3$s.' ), 1590 '<code>wp-config.php</code>', 1591 '<code>WP_HOME</code>', 1592 '<code>WP_SITEURL</code>' 1593 ) 1594 ); 1595 } elseif ( current_user_can( 'update_https' ) ) { 1596 $default_direct_update_url = add_query_arg( 'action', 'update_https', wp_nonce_url( admin_url( 'site-health.php' ), 'wp_update_https' ) ); 1597 $direct_update_url = wp_get_direct_update_https_url(); 1598 1599 if ( ! empty( $direct_update_url ) ) { 1600 $result['actions'] = sprintf( 1601 '<p class="button-container"><a class="button button-primary" href="%1$s" target="_blank" rel="noopener">%2$s<span class="screen-reader-text"> %3$s</span><span aria-hidden="true" class="dashicons dashicons-external"></span></a></p>', 1602 esc_url( $direct_update_url ), 1603 __( 'Update your site to use HTTPS' ), 1604 /* translators: Accessibility text. */ 1605 __( '(opens in a new tab)' ) 1606 ); 1607 } else { 1608 $result['actions'] = sprintf( 1609 '<p class="button-container"><a class="button button-primary" href="%1$s">%2$s</a></p>', 1610 esc_url( $default_direct_update_url ), 1611 __( 'Update your site to use HTTPS' ) 1612 ); 1613 } 1614 } 1588 1615 } else { 1589 $result['description'] .= sprintf( 1590 '<p>%s</p>', 1591 __( 'Talk to your web host about supporting HTTPS for your website.' ) 1592 ); 1616 // If host-specific "Update HTTPS" URL is provided, include a link. 1617 $update_url = wp_get_update_https_url(); 1618 if ( $update_url !== $default_update_url ) { 1619 $result['description'] .= sprintf( 1620 '<p><a href="%s" target="_blank" rel="noopener">%s<span class="screen-reader-text"> %s</span><span aria-hidden="true" class="dashicons dashicons-external"></span></a></p>', 1621 esc_url( $update_url ), 1622 __( 'Talk to your web host about supporting HTTPS for your website.' ), 1623 /* translators: Accessibility text. */ 1624 __( '(opens in a new tab)' ) 1625 ); 1626 } else { 1627 $result['description'] .= sprintf( 1628 '<p>%s</p>', 1629 __( 'Talk to your web host about supporting HTTPS for your website.' ) 1630 ); 1631 } 1593 1632 } 1594 1633 } elseif ( ! wp_is_https_supported() ) { -
trunk/src/wp-admin/site-health.php
r49537 r50131 15 15 require_once __DIR__ . '/admin.php'; 16 16 17 wp_reset_vars( array( 'action' ) ); 18 17 19 $title = __( 'Site Health Status' ); 18 20 … … 26 28 if ( ! class_exists( 'WP_Site_Health' ) ) { 27 29 require_once ABSPATH . 'wp-admin/includes/class-wp-site-health.php'; 30 } 31 32 if ( 'update_https' === $action ) { 33 check_admin_referer( 'wp_update_https' ); 34 35 if ( ! current_user_can( 'update_https' ) ) { 36 wp_die( __( 'Sorry, you are not allowed to update this site to HTTPS.' ), 403 ); 37 } 38 39 if ( ! wp_is_https_supported() ) { 40 wp_die( __( 'It looks like HTTPS is not supported for your website at this point.' ) ); 41 } 42 43 $result = wp_update_urls_to_https(); 44 45 wp_redirect( add_query_arg( 'https_updated', (int) $result, wp_get_referer() ) ); 46 exit; 28 47 } 29 48 … … 41 60 </h1> 42 61 </div> 62 63 <?php 64 if ( isset( $_GET['https_updated'] ) ) { 65 if ( $_GET['https_updated'] ) { 66 ?> 67 <div id="message" class="notice notice-success is-dismissible"><p><?php _e( 'Site URLs switched to HTTPS.' ); ?></p></div> 68 <?php 69 } else { 70 ?> 71 <div id="message" class="notice notice-error is-dismissible"><p><?php _e( 'Site URLs could not be switched to HTTPS.' ); ?></p></div> 72 <?php 73 } 74 } 75 ?> 43 76 44 77 <div class="health-check-title-section site-health-progress-wrapper loading hide-if-no-js"> -
trunk/src/wp-includes/capabilities.php
r50122 r50131 594 594 } 595 595 break; 596 case 'update_https': 597 if ( is_multisite() && ! is_super_admin( $user_id ) ) { 598 $caps[] = 'do_not_allow'; 599 } else { 600 $caps[] = 'manage_options'; 601 $caps[] = 'update_core'; 602 } 603 break; 596 604 case 'export_others_personal_data': 597 605 case 'erase_others_personal_data': -
trunk/src/wp-includes/default-filters.php
r50109 r50131 177 177 add_filter( 'the_content', 'prepend_attachment' ); 178 178 add_filter( 'the_content', 'wp_filter_content_tags' ); 179 add_filter( 'the_content', 'wp_replace_insecure_home_url' ); 179 180 180 181 add_filter( 'the_excerpt', 'wptexturize' ); … … 184 185 add_filter( 'the_excerpt', 'shortcode_unautop' ); 185 186 add_filter( 'the_excerpt', 'wp_filter_content_tags' ); 187 add_filter( 'the_excerpt', 'wp_replace_insecure_home_url' ); 186 188 add_filter( 'get_the_excerpt', 'wp_trim_excerpt', 10, 2 ); 187 189 … … 210 212 add_filter( 'widget_text_content', 'shortcode_unautop' ); 211 213 add_filter( 'widget_text_content', 'wp_filter_content_tags' ); 214 add_filter( 'widget_text_content', 'wp_replace_insecure_home_url' ); 212 215 add_filter( 'widget_text_content', 'do_shortcode', 11 ); // Runs after wpautop(); note that $post global will be null when shortcodes run. 216 217 add_filter( 'wp_get_custom_css', 'wp_replace_insecure_home_url' ); 213 218 214 219 // RSS filters. … … 347 352 add_action( 'wp_https_detection', 'wp_update_https_detection_errors' ); 348 353 add_filter( 'cron_request', 'wp_cron_conditionally_prevent_sslverify', 9999 ); 354 355 // HTTPS migration. 356 add_action( 'update_option_home', 'wp_update_https_migration_required', 10, 2 ); 349 357 350 358 // 2 Actions 2 Furious. -
trunk/src/wp-includes/functions.php
r50129 r50131 7582 7582 7583 7583 /** 7584 * Gets the URL to learn more about updating the site to use HTTPS. 7585 * 7586 * This URL can be overridden by specifying an environment variable `WP_UPDATE_HTTPS_URL` or by using the 7587 * {@see 'wp_update_https_url'} filter. Providing an empty string is not allowed and will result in the 7588 * default URL being used. Furthermore the page the URL links to should preferably be localized in the 7589 * site language. 7590 * 7591 * @since 5.7.0 7592 * 7593 * @return string URL to learn more about updating to HTTPS. 7594 */ 7595 function wp_get_update_https_url() { 7596 $default_url = wp_get_default_update_https_url(); 7597 7598 $update_url = $default_url; 7599 if ( false !== getenv( 'WP_UPDATE_HTTPS_URL' ) ) { 7600 $update_url = getenv( 'WP_UPDATE_HTTPS_URL' ); 7601 } 7602 7603 /** 7604 * Filters the URL to learn more about updating the HTTPS version the site is running on. 7605 * 7606 * Providing an empty string is not allowed and will result in the default URL being used. Furthermore 7607 * the page the URL links to should preferably be localized in the site language. 7608 * 7609 * @since 5.7.0 7610 * 7611 * @param string $update_url URL to learn more about updating HTTPS. 7612 */ 7613 $update_url = apply_filters( 'wp_update_https_url', $update_url ); 7614 if ( empty( $update_url ) ) { 7615 $update_url = $default_url; 7616 } 7617 7618 return $update_url; 7619 } 7620 7621 /** 7622 * Gets the default URL to learn more about updating the site to use HTTPS. 7623 * 7624 * Do not use this function to retrieve this URL. Instead, use {@see wp_get_update_https_url()} when relying on the URL. 7625 * This function does not allow modifying the returned URL, and is only used to compare the actually used URL with the 7626 * default one. 7627 * 7628 * @since 5.7.0 7629 * @access private 7630 * 7631 * @return string Default URL to learn more about updating to HTTPS. 7632 */ 7633 function wp_get_default_update_https_url() { 7634 /* translators: Documentation explaining HTTPS and why it should be used. */ 7635 return __( 'https://wordpress.org/support/article/why-should-i-use-https/' ); 7636 } 7637 7638 /** 7639 * Gets the URL for directly updating the site to use HTTPS. 7640 * 7641 * A URL will only be returned if the `WP_DIRECT_UPDATE_HTTPS_URL` environment variable is specified or 7642 * by using the {@see 'wp_direct_update_https_url'} filter. This allows hosts to send users directly to 7643 * the page where they can update their site to use HTTPS. 7644 * 7645 * @since 5.7.0 7646 * 7647 * @return string URL for directly updating to HTTPS or empty string. 7648 */ 7649 function wp_get_direct_update_https_url() { 7650 $direct_update_url = ''; 7651 7652 if ( false !== getenv( 'WP_DIRECT_UPDATE_HTTPS_URL' ) ) { 7653 $direct_update_url = getenv( 'WP_DIRECT_UPDATE_HTTPS_URL' ); 7654 } 7655 7656 /** 7657 * Filters the URL for directly updating the PHP version the site is running on from the host. 7658 * 7659 * @since 5.7.0 7660 * 7661 * @param string $direct_update_url URL for directly updating PHP. 7662 */ 7663 $direct_update_url = apply_filters( 'wp_direct_update_https_url', $direct_update_url ); 7664 7665 return $direct_update_url; 7666 } 7667 7668 /** 7584 7669 * Get the size of a directory. 7585 7670 * -
trunk/src/wp-settings.php
r49992 r50131 173 173 require ABSPATH . WPINC . '/template.php'; 174 174 require ABSPATH . WPINC . '/https-detection.php'; 175 require ABSPATH . WPINC . '/https-migration.php'; 175 176 require ABSPATH . WPINC . '/class-wp-user-request.php'; 176 177 require ABSPATH . WPINC . '/user.php'; -
trunk/tests/phpunit/tests/user/capabilities.php
r50114 r50131 271 271 'deactivate_plugins' => array( 'administrator' ), 272 272 'update_php' => array( 'administrator' ), 273 'update_https' => array( 'administrator' ), 273 274 'export_others_personal_data' => array( 'administrator' ), 274 275 'erase_others_personal_data' => array( 'administrator' ), … … 306 307 'deactivate_plugins' => array(), 307 308 'update_php' => array(), 309 'update_https' => array(), 308 310 'export_others_personal_data' => array( '' ), 309 311 'erase_others_personal_data' => array( '' ),
Note: See TracChangeset
for help on using the changeset viewer.