WordPress.org

Make WordPress Core

Changeset 50131


Ignore:
Timestamp:
02/02/2021 12:08:01 AM (3 months ago)
Author:
flixos90
Message:

Security, Site Health: Make migrating a site to HTTPS a one-click interaction.

Switching a WordPress site from HTTP to HTTPS has historically been a tedious task. While on the surface the Site Address and WordPress Address have to be updated, existing content still remains using HTTP URLs where hard-coded in the database. Furthermore, updating _two_ URLs to migrate to HTTPS is still a fairly unintuitive step which is not clearly explained.

This changeset simplifies migration from HTTP to HTTPS and, where possible, makes it a one-click interaction.

  • Automatically replace insecure versions of the Site Address (home_url()) with its HTTPS counterpart on the fly if the site has been migrated from HTTP to HTTPS. This is accomplished by introducing a https_migration_required option and enabling it when the home_url() is accordingly changed.
    • A new wp_replace_insecure_home_url() function is hooked into various pieces of content to replace URLs accordingly.
    • The migration only kicks in when the Site Address (home_url()) and WordPress Address (site_url()) match, which is the widely common case. Configurations where these differ are often maintained by more advanced users, where this migration routine would be less essential - something to potentially iterate on in the future though.
    • The migration does not actually update content in the database. More savvy users that prefer to do that can prevent the migration logic from running by either deleting the https_migration_required option or using the new wp_should_replace_insecure_home_url filter.
    • For fresh sites that do not have any content yet at the point of changing the URLs to HTTPS, the migration will also be skipped since it would not be relevant.
  • Expose a primary action in the Site Health recommendation, if HTTPS is already supported by the environment, built on top of the HTTPS detection mechanism from [49904]. When clicked, the default behavior is to update home_url() and site_url() in one go to their HTTPS counterpart.
    • A new wp_update_urls_to_https() function takes care of the update routine.
    • A new update_https meta capability is introduced to control access.
    • If the site's URLs are controlled by constants, this update is not automatically possible, so in these scenarios the user is informed about that in the HTTPS status check in Site Health.
  • Allow hosting providers to modify the URLs linked to in the HTTPS status check in Site Health, similar to how that is possible for the URLs around updating the PHP version.
    • A WP_UPDATE_HTTPS_URL environment variable or wp_update_https_url filter can be used to provide a custom URL with guidance about updating the site to use HTTPS.
    • A WP_DIRECT_UPDATE_HTTPS_URL environment variable or wp_direct_update_https_url filter can be used to provide a custom URL for the primary CTA to update the site to use HTTPS.

Props flixos90, timothyblynjacobs.
Fixes #51437.

Location:
trunk
Files:
2 added
7 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/class-wp-site-health.php

    r50072 r50131  
    15031503        wp_update_https_detection_errors();
    15041504
     1505        $default_update_url = wp_get_default_update_https_url();
     1506
    15051507        $result = array(
    15061508            'label'       => __( 'Your website is using an active HTTPS connection' ),
     
    15151517            ),
    15161518            'actions'     => sprintf(
    1517                 '<p><a href="%s" target="_blank" rel="noopener">%s <span class="screen-reader-text">%s</span><span aria-hidden="true" class="dashicons dashicons-external"></span></a></p>',
    1518                 /* translators: Documentation explaining HTTPS and why it should be used. */
    1519                 esc_url( __( 'https://wordpress.org/support/article/why-should-i-use-https/' ) ),
     1519                '<p><a href="%s" target="_blank" rel="noopener">%s<span class="screen-reader-text"> %s</span><span aria-hidden="true" class="dashicons dashicons-external"></span></a></p>',
     1520                esc_url( $default_update_url ),
    15201521                __( 'Learn more about why you should use HTTPS' ),
    15211522                /* translators: Accessibility text. */
     
    15811582                );
    15821583
    1583                 $result['actions'] = sprintf(
    1584                     '<p><a href="%s">%s</a></p>',
    1585                     esc_url( admin_url( 'options-general.php' ) ),
    1586                     __( 'Update your site addresses' )
    1587                 );
     1584                if ( defined( 'WP_HOME' ) || defined( 'WP_SITEURL' ) ) {
     1585                    $result['description'] .= sprintf(
     1586                        '<p>%s</p>',
     1587                        sprintf(
     1588                            /* translators: 1: wp-config.php, 2: WP_HOME, 3: WP_SITEURL */
     1589                            __( 'However, your WordPress Address is currently controlled by a PHP constant and therefore cannot be updated. You need to edit your %1$s and remove or update the definitions of %2$s and %3$s.' ),
     1590                            '<code>wp-config.php</code>',
     1591                            '<code>WP_HOME</code>',
     1592                            '<code>WP_SITEURL</code>'
     1593                        )
     1594                    );
     1595                } elseif ( current_user_can( 'update_https' ) ) {
     1596                    $default_direct_update_url = add_query_arg( 'action', 'update_https', wp_nonce_url( admin_url( 'site-health.php' ), 'wp_update_https' ) );
     1597                    $direct_update_url         = wp_get_direct_update_https_url();
     1598
     1599                    if ( ! empty( $direct_update_url ) ) {
     1600                        $result['actions'] = sprintf(
     1601                            '<p class="button-container"><a class="button button-primary" href="%1$s" target="_blank" rel="noopener">%2$s<span class="screen-reader-text"> %3$s</span><span aria-hidden="true" class="dashicons dashicons-external"></span></a></p>',
     1602                            esc_url( $direct_update_url ),
     1603                            __( 'Update your site to use HTTPS' ),
     1604                            /* translators: Accessibility text. */
     1605                            __( '(opens in a new tab)' )
     1606                        );
     1607                    } else {
     1608                        $result['actions'] = sprintf(
     1609                            '<p class="button-container"><a class="button button-primary" href="%1$s">%2$s</a></p>',
     1610                            esc_url( $default_direct_update_url ),
     1611                            __( 'Update your site to use HTTPS' )
     1612                        );
     1613                    }
     1614                }
    15881615            } else {
    1589                 $result['description'] .= sprintf(
    1590                     '<p>%s</p>',
    1591                     __( 'Talk to your web host about supporting HTTPS for your website.' )
    1592                 );
     1616                // If host-specific "Update HTTPS" URL is provided, include a link.
     1617                $update_url = wp_get_update_https_url();
     1618                if ( $update_url !== $default_update_url ) {
     1619                    $result['description'] .= sprintf(
     1620                        '<p><a href="%s" target="_blank" rel="noopener">%s<span class="screen-reader-text"> %s</span><span aria-hidden="true" class="dashicons dashicons-external"></span></a></p>',
     1621                        esc_url( $update_url ),
     1622                        __( 'Talk to your web host about supporting HTTPS for your website.' ),
     1623                        /* translators: Accessibility text. */
     1624                        __( '(opens in a new tab)' )
     1625                    );
     1626                } else {
     1627                    $result['description'] .= sprintf(
     1628                        '<p>%s</p>',
     1629                        __( 'Talk to your web host about supporting HTTPS for your website.' )
     1630                    );
     1631                }
    15931632            }
    15941633        } elseif ( ! wp_is_https_supported() ) {
  • trunk/src/wp-admin/site-health.php

    r49537 r50131  
    1515require_once __DIR__ . '/admin.php';
    1616
     17wp_reset_vars( array( 'action' ) );
     18
    1719$title = __( 'Site Health Status' );
    1820
     
    2628if ( ! class_exists( 'WP_Site_Health' ) ) {
    2729    require_once ABSPATH . 'wp-admin/includes/class-wp-site-health.php';
     30}
     31
     32if ( 'update_https' === $action ) {
     33    check_admin_referer( 'wp_update_https' );
     34
     35    if ( ! current_user_can( 'update_https' ) ) {
     36        wp_die( __( 'Sorry, you are not allowed to update this site to HTTPS.' ), 403 );
     37    }
     38
     39    if ( ! wp_is_https_supported() ) {
     40        wp_die( __( 'It looks like HTTPS is not supported for your website at this point.' ) );
     41    }
     42
     43    $result = wp_update_urls_to_https();
     44
     45    wp_redirect( add_query_arg( 'https_updated', (int) $result, wp_get_referer() ) );
     46    exit;
    2847}
    2948
     
    4160        </h1>
    4261    </div>
     62
     63    <?php
     64    if ( isset( $_GET['https_updated'] ) ) {
     65        if ( $_GET['https_updated'] ) {
     66            ?>
     67            <div id="message" class="notice notice-success is-dismissible"><p><?php _e( 'Site URLs switched to HTTPS.' ); ?></p></div>
     68            <?php
     69        } else {
     70            ?>
     71            <div id="message" class="notice notice-error is-dismissible"><p><?php _e( 'Site URLs could not be switched to HTTPS.' ); ?></p></div>
     72            <?php
     73        }
     74    }
     75    ?>
    4376
    4477    <div class="health-check-title-section site-health-progress-wrapper loading hide-if-no-js">
  • trunk/src/wp-includes/capabilities.php

    r50122 r50131  
    594594            }
    595595            break;
     596        case 'update_https':
     597            if ( is_multisite() && ! is_super_admin( $user_id ) ) {
     598                $caps[] = 'do_not_allow';
     599            } else {
     600                $caps[] = 'manage_options';
     601                $caps[] = 'update_core';
     602            }
     603            break;
    596604        case 'export_others_personal_data':
    597605        case 'erase_others_personal_data':
  • trunk/src/wp-includes/default-filters.php

    r50109 r50131  
    177177add_filter( 'the_content', 'prepend_attachment' );
    178178add_filter( 'the_content', 'wp_filter_content_tags' );
     179add_filter( 'the_content', 'wp_replace_insecure_home_url' );
    179180
    180181add_filter( 'the_excerpt', 'wptexturize' );
     
    184185add_filter( 'the_excerpt', 'shortcode_unautop' );
    185186add_filter( 'the_excerpt', 'wp_filter_content_tags' );
     187add_filter( 'the_excerpt', 'wp_replace_insecure_home_url' );
    186188add_filter( 'get_the_excerpt', 'wp_trim_excerpt', 10, 2 );
    187189
     
    210212add_filter( 'widget_text_content', 'shortcode_unautop' );
    211213add_filter( 'widget_text_content', 'wp_filter_content_tags' );
     214add_filter( 'widget_text_content', 'wp_replace_insecure_home_url' );
    212215add_filter( 'widget_text_content', 'do_shortcode', 11 ); // Runs after wpautop(); note that $post global will be null when shortcodes run.
     216
     217add_filter( 'wp_get_custom_css', 'wp_replace_insecure_home_url' );
    213218
    214219// RSS filters.
     
    347352add_action( 'wp_https_detection', 'wp_update_https_detection_errors' );
    348353add_filter( 'cron_request', 'wp_cron_conditionally_prevent_sslverify', 9999 );
     354
     355// HTTPS migration.
     356add_action( 'update_option_home', 'wp_update_https_migration_required', 10, 2 );
    349357
    350358// 2 Actions 2 Furious.
  • trunk/src/wp-includes/functions.php

    r50129 r50131  
    75827582
    75837583/**
     7584 * Gets the URL to learn more about updating the site to use HTTPS.
     7585 *
     7586 * This URL can be overridden by specifying an environment variable `WP_UPDATE_HTTPS_URL` or by using the
     7587 * {@see 'wp_update_https_url'} filter. Providing an empty string is not allowed and will result in the
     7588 * default URL being used. Furthermore the page the URL links to should preferably be localized in the
     7589 * site language.
     7590 *
     7591 * @since 5.7.0
     7592 *
     7593 * @return string URL to learn more about updating to HTTPS.
     7594 */
     7595function wp_get_update_https_url() {
     7596    $default_url = wp_get_default_update_https_url();
     7597
     7598    $update_url = $default_url;
     7599    if ( false !== getenv( 'WP_UPDATE_HTTPS_URL' ) ) {
     7600        $update_url = getenv( 'WP_UPDATE_HTTPS_URL' );
     7601    }
     7602
     7603    /**
     7604     * Filters the URL to learn more about updating the HTTPS version the site is running on.
     7605     *
     7606     * Providing an empty string is not allowed and will result in the default URL being used. Furthermore
     7607     * the page the URL links to should preferably be localized in the site language.
     7608     *
     7609     * @since 5.7.0
     7610     *
     7611     * @param string $update_url URL to learn more about updating HTTPS.
     7612     */
     7613    $update_url = apply_filters( 'wp_update_https_url', $update_url );
     7614    if ( empty( $update_url ) ) {
     7615        $update_url = $default_url;
     7616    }
     7617
     7618    return $update_url;
     7619}
     7620
     7621/**
     7622 * Gets the default URL to learn more about updating the site to use HTTPS.
     7623 *
     7624 * Do not use this function to retrieve this URL. Instead, use {@see wp_get_update_https_url()} when relying on the URL.
     7625 * This function does not allow modifying the returned URL, and is only used to compare the actually used URL with the
     7626 * default one.
     7627 *
     7628 * @since 5.7.0
     7629 * @access private
     7630 *
     7631 * @return string Default URL to learn more about updating to HTTPS.
     7632 */
     7633function wp_get_default_update_https_url() {
     7634    /* translators: Documentation explaining HTTPS and why it should be used. */
     7635    return __( 'https://wordpress.org/support/article/why-should-i-use-https/' );
     7636}
     7637
     7638/**
     7639 * Gets the URL for directly updating the site to use HTTPS.
     7640 *
     7641 * A URL will only be returned if the `WP_DIRECT_UPDATE_HTTPS_URL` environment variable is specified or
     7642 * by using the {@see 'wp_direct_update_https_url'} filter. This allows hosts to send users directly to
     7643 * the page where they can update their site to use HTTPS.
     7644 *
     7645 * @since 5.7.0
     7646 *
     7647 * @return string URL for directly updating to HTTPS or empty string.
     7648 */
     7649function wp_get_direct_update_https_url() {
     7650    $direct_update_url = '';
     7651
     7652    if ( false !== getenv( 'WP_DIRECT_UPDATE_HTTPS_URL' ) ) {
     7653        $direct_update_url = getenv( 'WP_DIRECT_UPDATE_HTTPS_URL' );
     7654    }
     7655
     7656    /**
     7657     * Filters the URL for directly updating the PHP version the site is running on from the host.
     7658     *
     7659     * @since 5.7.0
     7660     *
     7661     * @param string $direct_update_url URL for directly updating PHP.
     7662     */
     7663    $direct_update_url = apply_filters( 'wp_direct_update_https_url', $direct_update_url );
     7664
     7665    return $direct_update_url;
     7666}
     7667
     7668/**
    75847669 * Get the size of a directory.
    75857670 *
  • trunk/src/wp-settings.php

    r49992 r50131  
    173173require ABSPATH . WPINC . '/template.php';
    174174require ABSPATH . WPINC . '/https-detection.php';
     175require ABSPATH . WPINC . '/https-migration.php';
    175176require ABSPATH . WPINC . '/class-wp-user-request.php';
    176177require ABSPATH . WPINC . '/user.php';
  • trunk/tests/phpunit/tests/user/capabilities.php

    r50114 r50131  
    271271            'deactivate_plugins'          => array( 'administrator' ),
    272272            'update_php'                  => array( 'administrator' ),
     273            'update_https'                => array( 'administrator' ),
    273274            'export_others_personal_data' => array( 'administrator' ),
    274275            'erase_others_personal_data'  => array( 'administrator' ),
     
    306307            'deactivate_plugins'          => array(),
    307308            'update_php'                  => array(),
     309            'update_https'                => array(),
    308310            'export_others_personal_data' => array( '' ),
    309311            'erase_others_personal_data'  => array( '' ),
Note: See TracChangeset for help on using the changeset viewer.