WordPress.org
Get WordPress

Make WordPress Core


Ignore:
Timestamp:
09/22/2023 07:06:45 PM (21 months ago)
Author:
adamsilverstein
Message:

Security: remove the cron event that checked for https support.

Fix an issue where a cron job ran every 12 hours to check for https support - even when https support was already enabled. The check is now run only when the user visits the Site Health page. Reducing the unneeded requests lowers the impact and load of hosting WordPress sites.

The wp_update_https_detection_errors function is deprecated and the https_detection_errors option that was previously set by the cron job is no longer maintained. The pre_wp_update_https_detection_errors filter is deprecated and replaced by the pre_wp_get_https_detection_errors filter which serves the same function.

Props audrasjb, johnbillion, Michi91.
Fixes #58494.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/wp-includes/deprecated.php

    r56500 r56664  
    58715871    add_action( 'admin_init', $fn_generate_and_enqueue_editor_styles );
    58725872}
     5873
     5874/**
     5875 * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
     5876 *
     5877 * This internal function is called by a regular Cron hook to ensure HTTPS support is detected and maintained.
     5878 *
     5879 * @since 5.7.0
     5880 * @deprecated 6.4.0 The `wp_update_https_detection_errors()` function is no longer used and has been replaced by
     5881 *                   `wp_get_https_detection_errors()`. Previously the function was called by a regular Cron hook to
     5882 *                    update the `https_detection_errors` option, but this is no longer necessary as the errors are
     5883 *                    retrieved directly in Site Health and no longer used outside of Site Health.
     5884 * @access private
     5885 */
     5886function wp_update_https_detection_errors() {
     5887    _deprecated_function( __FUNCTION__, '6.4.0' );
     5888
     5889    /**
     5890     * Short-circuits the process of detecting errors related to HTTPS support.
     5891     *
     5892     * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
     5893     * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
     5894     *
     5895     * @since 5.7.0
     5896     * @deprecated 6.4.0 The `wp_update_https_detection_errors` filter is no longer used and has been replaced by `pre_wp_get_https_detection_errors`.
     5897     *
     5898     * @param null|WP_Error $pre Error object to short-circuit detection,
     5899     *                           or null to continue with the default behavior.
     5900     */
     5901    $support_errors = apply_filters( 'pre_wp_update_https_detection_errors', null );
     5902    if ( is_wp_error( $support_errors ) ) {
     5903        update_option( 'https_detection_errors', $support_errors->errors );
     5904        return;
     5905    }
     5906
     5907    $support_errors = wp_get_https_detection_errors();
     5908
     5909    update_option( 'https_detection_errors', $support_errors );
     5910}
Note: See TracChangeset for help on using the changeset viewer.