Changeset 56664 for trunk/src/wp-includes/https-detection.php

Timestamp:

09/22/2023 07:06:45 PM (2 years ago)

Author:

adamsilverstein

Message:

Security: remove the cron event that checked for https support.

Fix an issue where a cron job ran every 12 hours to check for https support - even when https support was already enabled. The check is now run only when the user visits the Site Health page. Reducing the unneeded requests lowers the impact and load of hosting WordPress sites.

The wp_update_https_detection_errors function is deprecated and the https_detection_errors option that was previously set by the cron job is no longer maintained. The pre_wp_update_https_detection_errors filter is deprecated and replaced by the pre_wp_get_https_detection_errors filter which serves the same function.

Props audrasjb, johnbillion, Michi91.
Fixes #58494.

File:

• trunk/src/wp-includes/https-detection.php (modified) (3 diffs)

trunk/src/wp-includes/https-detection.php

@@ -87 +87 @@
  * This internal function is called by a regular Cron hook to ensure HTTPS support is detected and maintained.
  *
- * @since 5.7.0
+ * @since 6.4.0
  * @access private
  */
-function wp_update_https_detection_errors() {
+function wp_get_https_detection_errors() {
     /**
      * Short-circuits the process of detecting errors related to HTTPS support.
@@ -97 +97 @@
      * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
      *
-     * @since 5.7.0
+     * @since 6.4.0
      *
      * @param null|WP_Error $pre Error object to short-circuit detection,
      *                           or null to continue with the default behavior.
+     * @return null|WP_Error Error object if HTTPS detection errors are found, null otherwise.
      */
-    $support_errors = apply_filters( 'pre_wp_update_https_detection_errors', null );
+    $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
     if ( is_wp_error( $support_errors ) ) {
-        update_option( 'https_detection_errors', $support_errors->errors );
-        return;
+        return $support_errors->errors;
     }
 
@@ -154 +154 @@
     }
 
-    update_option( 'https_detection_errors', $support_errors->errors );
-}
-
-/**
- * Schedules the Cron hook for detecting HTTPS support.
- *
- * @since 5.7.0
- * @access private
- */
-function wp_schedule_https_detection() {
-    if ( wp_installing() ) {
-        return;
-    }
-
-    if ( ! wp_next_scheduled( 'wp_https_detection' ) ) {
-        wp_schedule_event( time(), 'twicedaily', 'wp_https_detection' );
-    }
-}
-
-/**
- * Disables SSL verification if the 'cron_request' arguments include an HTTPS URL.
- *
- * This prevents an issue if HTTPS breaks, where there would be a failed attempt to verify HTTPS.
- *
- * @since 5.7.0
- * @access private
- *
- * @param array $request The cron request arguments.
- * @return array The filtered cron request arguments.
- */
-function wp_cron_conditionally_prevent_sslverify( $request ) {
-    if ( 'https' === wp_parse_url( $request['url'], PHP_URL_SCHEME ) ) {
-        $request['args']['sslverify'] = false;
-    }
-    return $request;
+    return $support_errors->errors;
 }