Make WordPress Core

#50309 closed defect (bug) (fixed)

sslverify option in wp_edit_theme_plugin_file method for homepage

Reported by: munyagu Owned by: SergeyBiryukov
Milestone: 5.5 Priority: normal
Severity: normal Version: 5.3
Component: Administration Keywords: has-patch
Focuses: Cc:


In WP5.3, option sslverify of wp_remote_get function set to false by default when making http request to local amin_url in wp_edit_theme_plugin_file function in wp-admin/includes/file.php is added.
However, it was not added to the homepage side.
I couldn't find the ticket for this change, and I couldn't find a reason why it wasn't added to the homepage side, but is there a reason?

Attachments (1)

50309.diff (710 bytes) - added by munyagu 18 months ago.

Download all attachments as: .zip

Change History (3)

18 months ago

#1 @SergeyBiryukov
18 months ago

  • Component changed from General to Administration
  • Keywords has-patch added
  • Milestone changed from Awaiting Review to 5.5

Hi there, welcome back to WordPress Trac! Thanks for the report.

Good catch, it looks like the second instance of wp_remote_get() was simply missed in [46230] / #47957.

Last edited 18 months ago by SergeyBiryukov (previous) (diff)

#2 @SergeyBiryukov
18 months ago

  • Owner set to SergeyBiryukov
  • Resolution set to fixed
  • Status changed from new to closed

In 47896:

File Editor: Don't verify SSL certificate when doing loopback requests for checking for fatal errors.

Previously, verification was disabled for the loopback request to the admin URL, but not to the home URL.

Follow-up to [46230].

Props munyagu.
Fixes #50309. See #47957.

Note: See TracTickets for help on using tickets.