Make WordPress Core

Opened 4 years ago

Closed 4 years ago

#50309 closed defect (bug) (fixed)

sslverify option in wp_edit_theme_plugin_file method for homepage

Reported by: munyagu's profile munyagu Owned by: sergeybiryukov's profile SergeyBiryukov
Milestone: 5.5 Priority: normal
Severity: normal Version: 5.3
Component: Administration Keywords: has-patch
Focuses: Cc:


In WP5.3, option sslverify of wp_remote_get function set to false by default when making http request to local amin_url in wp_edit_theme_plugin_file function in wp-admin/includes/file.php is added.
However, it was not added to the homepage side.
I couldn't find the ticket for this change, and I couldn't find a reason why it wasn't added to the homepage side, but is there a reason?

Attachments (1)

50309.diff (710 bytes) - added by munyagu 4 years ago.

Download all attachments as: .zip

Change History (3)

4 years ago

#1 @SergeyBiryukov
4 years ago

  • Component changed from General to Administration
  • Keywords has-patch added
  • Milestone changed from Awaiting Review to 5.5

Hi there, welcome back to WordPress Trac! Thanks for the report.

Good catch, it looks like the second instance of wp_remote_get() was simply missed in [46230] / #47957.

Last edited 4 years ago by SergeyBiryukov (previous) (diff)

#2 @SergeyBiryukov
4 years ago

  • Owner set to SergeyBiryukov
  • Resolution set to fixed
  • Status changed from new to closed

In 47896:

File Editor: Don't verify SSL certificate when doing loopback requests for checking for fatal errors.

Previously, verification was disabled for the loopback request to the admin URL, but not to the home URL.

Follow-up to [46230].

Props munyagu.
Fixes #50309. See #47957.

Note: See TracTickets for help on using tickets.