Make WordPress Core

Opened 2 years ago

Closed 23 months ago

#57017 closed enhancement (fixed)

Non secure links needs to be replaced with the secure ones.

Reported by: haritpanchal's profile haritpanchal Owned by: audrasjb's profile audrasjb
Milestone: 6.2 Priority: low
Severity: trivial Version:
Component: General Keywords: has-patch
Focuses: docs, coding-standards Cc:

Description

I came across the file where two non-secure links were added even if the secure links are active on the web.

Attachments (5)

57017.patch (722 bytes) - added by haritpanchal 2 years ago.
Patch added
57027.patch (729 bytes) - added by rajeshraval786 2 years ago.
Patch added for same link changes.
57028.patch (491 bytes) - added by hiren1094 2 years ago.
Patch added for this "https://core.trac.wordpress.org/ticket/57028" tickit
57029.patch (4.2 KB) - added by krunal265 2 years ago.
patch added.
57017.diff (1.7 KB) - added by itpathsolutions 2 years ago.
Patch added

Download all attachments as: .zip

Change History (49)

@haritpanchal
2 years ago

Patch added

#1 @audrasjb
2 years ago

  • Keywords commit added
  • Milestone changed from Awaiting Review to 6.2
  • Owner set to audrasjb
  • Status changed from new to accepted

Thanks for the ticket and patch.
Self assigning for commit.

#2 @audrasjb
2 years ago

  • Resolution set to fixed
  • Status changed from accepted to closed

In 54759:

Docs: Replace HTTP links with HTTPS in class-json.php docblocks.

Props haritpanchal.
Fixes #57017.
See #56792.

#3 @audrasjb
2 years ago

There is a similar link to http://www.opensource.org/licenses/bsd-license.php in class-IXR.php. Would be nice to address them all at once.

#4 @audrasjb
2 years ago

  • Keywords commit removed

No need to open a new ticket, we can simply add a PR in this one to address the remaining occurrences.

#5 @audrasjb
2 years ago

  • Resolution fixed deleted
  • Status changed from closed to reopened
  • Type changed from enhancement to task (blessed)

Reopening and converting to a task to address other similar issues.

#6 @audrasjb
2 years ago

#57027 was marked as a duplicate.

This ticket was mentioned in Slack in #core by audrasjb. View the logs.


2 years ago

#8 @audrasjb
2 years ago

#57028 was marked as a duplicate.

@rajeshraval786
2 years ago

Patch added for same link changes.

@hiren1094
2 years ago

Patch added for this "https://core.trac.wordpress.org/ticket/57028" tickit

@krunal265
2 years ago

patch added.

#9 @rudlinkon
2 years ago

#57029 was marked as a duplicate.

#10 @audrasjb
2 years ago

@krunal265 Just noting that 57029.patch shouldn't be committed directly to core.

As per #57029, comment 3:

SimplePie is an external library, and this should be reported upstream directly to them: https://github.com/simplepie/simplepie

Last edited 2 years ago by audrasjb (previous) (diff)

#11 @audrasjb
2 years ago

In 54775:

Docs: Replace HTTP links with HTTPS in class-pop3.php docblocks and JS vendor readme file.

Props rajeshraval786, hiren1094.
See #57017, #56792.

@itpathsolutions
2 years ago

Patch added

#12 follow-up: @itpathsolutions
2 years ago

  • Version set to 6.1

@audrasjb

Replaced HTTP links with HTTPS in IRI.php, IPv6.php, class-IXR.php files.

Last edited 2 years ago by itpathsolutions (previous) (diff)

#13 follow-up: @rudlinkon
2 years ago

Thank you @itpathsolutions for the patch but you set the version to 6.1 which is incorrect.

#14 follow-up: @haritpanchal
2 years ago

@itpathsolutions The patch has been added already.

#15 in reply to: ↑ 13 ; follow-up: @itpathsolutions
2 years ago

Replying to rudlinkon:

Thank you @itpathsolutions for the patch but you set the version to 6.1 which is incorrect.

@rudlinkon There is no any options to choose wordpress version 6.2.

#16 in reply to: ↑ 14 ; follow-up: @itpathsolutions
2 years ago

Replying to haritpanchal:

@itpathsolutions The patch has been added already.

@haritpanchal It's a different patch with different files. We Replaced HTTP links with HTTPS in IRI.php, IPv6.php, class-IXR.php files.

#17 in reply to: ↑ 15 ; follow-up: @rudlinkon
2 years ago

Replying to itpathsolutions:

Replying to rudlinkon:

Thank you @itpathsolutions for the patch but you set the version to 6.1 which is incorrect.

@rudlinkon There is no any options to choose wordpress version 6.2.

Actually, you have to choose the version number where the issue has appeared from.

#18 in reply to: ↑ 17 @itpathsolutions
2 years ago

Replying to rudlinkon:

Replying to itpathsolutions:

Replying to rudlinkon:

Thank you @itpathsolutions for the patch but you set the version to 6.1 which is incorrect.

@rudlinkon There is no any options to choose wordpress version 6.2.

Actually, you have to choose the version number where the issue has appeared from.

@rudlinkon The issue was reproduced on WordPress version 6.1, that's why we added a version 6.1.

#19 in reply to: ↑ 16 @haritpanchal
2 years ago

Replying to itpathsolutions: Okay, got it. Thanks!

Replying to haritpanchal:

@itpathsolutions The patch has been added already.

@haritpanchal It's a different patch with different files. We Replaced HTTP links with HTTPS in IRI.php, IPv6.php, class-IXR.php files.

#20 follow-up: @audrasjb
2 years ago

  • Version 6.1 deleted

Removing version 6.1 as it is not the version the issue was introduced :)

Better to keep it empty since those strings were introduced at various moments.

(see this handbook page for more details about the "Version" field)

#21 in reply to: ↑ 20 @rudlinkon
2 years ago

Replying to audrasjb:

Removing version 6.1 as it is not the version the issue was introduced :)

Better to keep it empty since those strings were introduced at various moments.

(see this handbook page for more details about the "Version" field)

Great, thank you @audrasjb

@mukesh27 commented on PR #3652:


2 years ago
#24

@SergeyBiryukov can you plz re-run the job?

@wpfy commented on PR #3652:


2 years ago
#25

Thanks @akramulhasan PR looks good to me.

Thank you so much. You are most welcome!

@audrasjb commented on PR #3652:


2 years ago
#26

I restarted failed jobs.

#27 @audrasjb
2 years ago

  • Keywords changes-requested added

Hi there,

Tests are failing for a good reason: the "URL" used as a value for the xmlns attribute inside SVG images shouldn't be changed to https. It's not really a URL, it's a namespace that looks like a URL. It must be written as it, with http and not https.

@wpfy commented on PR #3652:


2 years ago
#28

Hi @audrasjb , thanks for your feedback.
I have made the changes. All the namespace is now HTTP
What should I do now.
I am not sure, should I create another Pull Request or how my changes will be reached in place.

@rudlinkon commented on PR #3652:


2 years ago
#29

Thank you @akramulhasan for your changes. @audrasjb can you please run the job again?

@wpfy commented on PR #3652:


2 years ago
#30

Thank you @akramulhasan for your changes. @audrasjb can you please run the job again?

Thanks bro

#31 @flixos90
2 years ago

  • Focuses performance removed

Removing performance focus here since this appears to be unrelated and rather about security.

This ticket was mentioned in Slack in #core by costdev. View the logs.


2 years ago

#33 @johnbillion
2 years ago

  • Component changed from General to Bundled Theme

#34 @azaozz
2 years ago

  • Type changed from task (blessed) to enhancement

This ticket seems to be about some documentation enhancements, to change http:// to https:// in links. As such it doesn't need to be a "Task", can be committed at any time even during RC :)

#35 in reply to: ↑ 12 @audrasjb
2 years ago

  • Component changed from Bundled Theme to General
  • Focuses docs added
  • Keywords changes-requested removed
  • Priority changed from normal to low
  • Severity changed from normal to trivial

Replying to itpathsolutions:

@audrasjb

Replaced HTTP links with HTTPS in IRI.php, IPv6.php, class-IXR.php files.

@itpathsolutions sorry but the changes proposed in 57017.diff are on an external library, so this should be proposed upstream on the Requests lib: https://github.com/WordPress/Requests

Therefore, this patch is invalid. Thanks for the patch though!

Now, I'll be going through other patches :)

#36 @audrasjb
2 years ago

@krunal265 57029.patch (Diff API) doesn't look ok to go as it replaces the URL with a 404 one.

#38 @audrasjb
2 years ago

In 55356:

Docs: Replace HTTP with HTTPS in PHP Manual links located in WP_Privacy_Policy_Content class.

Follow-up to [55355].

See #56792, #57017.

@audrasjb commented on PR #3652:


2 years ago
#39

Tests are failing because they this changeset is probably touching some files that need to be build.
Also, it misses more occurrences in readme.txt files. It would be nice to propose a new PR, and to attach it to a specific ticket to replace http links with https specifically on bundled themes. @akramulhasan, would you like to propose a new ticket for this, so it can be handled specifically?

Thanks!

@wpfy commented on PR #3652:


2 years ago
#40

Hi @audrasjb , thanks for the update. I will do it asap.

This ticket was mentioned in Slack in #core by mukeshpanchal27. View the logs.


2 years ago

This ticket was mentioned in Slack in #core by costdev. View the logs.


2 years ago

This ticket was mentioned in Slack in #core by mukeshpanchal27. View the logs.


23 months ago

#44 @audrasjb
23 months ago

  • Resolution set to fixed
  • Status changed from reopened to closed

As there is currently no patch ready to ship, let's close this as fixed for 6.2 release cycle.

Other occurrences can be addressed in a follow-up ticket during the next release cycle.

Thanks everyone!

Note: See TracTickets for help on using tickets.