WordPress 6.4 wp_remote_get (cURL error 28: Operation timed out)

[cenkdemir]

Hello,

WordPress 6.4 update caused wp_remote_get to give "cURL error 28: Operation timed out" errors.

I tested on two fresh WordPress installations.

How to reproduce:

functions.php:

$request = wp_remote_get( 'https://example.com/test.json' );
var_dump($request);

WordPress 6.4:

object(WP_Error)#4571 (3) { ["errors"]=> array(1) { ["http_request_failed"]=> array(1) { [0]=> string(95) "cURL error 28: Operation timed out after 5001 milliseconds with 2050 out of 2766 bytes received" } } ["error_data"]=> array(0) { } ["additional_data":protected]=> array(0) { } } 

WordPress 6.3.2:
valid json data in 1 sec

PHP 7.4

[cenkdemir]

More info:

If the json file is bigger than 2048 bytes:
cURL error 28: Operation timed out after 5001 milliseconds with 2050 out of 2051 bytes received

[nexflaszlo]

This issue should be critical. 6.4 updated the Requests library version which included a breaking change for anyone running on a host with curl version 7.29 (at least).

See ​https://github.com/WordPress/Requests/issues/838

[schlessera]

Copied from ​https://github.com/WordPress/Requests/issues/838#issuecomment-1802386711:

Given the impact, this should be hotfixed right away in WP Core (not waiting for a Requests release) and then we need to talk to the WP systems team to see how we can get that hotfix onto the running systems. I assume that this might be something that can be fixed at the server level for api.wordpress.org.

[cenkdemir]

*BACKUP FIRST*

If you need to bulk update Curl.php for multiple WordPress instances:

fix_wp_curl.sh:

 /bin/bash

# Define the pattern to search for and the replacement string
search_for="if (\$this->version < self::CURL_7_22_0 && !isset(\$headers\['Connection'\])) {"
replace_with="if (!isset(\$headers['Connection'])) {"

# Define the path to the Curl.php files relative to the WordPress installations
relative_path="wp-includes/Requests/src/Transport/Curl.php"

# Find all Curl.php files under the specified directory
# Usually, WordPress installations are under /var/www/vhosts/ in Plesk
find /var/www/vhosts/ -type f -name "Curl.php" | while read file; do
    # Check if the file contains the string we want to replace
    if grep -q "$search_for" "$file"; then
        # Take a backup of the original file
        cp "$file" "$file.bak"
        
        # Replace the string
        sed -i "s/$search_for/$replace_with/" "$file"
        
        # Output the file path that was changed
        echo "Modified: $file"
    else
        # Output the file path that was not changed because the pattern was not found
        echo "Pattern not found, not modified: $file"
    fi
done

# Script complete message
echo "All matching instances have been updated."

[hellofromTonya]

Moving into 6.4.1.

Currently being discussed in Make/Core slack #core channel.

[schlessera]

A hotfix release for Requests was published: ​https://github.com/WordPress/Requests/releases/tag/v2.0.9

[desrosj]

In 57086:

External Libraries: Update Requests to 2.0.9.

This updates the Requests library from version 2.0.8 to 2.0.9. This is a hotfix release.

Props jorbin, hellofromTonya, desrosj, barry, cenkdemir, nexflaszlo, schlessera, jrf, Clorith, tomsommer, azaozz, pbiron, afragen, howdy_mcgee.
Fixes #59842.

[jorbin]

Reopen for backport considersation

[azaozz]

+1 to backport too.

[jorbin]

In 57088:

External Libraries: Update Requests to 2.0.9.

This updates the Requests library from version 2.0.8 to 2.0.9. This is a hotfix release.

Reviewed by jorbin, desrosj.
Merges [57086] to 6.4 branch.

Props jorbin, hellofromTonya, desrosj, barry, cenkdemir, nexflaszlo, schlessera, jrf, Clorith, tomsommer, azaozz, pbiron, afragen, howdy_mcgee.
Fixes #59842.

[jorbin]

#59848 was marked as a duplicate.