From 2ff224a04466b4d133dad4877e789d8042055edd Mon Sep 17 00:00:00 2001 From: Dion Hulse Date: Wed, 27 Sep 2017 07:59:14 +0000 Subject: [PATCH] Standardise on performing api.WordPress.org requests over SSL when possible, falling back to non-SSL when appropriate. This also standardises the `User-Agent` used when communicating with WordPress.org, allowing for more consistent version detection. Fixes #42004. git-svn-id: https://develop.svn.wordpress.org/trunk@41605 602fd350-edb4-49c9-b593-d223f7449a82 --- .../includes/class-wp-community-events.php | 13 +++++++++++-- src/wp-admin/includes/credits.php | 13 +++++++++++-- src/wp-admin/includes/dashboard.php | 14 +++++++++++--- src/wp-admin/includes/import.php | 9 +++++++-- src/wp-admin/includes/plugin-install.php | 4 ++++ src/wp-admin/includes/theme.php | 4 ++++ src/wp-includes/update.php | 4 ++-- 7 files changed, 50 insertions(+), 11 deletions(-) diff --git a/src/wp-admin/includes/class-wp-community-events.php b/src/wp-admin/includes/class-wp-community-events.php index 053d92db1a..a204f9cafe 100644 --- a/src/wp-admin/includes/class-wp-community-events.php +++ b/src/wp-admin/includes/class-wp-community-events.php @@ -92,8 +92,17 @@ class WP_Community_Events { return $cached_events; } - $api_url = 'https://api.wordpress.org/events/1.0/'; - $request_args = $this->get_request_args( $location_search, $timezone ); + // include an unmodified $wp_version + include( ABSPATH . WPINC . '/version.php' ); + + $api_url = 'http://api.wordpress.org/events/1.0/'; + $request_args = $this->get_request_args( $location_search, $timezone ); + $request_args['user-agent'] = 'WordPress/' . $wp_version . '; ' . home_url( '/' ); + + if ( wp_http_supports( array( 'ssl' ) ) ) { + $api_url = set_url_scheme( $api_url, 'https' ); + } + $response = wp_remote_get( $api_url, $request_args ); $response_code = wp_remote_retrieve_response_code( $response ); $response_body = json_decode( wp_remote_retrieve_body( $response ), true ); diff --git a/src/wp-admin/includes/credits.php b/src/wp-admin/includes/credits.php index 005858c384..ddc70a3db8 100644 --- a/src/wp-admin/includes/credits.php +++ b/src/wp-admin/includes/credits.php @@ -15,7 +15,9 @@ * @return array|false A list of all of the contributors, or false on error. */ function wp_credits() { - $wp_version = get_bloginfo( 'version' ); + // include an unmodified $wp_version + include( ABSPATH . WPINC . '/version.php' ); + $locale = get_user_locale(); $results = get_site_transient( 'wordpress_credits_' . $locale ); @@ -24,7 +26,14 @@ function wp_credits() { || false !== strpos( $wp_version, '-' ) || ( isset( $results['data']['version'] ) && strpos( $wp_version, $results['data']['version'] ) !== 0 ) ) { - $response = wp_remote_get( "http://api.wordpress.org/core/credits/1.1/?version={$wp_version}&locale={$locale}" ); + $url = "http://api.wordpress.org/core/credits/1.1/?version={$wp_version}&locale={$locale}"; + $options = array( 'user-agent' => 'WordPress/' . $wp_version . '; ' . home_url( '/' ) ); + + if ( wp_http_supports( array( 'ssl' ) ) ) { + $url = set_url_scheme( $url, 'https' ); + } + + $response = wp_remote_get( $url, $options ); if ( is_wp_error( $response ) || 200 != wp_remote_retrieve_response_code( $response ) ) return false; diff --git a/src/wp-admin/includes/dashboard.php b/src/wp-admin/includes/dashboard.php index ec1f03afb1..688e409896 100644 --- a/src/wp-admin/includes/dashboard.php +++ b/src/wp-admin/includes/dashboard.php @@ -1509,12 +1509,20 @@ function wp_check_browser_version() { $key = md5( $_SERVER['HTTP_USER_AGENT'] ); if ( false === ($response = get_site_transient('browser_' . $key) ) ) { + // include an unmodified $wp_version + include( ABSPATH . WPINC . '/version.php' ); + + $url = 'http://api.wordpress.org/core/browse-happy/1.1/'; $options = array( - 'body' => array( 'useragent' => $_SERVER['HTTP_USER_AGENT'] ), - 'user-agent' => 'WordPress/' . get_bloginfo( 'version' ) . '; ' . home_url() + 'body' => array( 'useragent' => $_SERVER['HTTP_USER_AGENT'] ), + 'user-agent' => 'WordPress/' . $wp_version . '; ' . home_url( '/' ) ); - $response = wp_remote_post( 'http://api.wordpress.org/core/browse-happy/1.1/', $options ); + if ( wp_http_supports( array( 'ssl' ) ) ) { + $url = set_url_scheme( $url, 'https' ); + } + + $response = wp_remote_post( $url, $options ); if ( is_wp_error( $response ) || 200 != wp_remote_retrieve_response_code( $response ) ) return false; diff --git a/src/wp-admin/includes/import.php b/src/wp-admin/includes/import.php index 0d534422c2..ca12dfa8f0 100644 --- a/src/wp-admin/includes/import.php +++ b/src/wp-admin/includes/import.php @@ -131,10 +131,15 @@ function wp_get_popular_importers() { if ( ! $popular_importers ) { $url = add_query_arg( array( - 'locale' => get_user_locale(), + 'locale' => $locale, 'version' => $wp_version, ), 'http://api.wordpress.org/core/importers/1.1/' ); - $options = array( 'user-agent' => 'WordPress/' . $wp_version . '; ' . home_url() ); + $options = array( 'user-agent' => 'WordPress/' . $wp_version . '; ' . home_url( '/' ) ); + + if ( wp_http_supports( array( 'ssl' ) ) ) { + $url = set_url_scheme( $url, 'https' ); + } + $response = wp_remote_get( $url, $options ); $popular_importers = json_decode( wp_remote_retrieve_body( $response ), true ); diff --git a/src/wp-admin/includes/plugin-install.php b/src/wp-admin/includes/plugin-install.php index 6b71832a09..1714acda71 100644 --- a/src/wp-admin/includes/plugin-install.php +++ b/src/wp-admin/includes/plugin-install.php @@ -141,12 +141,16 @@ function plugins_api( $action, $args = array() ) { $res = apply_filters( 'plugins_api', false, $action, $args ); if ( false === $res ) { + // include an unmodified $wp_version + include( ABSPATH . WPINC . '/version.php' ); + $url = $http_url = 'http://api.wordpress.org/plugins/info/1.0/'; if ( $ssl = wp_http_supports( array( 'ssl' ) ) ) $url = set_url_scheme( $url, 'https' ); $http_args = array( 'timeout' => 15, + 'user-agent' => 'WordPress/' . $wp_version . '; ' . home_url( '/' ), 'body' => array( 'action' => $action, 'request' => serialize( $args ) diff --git a/src/wp-admin/includes/theme.php b/src/wp-admin/includes/theme.php index c5de5e5c9c..9da33032f5 100644 --- a/src/wp-admin/includes/theme.php +++ b/src/wp-admin/includes/theme.php @@ -448,11 +448,15 @@ function themes_api( $action, $args = array() ) { $res = apply_filters( 'themes_api', false, $action, $args ); if ( ! $res ) { + // include an unmodified $wp_version + include( ABSPATH . WPINC . '/version.php' ); + $url = $http_url = 'http://api.wordpress.org/themes/info/1.0/'; if ( $ssl = wp_http_supports( array( 'ssl' ) ) ) $url = set_url_scheme( $url, 'https' ); $http_args = array( + 'user-agent' => 'WordPress/' . $wp_version . '; ' . home_url( '/' ), 'body' => array( 'action' => $action, 'request' => serialize( $args ) diff --git a/src/wp-includes/update.php b/src/wp-includes/update.php index f25e644d62..f178470a36 100644 --- a/src/wp-includes/update.php +++ b/src/wp-includes/update.php @@ -301,7 +301,7 @@ function wp_update_plugins( $extra_stats = array() ) { 'locale' => wp_json_encode( $locales ), 'all' => wp_json_encode( true ), ), - 'user-agent' => 'WordPress/' . $wp_version . '; ' . get_bloginfo( 'url' ) + 'user-agent' => 'WordPress/' . $wp_version . '; ' . home_url( '/' ) ); if ( $extra_stats ) { @@ -479,7 +479,7 @@ function wp_update_themes( $extra_stats = array() ) { 'translations' => wp_json_encode( $translations ), 'locale' => wp_json_encode( $locales ), ), - 'user-agent' => 'WordPress/' . $wp_version . '; ' . get_bloginfo( 'url' ) + 'user-agent' => 'WordPress/' . $wp_version . '; ' . home_url( '/' ) ); if ( $extra_stats ) {