sergiotarxz/Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

File Editor: Don't verify SSL certificate when doing loopback requests for checking for fatal errors.

Browse Source 
Props Clorith.
See #47957.

git-svn-id: https://develop.svn.wordpress.org/trunk@46230 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Dominik Schilling 2019-09-21 15:58:38 +00:00
parent cb076cab0d
commit e6ea695f5a
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/wp-admin/includes/file.php
View File

@ -518,6 +518,9 @@ function wp_edit_theme_plugin_file( $args ) {
'Cache-Control' => 'no-cache',
);
/** This filter is documented in wp-includes/class-wp-http-streams.php */
$sslverify = apply_filters( 'https_local_ssl_verify', false );
// Include Basic auth in loopback requests.
if ( isset( $_SERVER['PHP_AUTH_USER'] ) && isset( $_SERVER['PHP_AUTH_PW'] ) ) {
$headers['Authorization'] = 'Basic ' . base64_encode( wp_unslash( $_SERVER['PHP_AUTH_USER'] ) . ':' . wp_unslash( $_SERVER['PHP_AUTH_PW'] ) );
@ -547,7 +550,7 @@ function wp_edit_theme_plugin_file( $args ) {
$url = admin_url();
}
$url = add_query_arg( $scrape_params, $url );
$r = wp_remote_get( $url, compact( 'cookies', 'headers', 'timeout' ) );
$r = wp_remote_get( $url, compact( 'cookies', 'headers', 'timeout', 'sslverify' ) );
$body = wp_remote_retrieve_body( $r );
$scrape_result_position = strpos( $body, $needle_start );