From 051aa92e3dc149b6e363d5206a53c9eac973d305 Mon Sep 17 00:00:00 2001 From: flixos90 Date: Tue, 2 Feb 2021 00:08:01 +0000 Subject: [PATCH] Security, Site Health: Make migrating a site to HTTPS a one-click interaction. Switching a WordPress site from HTTP to HTTPS has historically been a tedious task. While on the surface the Site Address and WordPress Address have to be updated, existing content still remains using HTTP URLs where hard-coded in the database. Furthermore, updating _two_ URLs to migrate to HTTPS is still a fairly unintuitive step which is not clearly explained. This changeset simplifies migration from HTTP to HTTPS and, where possible, makes it a one-click interaction. * Automatically replace insecure versions of the Site Address (`home_url()`) with its HTTPS counterpart on the fly if the site has been migrated from HTTP to HTTPS. This is accomplished by introducing a `https_migration_required` option and enabling it when the `home_url()` is accordingly changed. * A new `wp_replace_insecure_home_url()` function is hooked into various pieces of content to replace URLs accordingly. * The migration only kicks in when the Site Address (`home_url()`) and WordPress Address (`site_url()`) match, which is the widely common case. Configurations where these differ are often maintained by more advanced users, where this migration routine would be less essential - something to potentially iterate on in the future though. * The migration does not actually update content in the database. More savvy users that prefer to do that can prevent the migration logic from running by either deleting the `https_migration_required` option or using the new `wp_should_replace_insecure_home_url` filter. * For fresh sites that do not have any content yet at the point of changing the URLs to HTTPS, the migration will also be skipped since it would not be relevant. * Expose a primary action in the Site Health recommendation, if HTTPS is already supported by the environment, built on top of the HTTPS detection mechanism from [49904]. When clicked, the default behavior is to update `home_url()` and `site_url()` in one go to their HTTPS counterpart. * A new `wp_update_urls_to_https()` function takes care of the update routine. * A new `update_https` meta capability is introduced to control access. * If the site's URLs are controlled by constants, this update is not automatically possible, so in these scenarios the user is informed about that in the HTTPS status check in Site Health. * Allow hosting providers to modify the URLs linked to in the HTTPS status check in Site Health, similar to how that is possible for the URLs around updating the PHP version. * A `WP_UPDATE_HTTPS_URL` environment variable or `wp_update_https_url` filter can be used to provide a custom URL with guidance about updating the site to use HTTPS. * A `WP_DIRECT_UPDATE_HTTPS_URL` environment variable or `wp_direct_update_https_url` filter can be used to provide a custom URL for the primary CTA to update the site to use HTTPS. Props flixos90, timothyblynjacobs. Fixes #51437. git-svn-id: https://develop.svn.wordpress.org/trunk@50131 602fd350-edb4-49c9-b593-d223f7449a82 --- .../includes/class-wp-site-health.php | 63 ++++-- src/wp-admin/site-health.php | 33 ++++ src/wp-includes/capabilities.php | 8 + src/wp-includes/default-filters.php | 8 + src/wp-includes/functions.php | 85 +++++++++ src/wp-includes/https-migration.php | 140 ++++++++++++++ src/wp-settings.php | 1 + tests/phpunit/tests/https-migration.php | 180 ++++++++++++++++++ tests/phpunit/tests/user/capabilities.php | 2 + 9 files changed, 508 insertions(+), 12 deletions(-) create mode 100644 src/wp-includes/https-migration.php create mode 100644 tests/phpunit/tests/https-migration.php diff --git a/src/wp-admin/includes/class-wp-site-health.php b/src/wp-admin/includes/class-wp-site-health.php index 9d3a455f23..c2f10fa72d 100644 --- a/src/wp-admin/includes/class-wp-site-health.php +++ b/src/wp-admin/includes/class-wp-site-health.php @@ -1502,6 +1502,8 @@ class WP_Site_Health { // always rely on the latest results. wp_update_https_detection_errors(); + $default_update_url = wp_get_default_update_https_url(); + $result = array( 'label' => __( 'Your website is using an active HTTPS connection' ), 'status' => 'good', @@ -1514,9 +1516,8 @@ class WP_Site_Health { __( 'An HTTPS connection is a more secure way of browsing the web. Many services now have HTTPS as a requirement. HTTPS allows you to take advantage of new features that can increase site speed, improve search rankings, and gain the trust of your visitors by helping to protect their online privacy.' ) ), 'actions' => sprintf( - '

%s %s

', - /* translators: Documentation explaining HTTPS and why it should be used. */ - esc_url( __( 'https://wordpress.org/support/article/why-should-i-use-https/' ) ), + '

%s %s

', + esc_url( $default_update_url ), __( 'Learn more about why you should use HTTPS' ), /* translators: Accessibility text. */ __( '(opens in a new tab)' ) @@ -1580,16 +1581,54 @@ class WP_Site_Health { __( 'HTTPS is already supported for your website.' ) ); - $result['actions'] = sprintf( - '

%s

', - esc_url( admin_url( 'options-general.php' ) ), - __( 'Update your site addresses' ) - ); + if ( defined( 'WP_HOME' ) || defined( 'WP_SITEURL' ) ) { + $result['description'] .= sprintf( + '

%s

', + sprintf( + /* translators: 1: wp-config.php, 2: WP_HOME, 3: WP_SITEURL */ + __( 'However, your WordPress Address is currently controlled by a PHP constant and therefore cannot be updated. You need to edit your %1$s and remove or update the definitions of %2$s and %3$s.' ), + 'wp-config.php', + 'WP_HOME', + 'WP_SITEURL' + ) + ); + } elseif ( current_user_can( 'update_https' ) ) { + $default_direct_update_url = add_query_arg( 'action', 'update_https', wp_nonce_url( admin_url( 'site-health.php' ), 'wp_update_https' ) ); + $direct_update_url = wp_get_direct_update_https_url(); + + if ( ! empty( $direct_update_url ) ) { + $result['actions'] = sprintf( + '

%2$s %3$s

', + esc_url( $direct_update_url ), + __( 'Update your site to use HTTPS' ), + /* translators: Accessibility text. */ + __( '(opens in a new tab)' ) + ); + } else { + $result['actions'] = sprintf( + '

%2$s

', + esc_url( $default_direct_update_url ), + __( 'Update your site to use HTTPS' ) + ); + } + } } else { - $result['description'] .= sprintf( - '

%s

', - __( 'Talk to your web host about supporting HTTPS for your website.' ) - ); + // If host-specific "Update HTTPS" URL is provided, include a link. + $update_url = wp_get_update_https_url(); + if ( $update_url !== $default_update_url ) { + $result['description'] .= sprintf( + '

%s %s

', + esc_url( $update_url ), + __( 'Talk to your web host about supporting HTTPS for your website.' ), + /* translators: Accessibility text. */ + __( '(opens in a new tab)' ) + ); + } else { + $result['description'] .= sprintf( + '

%s

', + __( 'Talk to your web host about supporting HTTPS for your website.' ) + ); + } } } elseif ( ! wp_is_https_supported() ) { // If the website is using HTTPS, but HTTPS is actually not supported, inform the user about the potential diff --git a/src/wp-admin/site-health.php b/src/wp-admin/site-health.php index b7cc728ef6..be81b957b3 100644 --- a/src/wp-admin/site-health.php +++ b/src/wp-admin/site-health.php @@ -14,6 +14,8 @@ if ( isset( $_GET['tab'] ) && 'debug' === $_GET['tab'] ) { /** WordPress Administration Bootstrap */ require_once __DIR__ . '/admin.php'; +wp_reset_vars( array( 'action' ) ); + $title = __( 'Site Health Status' ); if ( ! current_user_can( 'view_site_health_checks' ) ) { @@ -27,6 +29,23 @@ if ( ! class_exists( 'WP_Site_Health' ) ) { require_once ABSPATH . 'wp-admin/includes/class-wp-site-health.php'; } +if ( 'update_https' === $action ) { + check_admin_referer( 'wp_update_https' ); + + if ( ! current_user_can( 'update_https' ) ) { + wp_die( __( 'Sorry, you are not allowed to update this site to HTTPS.' ), 403 ); + } + + if ( ! wp_is_https_supported() ) { + wp_die( __( 'It looks like HTTPS is not supported for your website at this point.' ) ); + } + + $result = wp_update_urls_to_https(); + + wp_redirect( add_query_arg( 'https_updated', (int) $result, wp_get_referer() ) ); + exit; +} + $health_check_site_status = WP_Site_Health::get_instance(); // Start by checking if this is a special request checking for the existence of certain filters. @@ -41,6 +60,20 @@ require_once ABSPATH . 'wp-admin/admin-header.php'; + +

+ +

+ +

This is a link.

+ + + + + + '; + + $http_content = sprintf( $content, $http_url, wp_json_encode( $http_block_data ), $http_block_data['url'] ); + $https_content = sprintf( $content, $https_url, wp_json_encode( $https_block_data ), $https_block_data['url'] ); + + // Replaces URLs, including its encoded variant. + add_filter( 'wp_should_replace_insecure_home_url', '__return_true' ); + $this->assertEquals( $https_content, wp_replace_insecure_home_url( $http_content ) ); + + // Does not replace anything if determined as unnecessary. + add_filter( 'wp_should_replace_insecure_home_url', '__return_false' ); + $this->assertEquals( $http_content, wp_replace_insecure_home_url( $http_content ) ); + } + + /** + * @ticket 51437 + */ + public function test_wp_update_urls_to_https() { + remove_all_filters( 'option_home' ); + remove_all_filters( 'option_siteurl' ); + remove_all_filters( 'home_url' ); + remove_all_filters( 'site_url' ); + + $http_url = 'http://example.org'; + $https_url = 'https://example.org'; + + // Set up options to use HTTP URLs. + update_option( 'home', $http_url ); + update_option( 'siteurl', $http_url ); + + // Update URLs to HTTPS (successfully). + $this->assertTrue( wp_update_urls_to_https() ); + $this->assertEquals( $https_url, get_option( 'home' ) ); + $this->assertEquals( $https_url, get_option( 'siteurl' ) ); + + // Switch options back to use HTTP URLs, but now add filter to + // force option value which will make the update irrelevant. + update_option( 'home', $http_url ); + update_option( 'siteurl', $http_url ); + $this->force_option( 'home', $http_url ); + + // Update URLs to HTTPS. While the update technically succeeds, it does not take effect due to the enforced + // option. Therefore the change is expected to be reverted. + $this->assertFalse( wp_update_urls_to_https() ); + $this->assertEquals( $http_url, get_option( 'home' ) ); + $this->assertEquals( $http_url, get_option( 'siteurl' ) ); + } + + /** + * @ticket 51437 + */ + public function test_wp_update_https_migration_required() { + // Changing HTTP to HTTPS on a site with content should result in flag being set, requiring migration. + update_option( 'fresh_site', '0' ); + wp_update_https_migration_required( 'http://example.org', 'https://example.org' ); + $this->assertEquals( '1', get_option( 'https_migration_required' ) ); + + // Changing another part than the scheme should delete/reset the flag because changing those parts (e.g. the + // domain) can have further implications. + wp_update_https_migration_required( 'http://example.org', 'https://another-example.org' ); + $this->assertFalse( get_option( 'https_migration_required' ) ); + + // Changing HTTP to HTTPS on a site without content should result in flag being set, but not requiring migration. + update_option( 'fresh_site', '1' ); + wp_update_https_migration_required( 'http://example.org', 'https://example.org' ); + $this->assertEquals( '', get_option( 'https_migration_required' ) ); + + // Changing (back) from HTTPS to HTTP should delete/reset the flag. + wp_update_https_migration_required( 'https://example.org', 'http://example.org' ); + $this->assertFalse( get_option( 'https_migration_required' ) ); + } + + /** + * @ticket 51437 + */ + public function test_wp_should_replace_insecure_home_url_integration() { + // Setup (a site on HTTP, with existing content). + remove_all_filters( 'option_home' ); + remove_all_filters( 'option_siteurl' ); + remove_all_filters( 'home_url' ); + remove_all_filters( 'site_url' ); + $http_url = 'http://example.org'; + $https_url = 'https://example.org'; + update_option( 'home', $http_url ); + update_option( 'siteurl', $http_url ); + update_option( 'fresh_site', '0' ); + + // Should return false when URLs are HTTP. + $this->assertFalse( wp_should_replace_insecure_home_url() ); + + // Should still return false because only one of the two URLs was updated to its HTTPS counterpart. + update_option( 'home', $https_url ); + $this->assertFalse( wp_should_replace_insecure_home_url() ); + + // Should return true because now both URLs are updated to their HTTPS counterpart. + update_option( 'siteurl', $https_url ); + $this->assertTrue( wp_should_replace_insecure_home_url() ); + + // Should return false because the domains of 'home' and 'siteurl' do not match, and we shouldn't make any + // assumptions about such special cases. + update_option( 'siteurl', 'https://wp.example.org' ); + $this->assertFalse( wp_should_replace_insecure_home_url() ); + } + + private function force_wp_is_using_https( $enabled ) { + $scheme = $enabled ? 'https' : 'http'; + + $replace_scheme = function( $url ) use ( $scheme ) { + return str_replace( array( 'http://', 'https://' ), $scheme . '://', $url ); + }; + + add_filter( 'home_url', $replace_scheme, 99 ); + add_filter( 'site_url', $replace_scheme, 99 ); + } + + private function force_option( $option, $value ) { + add_filter( + "option_$option", + function() use ( $value ) { + return $value; + } + ); + } +} diff --git a/tests/phpunit/tests/user/capabilities.php b/tests/phpunit/tests/user/capabilities.php index 1675a34047..758276a2fa 100644 --- a/tests/phpunit/tests/user/capabilities.php +++ b/tests/phpunit/tests/user/capabilities.php @@ -270,6 +270,7 @@ class Tests_User_Capabilities extends WP_UnitTestCase { 'update_languages' => array( 'administrator' ), 'deactivate_plugins' => array( 'administrator' ), 'update_php' => array( 'administrator' ), + 'update_https' => array( 'administrator' ), 'export_others_personal_data' => array( 'administrator' ), 'erase_others_personal_data' => array( 'administrator' ), 'manage_privacy_options' => array( 'administrator' ), @@ -305,6 +306,7 @@ class Tests_User_Capabilities extends WP_UnitTestCase { 'update_languages' => array(), 'deactivate_plugins' => array(), 'update_php' => array(), + 'update_https' => array(), 'export_others_personal_data' => array( '' ), 'erase_others_personal_data' => array( '' ), 'manage_privacy_options' => array(),