Security: remove the cron event that checked for https support.

Fix an issue where a cron job ran every 12 hours to check for https support - even when https support was already enabled. The check is now run only when the user visits the Site Health page. Reducing the unneeded requests lowers the impact and load of hosting WordPress sites. The `wp_update_https_detection_errors` function is deprecated and the `https_detection_errors` option that was previously set by the cron job is no longer maintained. The `pre_wp_update_https_detection_errors` filter is deprecated and replaced by the `pre_wp_get_https_detection_errors` filter which serves the same function. Props audrasjb, johnbillion, Michi91. Fixes #58494. git-svn-id: https://develop.svn.wordpress.org/trunk@56664 602fd350-edb4-49c9-b593-d223f7449a82
2026-04-16 10:34:26 +00:00 · 2023-09-22 19:06:45 +00:00
parent b891120f8b
commit 9608dd5f69
6 changed files with 53 additions and 165 deletions
--- a/tests/phpunit/tests/https-detection.php
+++ b/tests/phpunit/tests/https-detection.php
@@ -54,122 +54,6 @@ class Tests_HTTPS_Detection extends WP_UnitTestCase {
 		$this->assertFalse( wp_is_https_supported() );
 	}

-	/**
-	 * @ticket 47577
-	 * @ticket 52484
-	 */
-	public function test_wp_update_https_detection_errors() {
-		// Set HTTP URL, the request below should use its HTTPS version.
-		update_option( 'home', 'http://example.com/' );
-		add_filter( 'pre_http_request', array( $this, 'record_request_url' ), 10, 3 );
-
-		// If initial request succeeds, all good.
-		add_filter( 'pre_http_request', array( $this, 'mock_success_with_sslverify' ), 10, 2 );
-		wp_update_https_detection_errors();
-		$this->assertSame( array(), get_option( 'https_detection_errors' ) );
-
-		// If initial request fails and request without SSL verification succeeds,
-		// return 'ssl_verification_failed' error.
-		add_filter( 'pre_http_request', array( $this, 'mock_error_with_sslverify' ), 10, 2 );
-		add_filter( 'pre_http_request', array( $this, 'mock_success_without_sslverify' ), 10, 2 );
-		wp_update_https_detection_errors();
-		$this->assertSame(
-			array( 'ssl_verification_failed' => array( __( 'SSL verification failed.' ) ) ),
-			get_option( 'https_detection_errors' )
-		);
-
-		// If both initial request and request without SSL verification fail,
-		// return 'https_request_failed' error.
-		add_filter( 'pre_http_request', array( $this, 'mock_error_with_sslverify' ), 10, 2 );
-		add_filter( 'pre_http_request', array( $this, 'mock_error_without_sslverify' ), 10, 2 );
-		wp_update_https_detection_errors();
-		$this->assertSame(
-			array( 'https_request_failed' => array( __( 'HTTPS request failed.' ) ) ),
-			get_option( 'https_detection_errors' )
-		);
-
-		// If request succeeds, but response is not 200, return error with
-		// 'bad_response_code' error code.
-		add_filter( 'pre_http_request', array( $this, 'mock_not_found' ), 10, 2 );
-		wp_update_https_detection_errors();
-		$this->assertSame(
-			array( 'bad_response_code' => array( 'Not Found' ) ),
-			get_option( 'https_detection_errors' )
-		);
-
-		// If request succeeds, but response was not generated by this
-		// WordPress site, return error with 'bad_response_source' error code.
-		add_filter( 'pre_http_request', array( $this, 'mock_bad_source' ), 10, 2 );
-		wp_update_https_detection_errors();
-		$this->assertSame(
-			array( 'bad_response_source' => array( 'It looks like the response did not come from this site.' ) ),
-			get_option( 'https_detection_errors' )
-		);
-
-		// Check that the requests are made to the correct URL.
-		$this->assertSame( 'https://example.com/', $this->last_request_url );
-	}
-
-	/**
-	 * @ticket 47577
-	 */
-	public function test_pre_wp_update_https_detection_errors() {
-		// Override to enforce no errors being detected.
-		add_filter(
-			'pre_wp_update_https_detection_errors',
-			static function () {
-				return new WP_Error();
-			}
-		);
-		wp_update_https_detection_errors();
-		$this->assertSame( array(), get_option( 'https_detection_errors' ) );
-
-		// Override to enforce an error being detected.
-		add_filter(
-			'pre_wp_update_https_detection_errors',
-			static function () {
-				return new WP_Error(
-					'ssl_verification_failed',
-					'Bad SSL certificate.'
-				);
-			}
-		);
-		wp_update_https_detection_errors();
-		$this->assertSame(
-			array( 'ssl_verification_failed' => array( 'Bad SSL certificate.' ) ),
-			get_option( 'https_detection_errors' )
-		);
-	}
-
-	/**
-	 * @ticket 47577
-	 */
-	public function test_wp_schedule_https_detection() {
-		wp_schedule_https_detection();
-		$this->assertSame( 'twicedaily', wp_get_schedule( 'wp_https_detection' ) );
-	}
-
-	/**
-	 * @ticket 47577
-	 */
-	public function test_wp_cron_conditionally_prevent_sslverify() {
-		// If URL is not using HTTPS, don't set 'sslverify' to false.
-		$request = array(
-			'url'  => 'http://example.com/',
-			'args' => array( 'sslverify' => true ),
-		);
-		$this->assertSame( $request, wp_cron_conditionally_prevent_sslverify( $request ) );
-
-		// If URL is using HTTPS, set 'sslverify' to false.
-		$request                       = array(
-			'url'  => 'https://example.com/',
-			'args' => array( 'sslverify' => true ),
-		);
-		$expected                      = $request;
-		$expected['args']['sslverify'] = false;
-		$this->assertSame( $expected, wp_cron_conditionally_prevent_sslverify( $request ) );
-	}
-
 	/**
 	 * @ticket 47577
 	 * @ticket 52542