[wp-trac] [WordPress Trac] #52484: The wp_update_https_detection_errors function may fail to update option values.
WordPress Trac
noreply at wordpress.org
Tue Mar 2 15:06:48 UTC 2021
#52484: The wp_update_https_detection_errors function may fail to update option
values.
-------------------------------------------------+-------------------------
Reporter: tmatsuur | Owner:
| SergeyBiryukov
Type: defect (bug) | Status: closed
Priority: normal | Milestone: 5.7
Component: Security | Version: trunk
Severity: normal | Resolution: fixed
Keywords: has-patch has-unit-tests dev- | Focuses:
reviewed i18n-change |
-------------------------------------------------+-------------------------
Changes (by SergeyBiryukov):
* status: reviewing => closed
* resolution: => fixed
Comment:
In [changeset:"50471" 50471]:
{{{
#!CommitTicketReference repository="" revision="50471"
Security, Site Health: Do not store HTTPS request error messages in an
option.
This changes the logic in `update_https_detection_errors()` to never store
error messages from the actual request since they could use a different
encoding, which would make storing them in an option potentially fail,
leading WordPress to then falsely assume that HTTPS is supported.
While this doesn't actually fix the encoding issue, it is not crucial to
do so anyway, since these messages are not used anywhere. A simple
differentiation between whether the overall HTTPS request or only the SSL
verification failed should be sufficient for the purpose of this function.
Props flixos90, tmatsuur, lukecarbis.
Fixes #52484.
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/52484#comment:16>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list