diff --git a/src/js/_enqueues/wp/theme.js b/src/js/_enqueues/wp/theme.js index 7e1d2550cd51a..10bcd7f49ba26 100644 --- a/src/js/_enqueues/wp/theme.js +++ b/src/js/_enqueues/wp/theme.js @@ -1605,8 +1605,8 @@ themes.view.InstallerSearch = themes.view.Search.extend({ $( 'body' ).removeClass( 'show-filters filters-applied show-favorites-form' ); $( '.drawer-toggle' ).attr( 'aria-expanded', 'false' ); - // Get the themes by sending Ajax POST request to api.wordpress.org/themes - // or searching the local cache. + // Get the themes by sending Ajax POST request to the `/themes` endpoint of + // the WordPress API, or searching the local cache. this.collection.query( request ); // Set route. @@ -1696,8 +1696,8 @@ themes.view.Installer = themes.view.Appearance.extend({ // Create a new collection with the proper theme data // for each section. if ( 'block-themes' === section ) { - // Get the themes by sending Ajax POST request to api.wordpress.org/themes - // or searching the local cache. + // Get the themes by sending Ajax POST request to the `/themes` endpoint + // of the WordPress API, or searching the local cache. this.collection.query( { tag: 'full-site-editing' } ); } else { this.collection.query( { browse: section } ); @@ -1775,8 +1775,8 @@ themes.view.Installer = themes.view.Appearance.extend({ filter = _.union( [ filter, this.filtersChecked() ] ); request = { tag: [ filter ] }; - // Get the themes by sending Ajax POST request to api.wordpress.org/themes - // or searching the local cache. + // Get the themes by sending Ajax POST request to the `/themes` endpoint + // of the WordPress API, or searching the local cache. this.collection.query( request ); }, @@ -1813,8 +1813,8 @@ themes.view.Installer = themes.view.Appearance.extend({ filteringBy.append( '' + name + '' ); }); - // Get the themes by sending Ajax POST request to api.wordpress.org/themes - // or searching the local cache. + // Get the themes by sending Ajax POST request to the `/themes` endpoint + // of the WordPress API, or searching the local cache. this.collection.query( request ); }, @@ -1840,8 +1840,8 @@ themes.view.Installer = themes.view.Appearance.extend({ username: username }, success: function () { - // Get the themes by sending Ajax POST request to api.wordpress.org/themes - // or searching the local cache. + // Get the themes by sending Ajax POST request to the `/themes` endpoint + // of the WordPress API, or searching the local cache. that.collection.query( request ); } } ); diff --git a/src/wp-admin/includes/class-wp-community-events.php b/src/wp-admin/includes/class-wp-community-events.php index 008611af21c09..3a9d52c4b2ef7 100644 --- a/src/wp-admin/includes/class-wp-community-events.php +++ b/src/wp-admin/includes/class-wp-community-events.php @@ -67,7 +67,7 @@ public function __construct( $user_id, $user_location = false ) { * with nearby events. * * The browser's request for events is proxied with this method, rather - * than having the browser make the request directly to api.wordpress.org, + * than having the browser make the request directly to the WordPress API (`api.wordpress.org` by default), * because it allows results to be cached server-side and shared with other * users and sites in the network. This makes the process more efficient, * since increasing the number of visits that get cached data means users @@ -98,7 +98,7 @@ public function get_events( $location_search = '', $timezone = '' ) { // Include an unmodified $wp_version. require ABSPATH . WPINC . '/version.php'; - $api_url = 'http://api.wordpress.org/events/1.0/'; + $api_url = wp_get_api_hostname() . '/events/1.0/'; $request_args = $this->get_request_args( $location_search, $timezone ); $request_args['user-agent'] = 'WordPress/' . $wp_version . '; ' . home_url( '/' ); diff --git a/src/wp-admin/includes/class-wp-debug-data.php b/src/wp-admin/includes/class-wp-debug-data.php index f227c9fdd2f7e..0f10ecd8a25e1 100644 --- a/src/wp-admin/includes/class-wp-debug-data.php +++ b/src/wp-admin/includes/class-wp-debug-data.php @@ -273,21 +273,26 @@ private static function get_wp_core(): array { ); // WordPress features requiring processing. - $wp_dotorg = wp_remote_get( 'https://wordpress.org', array( 'timeout' => 10 ) ); + $fields['dotorg_api_hostname'] = array( + 'label' => __( 'WordPress API source used by this site' ), + 'value' => wp_get_api_hostname(), + ); + + $wp_dotorg = wp_remote_get( wp_get_api_hostname(), array( 'timeout' => 10 ) ); if ( ! is_wp_error( $wp_dotorg ) ) { $fields['dotorg_communication'] = array( - 'label' => __( 'Communication with WordPress.org' ), - 'value' => __( 'WordPress.org is reachable' ), + 'label' => __( 'Communication with the WordPress API' ), + 'value' => __( 'The WordPress API is reachable' ), 'debug' => 'true', ); } else { $fields['dotorg_communication'] = array( - 'label' => __( 'Communication with WordPress.org' ), + 'label' => __( 'Communication with the WordPress API' ), 'value' => sprintf( - /* translators: 1: The IP address WordPress.org resolves to. 2: The error returned by the lookup. */ - __( 'Unable to reach WordPress.org at %1$s: %2$s' ), - gethostbyname( 'wordpress.org' ), + /* translators: 1: The IP address the WordPress API resolves to. 2: The error returned by the lookup. */ + __( 'Unable to reach the WordPress API at %1$s: %2$s' ), + gethostbyname( wp_get_api_hostname() ), $wp_dotorg->get_error_message() ), 'debug' => $wp_dotorg->get_error_message(), diff --git a/src/wp-admin/includes/class-wp-site-health.php b/src/wp-admin/includes/class-wp-site-health.php index 19d109d447283..658f36e92172b 100644 --- a/src/wp-admin/includes/class-wp-site-health.php +++ b/src/wp-admin/includes/class-wp-site-health.php @@ -1284,7 +1284,7 @@ public function get_test_sql_server() { } /** - * Tests if the site can communicate with WordPress.org. + * Tests if the site can communicate with the WordPress API. * * @since 5.2.0 * @@ -1292,7 +1292,7 @@ public function get_test_sql_server() { */ public function get_test_dotorg_communication() { $result = array( - 'label' => __( 'Can communicate with WordPress.org' ), + 'label' => __( 'Can communicate with the WordPress API' ), 'status' => '', 'badge' => array( 'label' => __( 'Security' ), @@ -1307,7 +1307,7 @@ public function get_test_dotorg_communication() { ); $wp_dotorg = wp_remote_get( - 'https://api.wordpress.org', + wp_get_api_hostname(), array( 'timeout' => 10, ) @@ -1317,7 +1317,17 @@ public function get_test_dotorg_communication() { } else { $result['status'] = 'critical'; - $result['label'] = __( 'Could not reach WordPress.org' ); + $result['label'] = __( 'Could not reach the WordPress API' ); + + /* + * By validating that the parsed URL does not return `null`, + * we avoid a deprecation warning when running `gethostbyname()` later. + */ + $api_hostname = wp_get_api_hostname(); + $parsed_hostname = parse_url( $api_hostname, PHP_URL_HOST ); + if ( null === $parsed_hostname ) { + $parsed_hostname = $api_hostname; + } $result['description'] .= sprintf( '

%s

', @@ -1326,9 +1336,9 @@ public function get_test_dotorg_communication() { /* translators: Hidden accessibility text. */ __( 'Error' ), sprintf( - /* translators: 1: The IP address WordPress.org resolves to. 2: The error returned by the lookup. */ - __( 'Your site is unable to reach WordPress.org at %1$s, and returned the error: %2$s' ), - gethostbyname( 'api.wordpress.org' ), + /* translators: 1: The IP address the WordPress API resolves to. 2: The error returned by the lookup. */ + __( 'Your site is unable to reach the WordPress API at %1$s, and returned the error: %2$s' ), + gethostbyname( $parsed_hostname ), $wp_dotorg->get_error_message() ) ) diff --git a/src/wp-admin/includes/credits.php b/src/wp-admin/includes/credits.php index 79b2a0b46c854..b9ac80a11adac 100644 --- a/src/wp-admin/includes/credits.php +++ b/src/wp-admin/includes/credits.php @@ -32,7 +32,7 @@ function wp_credits( $version = '', $locale = '' ) { || str_contains( $version, '-' ) || ( isset( $results['data']['version'] ) && ! str_starts_with( $version, $results['data']['version'] ) ) ) { - $url = "http://api.wordpress.org/core/credits/1.1/?version={$version}&locale={$locale}"; + $url = wp_get_api_hostname( true ) . "/core/credits/1.1/?version={$version}&locale={$locale}"; $options = array( 'user-agent' => 'WordPress/' . $version . '; ' . home_url( '/' ) ); if ( wp_http_supports( array( 'ssl' ) ) ) { diff --git a/src/wp-admin/includes/dashboard.php b/src/wp-admin/includes/dashboard.php index b198325f27cd8..b094e7e50bad5 100644 --- a/src/wp-admin/includes/dashboard.php +++ b/src/wp-admin/includes/dashboard.php @@ -1811,7 +1811,7 @@ function wp_check_browser_version() { $response = get_site_transient( 'browser_' . $key ); if ( false === $response ) { - $url = 'http://api.wordpress.org/core/browse-happy/1.1/'; + $url = wp_get_api_hostname( true ) . '/core/browse-happy/1.1/'; $options = array( 'body' => array( 'useragent' => $_SERVER['HTTP_USER_AGENT'] ), 'user-agent' => 'WordPress/' . wp_get_wp_version() . '; ' . home_url( '/' ), diff --git a/src/wp-admin/includes/import.php b/src/wp-admin/includes/import.php index 530045894c745..f498f9c1136be 100644 --- a/src/wp-admin/includes/import.php +++ b/src/wp-admin/includes/import.php @@ -146,7 +146,7 @@ function wp_get_popular_importers() { 'locale' => $locale, 'version' => wp_get_wp_version(), ), - 'http://api.wordpress.org/core/importers/1.1/' + wp_get_api_hostname( true ) . '/core/importers/1.1/' ); $options = array( 'user-agent' => 'WordPress/' . wp_get_wp_version() . '; ' . home_url( '/' ) ); diff --git a/src/wp-admin/includes/misc.php b/src/wp-admin/includes/misc.php index 06599381829c0..0ff2b96fe58de 100644 --- a/src/wp-admin/includes/misc.php +++ b/src/wp-admin/includes/misc.php @@ -1581,7 +1581,7 @@ function wp_check_php_version() { $response = get_site_transient( 'php_check_' . $key ); if ( false === $response ) { - $url = 'http://api.wordpress.org/core/serve-happy/1.0/'; + $url = wp_get_api_hostname( true ) . '/core/serve-happy/1.0/'; if ( wp_http_supports( array( 'ssl' ) ) ) { $url = set_url_scheme( $url, 'https' ); diff --git a/src/wp-admin/includes/network.php b/src/wp-admin/includes/network.php index fb3d8d27869bd..cbd3521f3bb5b 100644 --- a/src/wp-admin/includes/network.php +++ b/src/wp-admin/includes/network.php @@ -554,7 +554,7 @@ function network_step2( $errors = false ) { if ( ! empty( $keys_salts ) ) { $keys_salts_str = ''; - $from_api = wp_remote_get( 'https://api.wordpress.org/secret-key/1.1/salt/' ); + $from_api = wp_remote_get( wp_get_api_hostname() . '/secret-key/1.1/salt/' ); if ( is_wp_error( $from_api ) ) { foreach ( $keys_salts as $c => $v ) { $keys_salts_str .= "\ndefine( '$c', '" . wp_generate_password( 64, true, true ) . "' );"; diff --git a/src/wp-admin/includes/plugin-install.php b/src/wp-admin/includes/plugin-install.php index 04287736bc661..d2e8b79f61422 100644 --- a/src/wp-admin/includes/plugin-install.php +++ b/src/wp-admin/includes/plugin-install.php @@ -146,7 +146,7 @@ function plugins_api( $action, $args = array() ) { if ( false === $res ) { - $url = 'http://api.wordpress.org/plugins/info/1.2/'; + $url = wp_get_api_hostname( true ) . '/plugins/info/1.2/'; $url = add_query_arg( array( 'action' => $action, diff --git a/src/wp-admin/includes/theme.php b/src/wp-admin/includes/theme.php index 8fc9c00f149db..87acd1dba81a6 100644 --- a/src/wp-admin/includes/theme.php +++ b/src/wp-admin/includes/theme.php @@ -542,7 +542,7 @@ function themes_api( $action, $args = array() ) { $res = apply_filters( 'themes_api', false, $action, $args ); if ( ! $res ) { - $url = 'http://api.wordpress.org/themes/info/1.2/'; + $url = wp_get_api_hostname( true ) . '/themes/info/1.2/'; $url = add_query_arg( array( 'action' => $action, diff --git a/src/wp-admin/includes/translation-install.php b/src/wp-admin/includes/translation-install.php index 67609836b94a2..c51df8eb0c8ff 100644 --- a/src/wp-admin/includes/translation-install.php +++ b/src/wp-admin/includes/translation-install.php @@ -50,7 +50,7 @@ function translations_api( $type, $args = null ) { $res = apply_filters( 'translations_api', false, $type, $args ); if ( false === $res ) { - $url = 'http://api.wordpress.org/translations/' . $type . '/1.0/'; + $url = wp_get_api_hostname( true ) . '/translations/' . $type . '/1.0/'; $http_url = $url; $ssl = wp_http_supports( array( 'ssl' ) ); if ( $ssl ) { diff --git a/src/wp-admin/includes/update.php b/src/wp-admin/includes/update.php index 629c1be1cc639..78332c2d748a7 100644 --- a/src/wp-admin/includes/update.php +++ b/src/wp-admin/includes/update.php @@ -129,7 +129,7 @@ function find_core_auto_update() { * @return array|false An array of checksums on success, false on failure. */ function get_core_checksums( $version, $locale ) { - $http_url = 'http://api.wordpress.org/core/checksums/1.0/?' . http_build_query( compact( 'version', 'locale' ), '', '&' ); + $http_url = wp_get_api_hostname( true ) . '/core/checksums/1.0/?' . http_build_query( compact( 'version', 'locale' ), '', '&' ); $url = $http_url; $ssl = wp_http_supports( array( 'ssl' ) ); diff --git a/src/wp-admin/maint/repair.php b/src/wp-admin/maint/repair.php index 2104ccd3abb43..39025f28c55bb 100644 --- a/src/wp-admin/maint/repair.php +++ b/src/wp-admin/maint/repair.php @@ -82,7 +82,7 @@ ''; /* translators: 1: wp-config.php, 2: Secret key service URL. */ - echo '

' . sprintf( __( 'While you are editing your %1$s file, take a moment to make sure you have all 8 keys and that they are unique. You can generate these using the WordPress.org secret key service.' ), 'wp-config.php', 'https://api.wordpress.org/secret-key/1.1/salt/' ) . '

'; + echo '

' . sprintf( __( 'While you are editing your %1$s file, take a moment to make sure you have all 8 keys and that they are unique. You can generate these using the WordPress.org secret key service.' ), 'wp-config.php', wp_get_api_hostname() . '/secret-key/1.1/salt/' ) . '

'; } } elseif ( isset( $_GET['repair'] ) ) { diff --git a/src/wp-admin/plugin-editor.php b/src/wp-admin/plugin-editor.php index 73017cae91153..b2ee136b3cfb5 100644 --- a/src/wp-admin/plugin-editor.php +++ b/src/wp-admin/plugin-editor.php @@ -295,7 +295,7 @@
- +
diff --git a/src/wp-admin/setup-config.php b/src/wp-admin/setup-config.php index d2fa4ae8ea7ee..e6fa9fdeefcbb 100644 --- a/src/wp-admin/setup-config.php +++ b/src/wp-admin/setup-config.php @@ -358,7 +358,7 @@ function setup_config_display_header( $body_classes = array() ) { $no_api = isset( $_POST['noapi'] ); if ( ! $no_api ) { - $secret_keys = wp_remote_get( 'https://api.wordpress.org/secret-key/1.1/salt/' ); + $secret_keys = wp_remote_get( wp_get_api_hostname() . '/secret-key/1.1/salt/' ); } if ( $no_api || is_wp_error( $secret_keys ) ) { diff --git a/src/wp-admin/theme-editor.php b/src/wp-admin/theme-editor.php index bf869f4d8a886..e63088fc49509 100644 --- a/src/wp-admin/theme-editor.php +++ b/src/wp-admin/theme-editor.php @@ -324,7 +324,7 @@
- +
diff --git a/src/wp-includes/load.php b/src/wp-includes/load.php index 0526cb175dfb6..60281eeefca72 100644 --- a/src/wp-includes/load.php +++ b/src/wp-includes/load.php @@ -370,6 +370,52 @@ function wp_is_development_mode( $mode ) { return $mode === $current_mode; } +/** + * Retrieves the current API hostname. + * + * The API hostname is used in requests for core, plugin, theme, and translation information, + * installation and updates. + * + * @since 6.8.0 + * + * @param bool $use_http Optional. Whether to use HTTP or HTTPS scheme for the default API endpoint. Default true. + * @return string The current API hostname. + */ +function wp_get_api_hostname( $use_http = false ) { + static $current_hostname = ''; + + if ( defined( 'WP_RUN_CORE_TESTS' ) || '' === $current_hostname ) { + /* + * We only check the schema for the default API hostname, as anyone overriding it may + * be doing so intentionally, for example an environment that relies on host aliases, + * and are expected to know what they are doing. + */ + $current_hostname = ( $use_http ? 'http://' : 'https://' ) . 'api.wordpress.org'; + + // Check if the environment variable has been set, if `getenv` is available on the system. + if ( function_exists( 'getenv' ) ) { + $has_env = getenv( 'WP_API_HOSTNAME' ); + if ( false !== $has_env ) { + $current_hostname = $has_env; + } + } + + // Fetch the hostname from a constant, this overrides the global system variable. + if ( defined( 'WP_API_HOSTNAME' ) && WP_API_HOSTNAME ) { + $current_hostname = WP_API_HOSTNAME; + } + } + + /** + * Filters the API hostname. + * + * @since 6.8.0 + * + * @param string $current_hostname The current hostname. + */ + return apply_filters( 'wp_api_hostname', $current_hostname ); +} + /** * Ensures all of WordPress is not loaded when handling a favicon.ico request. * diff --git a/src/wp-includes/rest-api/endpoints/class-wp-rest-pattern-directory-controller.php b/src/wp-includes/rest-api/endpoints/class-wp-rest-pattern-directory-controller.php index e31c47ee61a4b..cba86d3b448cf 100644 --- a/src/wp-includes/rest-api/endpoints/class-wp-rest-pattern-directory-controller.php +++ b/src/wp-includes/rest-api/endpoints/class-wp-rest-pattern-directory-controller.php @@ -114,7 +114,7 @@ public function get_items( $request ) { $raw_patterns = get_site_transient( $transient_key ); if ( ! $raw_patterns ) { - $api_url = 'http://api.wordpress.org/patterns/1.0/?' . build_query( $query_args ); + $api_url = wp_get_api_hostname( true ) . '/patterns/1.0/?' . build_query( $query_args ); if ( wp_http_supports( array( 'ssl' ) ) ) { $api_url = set_url_scheme( $api_url, 'https' ); } diff --git a/src/wp-includes/update.php b/src/wp-includes/update.php index 8dba379ad31de..632cf7f82079d 100644 --- a/src/wp-includes/update.php +++ b/src/wp-includes/update.php @@ -186,7 +186,7 @@ function wp_version_check( $extra_stats = array(), $force_check = false ) { $query['channel'] = WP_AUTO_UPDATE_CORE; } - $url = 'http://api.wordpress.org/core/version-check/1.7/?' . http_build_query( $query, '', '&' ); + $url = wp_get_api_hostname( true ) . '/core/version-check/1.7/?' . http_build_query( $query, '', '&' ); $http_url = $url; $ssl = wp_http_supports( array( 'ssl' ) ); @@ -434,7 +434,7 @@ function wp_update_plugins( $extra_stats = array() ) { $options['body']['update_stats'] = wp_json_encode( $extra_stats ); } - $url = 'http://api.wordpress.org/plugins/update-check/1.1/'; + $url = wp_get_api_hostname( true ) . '/plugins/update-check/1.1/'; $http_url = $url; $ssl = wp_http_supports( array( 'ssl' ) ); @@ -713,7 +713,7 @@ function wp_update_themes( $extra_stats = array() ) { $options['body']['update_stats'] = wp_json_encode( $extra_stats ); } - $url = 'http://api.wordpress.org/themes/update-check/1.1/'; + $url = wp_get_api_hostname( true ) . '/themes/update-check/1.1/'; $http_url = $url; $ssl = wp_http_supports( array( 'ssl' ) ); diff --git a/tests/phpunit/tests/load/wpGetApiHostname.php b/tests/phpunit/tests/load/wpGetApiHostname.php new file mode 100644 index 0000000000000..ab847052b5421 --- /dev/null +++ b/tests/phpunit/tests/load/wpGetApiHostname.php @@ -0,0 +1,117 @@ +assertSame( 'https://api.wordpress.org', wp_get_api_hostname() ); + $this->assertSame( 'http://api.wordpress.org', wp_get_api_hostname( true ) ); + } + + /** + * Tests that `wp_get_api_hostname()` returns the value of the `WP_API_HOSTNAME` environment variable. + * + * @ticket 62132 + * + * @runInSeparateProcess + * @preserveGlobalState disabled + */ + public function test_wp_get_api_hostname_returns_environment_variable_value() { + putenv( 'WP_API_HOSTNAME=env.api.org' ); + $this->assertSame( 'env.api.org', wp_get_api_hostname() ); + } + + /** + * Tests that `wp_get_api_hostname()` returns the value of the `WP_API_HOSTNAME` constant. + * + * @ticket 62132 + * + * @runInSeparateProcess + * @preserveGlobalState disabled + */ + public function test_wp_get_api_hostname_returns_constant_value() { + define( 'WP_API_HOSTNAME', 'constant.api.org' ); + $this->assertSame( 'constant.api.org', wp_get_api_hostname() ); + } + + /** + * Tests that `wp_get_api_hostname()` returns the value of the `'wp_api_hostname'` filter. + * + * @ticket 62132 + */ + public function test_wp_get_api_hostname_returns_filter_value() { + add_filter( + 'wp_api_hostname', + static function () { + return 'filter.api.org'; + } + ); + $this->assertSame( 'filter.api.org', wp_get_api_hostname() ); + } + + /** + * Tests that `wp_get_api_hostname()` prioritizes the constant over the environment variable. + * + * @ticket 62132 + * + * @runInSeparateProcess + * @preserveGlobalState disabled + */ + public function test_wp_get_api_hostname_prioritizes_constant_over_environment_variable() { + putenv( 'WP_API_HOSTNAME=env.api.org' ); + define( 'WP_API_HOSTNAME', 'constant.api.org' ); + $this->assertSame( 'constant.api.org', wp_get_api_hostname() ); + } + + /** + * Tests that `wp_get_api_hostname()` prioritizes the filter over the environment variable. + * + * @ticket 62132 + * + * @runInSeparateProcess + * @preserveGlobalState disabled + */ + public function test_wp_get_api_hostname_prioritizes_filter_over_environment_variable() { + putenv( 'WP_API_HOSTNAME=env.api.org' ); + add_filter( + 'wp_api_hostname', + static function () { + return 'filter.api.org'; + } + ); + $this->assertSame( 'filter.api.org', wp_get_api_hostname() ); + } + + /** + * Tests that `wp_get_api_hostname()` prioritizes the filter over the constant. + * + * @ticket 62132 + * + * @runInSeparateProcess + * @preserveGlobalState disabled + */ + public function test_wp_get_api_hostname_prioritizes_filter_over_constant() { + define( 'WP_API_HOSTNAME', 'constant.api.org' ); + add_filter( + 'wp_api_hostname', + static function () { + return 'filter.api.org'; + } + ); + $this->assertSame( 'filter.api.org', wp_get_api_hostname() ); + } +}