[wp-trac] [WordPress Trac] #47528: Site Health: Add test for file checksums
WordPress Trac
noreply at wordpress.org
Wed Jun 4 18:17:10 UTC 2025
#47528: Site Health: Add test for file checksums
-------------------------------------------------+-------------------------
Reporter: swissspidy | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Future
| Release
Component: Site Health | Version:
Severity: normal | Resolution:
Keywords: site-health has-patch needs-testing | Focuses: ui-copy
-------------------------------------------------+-------------------------
Comment (by SirLouen):
== Test Report
=== Description
🟠This report validates that the indicated patch works as expected but
some changes proposed
Patch tested: https://github.com/WordPress/wordpress-
develop/pull/8897.diff
=== Environment
- WordPress: 6.9-alpha-60093-src
- PHP: 8.2.28
- Server: nginx/1.27.5
- Database: mysqli (Server: 8.4.5 / Client: mysqlnd 8.2.28)
- Browser: Chrome 137.0.0.0
- OS: Windows 10/11
- Theme: Twenty Fourteen 4.2
- MU Plugins: None activated
- Plugins:
* Test Reports 1.2.0
=== Testing Instructions
==== TEST 1
1. For this, despite I'm using a developer verison, I'm switching to the
current stable version (6.8.1) in `wp-includes/version.php`
2. Since there are many changes, checksum should fail and report the
warning code. This test will serve for the failing part
==== TEST 2
To test a valid checksum it's way more tricky because I forgot need to
rebuild the function that is actually taking the online checksum (I don't
know if there is another technique to test checksums)
1. After applying the patch, you need to apply
[https://core.trac.wordpress.org/attachment/ticket/47528/47528-get-core-
checksums-mod.diff my modded patch] to modify some core functions (and set
fake v6.8.2). Consider that if this is being tested later in the future,
you should be adding +1 version to the current version.
2. Generate a md5 to test with, with a command like:
{{{
find . -type f ! -path "./wp-content/*" ! -name ".htaccess" -exec md5sum
{} \; > wp-content/uploads/checksum/checksum.md5
}}}
3. Now test the Health Checks, Result should be "A scan for changes to the
core WordPress files was performed. No changes are detected."
=== Actual Results
1. 🟠Issue resolved with patch, but some changes are proposed.
=== Additional Notes
- I don't really get the idea behind getting the checksums in this lines
{{{
if ( false === $checksums && false !== strpos( $wp_version, '-' ) ) {
$checksums = get_core_checksums( (float) $wp_version - 0.1,
$wp_locale );
}
}}}
Apart from not being efficient (calling twice `get_core_checksums` when
only once could be called with the right conditions), I think that it
doesnt make any sense, to get the checksum of a different version because
its going to always fail the check. So its not providing any value, and I
would either remove it or take advantage of a check like that to just
inform with another message like:
"''You are not using a WordPress version with available checksums.
Integrity won't be checked''"
With `'status' => 'good'`
- I've added @Michi91 patches to GH because I wanted to test it with
Playground (I forgot I needed to mock the function taking checksums from
official sources), plus I did not know that it was a build from the branch
being used, in this case `trunk` which doesn't serve for this purpose. For
this reason I had to rebuild my testing env to have TEST 2 pass
adequately. Both my GH patch or
[https://core.trac.wordpress.org/attachment/ticket/47528/patch.diff
Michi191 last patch] could serve to improve the current version.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/47528#comment:24>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list