From 2db9d7bee750c052bad6aa78bcce6649a6e4d3a8 Mon Sep 17 00:00:00 2001
From: Dominik Schilling <ocean90@git.wordpress.org>
Date: Wed, 27 Jul 2016 15:51:19 +0000
Subject: [PATCH] HTTP API: All non-GET/HEAD requests should put the arguments
 in the form body.

Requests defaults to _GET/query for HEAD/GET/DELETE and _POST/body for POST/PUT/OPTIONS/PATCH. For backward compatibility `WP_HTTP` needs to force `data_format` to 'body' for all non-GET/HEAD requests.

Props dd32.
Fixes #37456.

git-svn-id: https://develop.svn.wordpress.org/trunk@38165 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-includes/class-http.php | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/src/wp-includes/class-http.php b/src/wp-includes/class-http.php
index 173566d464..e9ff205142 100644
--- a/src/wp-includes/class-http.php
+++ b/src/wp-includes/class-http.php
@@ -315,8 +315,7 @@ class WP_Http {
 		}
 		if ( empty( $r['redirection'] ) ) {
 			$options['follow_redirects'] = false;
-		}
-		else {
+		} else {
 			$options['redirects'] = $r['redirection'];
 		}
 
@@ -333,11 +332,15 @@ class WP_Http {
 		// SSL certificate handling
 		if ( ! $r['sslverify'] ) {
 			$options['verify'] = false;
-		}
-		else {
+		} else {
 			$options['verify'] = $r['sslcertificates'];
 		}
 
+		// All non-GET/HEAD requests should put the arguments in the form body.
+		if ( 'HEAD' !== $type && 'GET' !== $type ) {
+			$options['data_format'] = 'body';
+		}
+
 		/**
 		 * Filters whether SSL should be verified for non-local requests.
 		 *