vhad/wordpress-develop
1
0
Fork 0
mirror of https://github.com/gosticks/wordpress-develop.git synced 2026-06-28 22:30:04 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Better validation of the URL used in core HTTP requests.

Browse Source 
git-svn-id: https://develop.svn.wordpress.org/trunk@24480 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Andrew Nacin
2013-06-21 06:07:47 +00:00
parent 5254ff0e4b
commit dfcf4b5eae
10 changed files with 92 additions and 66 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
wp-admin/includes/file.php
View File

@@ -497,7 +497,7 @@ function download_url( $url, $timeout = 300 ) {
if ( ! $tmpfname )
return new WP_Error('http_no_file', __('Could not create Temporary file.'));
$response = wp_remote_get( $url, array( 'timeout' => $timeout, 'stream' => true, 'filename' => $tmpfname ) );
$response = wp_remote_get( $url, array( 'timeout' => $timeout, 'stream' => true, 'filename' => $tmpfname, 'reject_unsafe_urls' => true ) );
if ( is_wp_error( $response ) ) {
unlink( $tmpfname );