vhad/wordpress-develop
1
0
Fork 0
mirror of https://github.com/gosticks/wordpress-develop.git synced 2026-04-08 22:54:36 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Better validation of the URL used in core HTTP requests.

Browse Source 
git-svn-id: https://develop.svn.wordpress.org/trunk@24480 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Andrew Nacin
2013-06-21 06:07:47 +00:00
parent 5254ff0e4b
commit dfcf4b5eae
10 changed files with 92 additions and 66 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
wp-includes/class-feed.php
View File

@@ -66,7 +66,11 @@ class WP_SimplePie_File extends SimplePie_File {
$this->method = SIMPLEPIE_FILE_SOURCE_REMOTE;
if ( preg_match('/^http(s)?:\/\//i', $url) ) {
$args = array( 'timeout' => $this->timeout, 'redirection' => $this->redirects);
$args = array(
'timeout' => $this->timeout,
'redirection' => $this->redirects,
'reject_unsafe_urls' => true,
);
if ( !empty($this->headers) )
$args['headers'] = $this->headers;
@@ -85,10 +89,8 @@ class WP_SimplePie_File extends SimplePie_File {
$this->status_code = wp_remote_retrieve_response_code( $res );
}
} else {
if ( ! file_exists($url) || ( ! $this->body = file_get_contents($url) ) ) {
$this->error = 'file_get_contents could not read the file';
$this->success = false;
}
$this->error = '';
$this->success = false;
}
}
}