vhad/wordpress-develop
1
0
Fork 0
mirror of https://github.com/gosticks/wordpress-develop.git synced 2026-04-08 14:44:37 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Better validation of the URL used in core HTTP requests.

Browse Source 
git-svn-id: https://develop.svn.wordpress.org/trunk@24480 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Andrew Nacin
2013-06-21 06:07:47 +00:00
parent 5254ff0e4b
commit dfcf4b5eae
10 changed files with 92 additions and 66 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
wp-includes/class-oembed.php
View File

@@ -113,7 +113,7 @@ class WP_oEmbed {
$providers = array();
// Fetch URL content
if ( $html = wp_remote_retrieve_body( wp_remote_get( $url ) ) ) {
if ( $html = wp_remote_retrieve_body( wp_remote_get( $url, array( 'reject_unsafe_urls' => true ) ) ) ) {
// <link> types that contain oEmbed provider URLs
$linktypes = apply_filters( 'oembed_linktypes', array(
@@ -195,7 +195,7 @@ class WP_oEmbed {
*/
function _fetch_with_format( $provider_url_with_args, $format ) {
$provider_url_with_args = add_query_arg( 'format', $format, $provider_url_with_args );
$response = wp_remote_get( $provider_url_with_args );
$response = wp_remote_get( $provider_url_with_args, array( 'reject_unsafe_urls' => true ) );
if ( 501 == wp_remote_retrieve_response_code( $response ) )
return new WP_Error( 'not-implemented' );
if ( ! $body = wp_remote_retrieve_body( $response ) )