vhad/wordpress-develop
1
0
Fork 0
mirror of https://github.com/gosticks/wordpress-develop.git synced 2026-04-07 22:24:36 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Better validation of the URL used in core HTTP requests.

Browse Source 
git-svn-id: https://develop.svn.wordpress.org/trunk@24480 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Andrew Nacin
2013-06-21 06:07:47 +00:00
parent 5254ff0e4b
commit dfcf4b5eae
10 changed files with 92 additions and 66 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
wp-includes/functions.php
View File

@@ -496,6 +496,7 @@ function wp_get_http( $url, $file_path = false, $red = 1 ) {
$options = array();
$options['redirection'] = 5;
$options['reject_unsafe_urls'] = true;
if ( false == $file_path )
$options['method'] = 'HEAD';
@@ -543,7 +544,7 @@ function wp_get_http_headers( $url, $deprecated = false ) {
if ( !empty( $deprecated ) )
_deprecated_argument( __FUNCTION__, '2.7' );
$response = wp_remote_head( $url );
$response = wp_remote_head( $url, array( 'reject_unsafe_urls' => true ) );
if ( is_wp_error( $response ) )
return false;
@@ -758,6 +759,7 @@ function wp_remote_fopen( $uri ) {
$options = array();
$options['timeout'] = 10;
$options['reject_unsafe_urls'] = true;
$response = wp_remote_get( $uri, $options );