Index: class-http.php =================================================================== --- class-http.php (revision 15144) +++ class-http.php (working copy) @@ -170,146 +170,26 @@ /** * Send a HTTP request to a URI. * - * The body and headers are part of the arguments. The 'body' argument is for the body and will - * accept either a string or an array. The 'headers' argument should be an array, but a string - * is acceptable. If the 'body' argument is an array, then it will automatically be escaped - * using http_build_query(). + * See {@link WP_Http_Config::process} for more on the arguments for requests. * - * The only URI that are supported in the HTTP Transport implementation are the HTTP and HTTPS - * protocols. HTTP and HTTPS are assumed so the server might not know how to handle the send - * headers. Other protocols are unsupported and most likely will fail. + * The only URI that should be used are those that are for the HTTP protocol. Any other URI + * scheme will fail. HTTPS is supported, provided that PHP supports SSL and has the extensions + * installed. * - * The defaults are 'method', 'timeout', 'redirection', 'httpversion', 'blocking' and - * 'user-agent'. - * - * Accepted 'method' values are 'GET', 'POST', and 'HEAD', some transports technically allow - * others, but should not be assumed. The 'timeout' is used to sent how long the connection - * should stay open before failing when no response. 'redirection' is used to track how many - * redirects were taken and used to sent the amount for other transports, but not all transports - * accept setting that value. - * - * The 'httpversion' option is used to sent the HTTP version and accepted values are '1.0', and - * '1.1' and should be a string. Version 1.1 is not supported, because of chunk response. The - * 'user-agent' option is the user-agent and is used to replace the default user-agent, which is - * 'WordPress/WP_Version', where WP_Version is the value from $wp_version. - * - * 'blocking' is the default, which is used to tell the transport, whether it should halt PHP - * while it performs the request or continue regardless. Actually, that isn't entirely correct. - * Blocking mode really just means whether the fread should just pull what it can whenever it - * gets bytes or if it should wait until it has enough in the buffer to read or finishes reading - * the entire content. It doesn't actually always mean that PHP will continue going after making - * the request. - * * @access public * @since 2.7.0 - * @todo Refactor this code. The code in this method extends the scope of its original purpose - * and should be refactored to allow for cleaner abstraction and reduce duplication of the - * code. One suggestion is to create a class specifically for the arguments, however - * preliminary refactoring to this affect has affect more than just the scope of the - * arguments. Something to ponder at least. * * @param string $url URI resource. * @param str|array $args Optional. Override the defaults. * @return array containing 'headers', 'body', 'response', 'cookies' */ function request( $url, $args = array() ) { - global $wp_version; + $config = new WP_Http_Config($url); + $config->process($args); - $defaults = array( - 'method' => 'GET', - 'timeout' => apply_filters( 'http_request_timeout', 5), - 'redirection' => apply_filters( 'http_request_redirection_count', 5), - 'httpversion' => apply_filters( 'http_request_version', '1.0'), - 'user-agent' => apply_filters( 'http_headers_useragent', 'WordPress/' . $wp_version . '; ' . get_bloginfo( 'url' ) ), - 'blocking' => true, - 'headers' => array(), - 'cookies' => array(), - 'body' => null, - 'compress' => false, - 'decompress' => true, - 'sslverify' => true - ); + $transports = $config->get_transports(); + $r = $config->get_arguments(); - $r = wp_parse_args( $args, $defaults ); - $r = apply_filters( 'http_request_args', $r, $url ); - - // Allow plugins to short-circuit the request - $pre = apply_filters( 'pre_http_request', false, $r, $url ); - if ( false !== $pre ) - return $pre; - - $arrURL = parse_url($url); - - if ( empty( $url ) || empty($url['scheme'] ) ) - return new WP_Error('http_request_failed', __('A valid URL was not provided.')); - - if ( $this->block_request( $url ) ) - return new WP_Error('http_request_failed', __('User has blocked requests through HTTP.')); - - // Determine if this is a https call and pass that on to the transport functions - // so that we can blacklist the transports that do not support ssl verification - $r['ssl'] = $arrURL['scheme'] == 'https' || $arrURL['scheme'] == 'ssl'; - - // Determine if this request is to OUR install of WordPress - $homeURL = parse_url( get_bloginfo('url') ); - $r['local'] = $homeURL['host'] == $arrURL['host'] || 'localhost' == $arrURL['host']; - unset($homeURL); - - if ( is_null( $r['headers'] ) ) - $r['headers'] = array(); - - if ( ! is_array($r['headers']) ) { - $processedHeaders = WP_Http::processHeaders($r['headers']); - $r['headers'] = $processedHeaders['headers']; - } - - if ( isset($r['headers']['User-Agent']) ) { - $r['user-agent'] = $r['headers']['User-Agent']; - unset($r['headers']['User-Agent']); - } - - if ( isset($r['headers']['user-agent']) ) { - $r['user-agent'] = $r['headers']['user-agent']; - unset($r['headers']['user-agent']); - } - - // Construct Cookie: header if any cookies are set - WP_Http::buildCookieHeader( $r ); - - if ( WP_Http_Encoding::is_available() ) - $r['headers']['Accept-Encoding'] = WP_Http_Encoding::accept_encoding(); - - if ( empty($r['body']) ) { - // Some servers fail when sending content without the content-length header being set. - // Also, to fix another bug, we only send when doing POST and PUT and the content-length - // header isn't already set. - if( ($r['method'] == 'POST' || $r['method'] == 'PUT') && ! isset($r['headers']['Content-Length']) ) - $r['headers']['Content-Length'] = 0; - - // The method is ambiguous, because we aren't talking about HTTP methods, the "get" in - // this case is simply that we aren't sending any bodies and to get the transports that - // don't support sending bodies along with those which do. - $transports = WP_Http::_getTransport($r); - } else { - if ( is_array( $r['body'] ) || is_object( $r['body'] ) ) { - if ( ! version_compare(phpversion(), '5.1.2', '>=') ) - $r['body'] = _http_build_query($r['body'], null, '&'); - else - $r['body'] = http_build_query($r['body'], null, '&'); - $r['headers']['Content-Type'] = 'application/x-www-form-urlencoded; charset=' . get_option('blog_charset'); - $r['headers']['Content-Length'] = strlen($r['body']); - } - - if ( ! isset( $r['headers']['Content-Length'] ) && ! isset( $r['headers']['content-length'] ) ) - $r['headers']['Content-Length'] = strlen($r['body']); - - // The method is ambiguous, because we aren't talking about HTTP methods, the "post" in - // this case is simply that we are sending HTTP body and to get the transports that do - // support sending the body. Not all do, depending on the limitations of the PHP core - // limitations. - $transports = WP_Http::_postTransport($r); - } - do_action( 'http_api_debug', $transports, 'transports_list' ); $response = array( 'headers' => array(), 'body' => '', 'response' => array('code' => false, 'message' => false), 'cookies' => array() ); @@ -549,13 +429,260 @@ * @return bool True to block, false to allow. */ function block_request($uri) { + $config = new WP_Http_Config($uri); + return $config->block_request(); + } +} + +/** + * Consolidates the argument processing for all of the transports and main WP_Http class. + * + * Since the beginning the argument processing was handled in both {@link WP_Http::request()} and in + * the individual transports. As more arguments and features were added, it became that + * {@link WP_Http::request()} was getting all of the support and the rest of the transports were + * becoming stagnate with argument processing. + * + * The individual transports appear to be used more individually, which would cause problems with + * argument processing or require duplication of {@link WP_Http::request()} code. + * + * @since {unknown} + * @package WordPress + * @subpackage HTTP + */ +class WP_Http_Config { + + /** + * The request URL. + * + * @since {unknown} + * @var string + */ + var $uri = ''; + + /** + * Processed arguments cache. + * + * @since {unknown} + * @var array + */ + var $args = array(); + + /** + * PHP4 constructor calls PHP5 constructor. + * + * @since {unknown} + * + * @param String $uri Request URI. + */ + function WP_Http_Config( $uri = '' ) { + $this->__construct($uri); + } + + /** + * PHP5 constructor - Initialize class properties. + * + * @since {unknown} + * + * @param String $uri Request URI. + */ + function __construct( $uri = '' ) { + $this->uri = $uri; + } + + /** + * Process arguments for sending requests. + * + * The 'body' argument is for the body and will accept either a string or an array. If the + * 'body' argument is an array, then it will automatically be escaped using http_build_query(). + * The 'content-type' header will automatically be set as well as 'content-length' to the size + * of the body, if the 'body' argument is an array. + * + * The 'headers' argument should be an array, but a string will be accepted and then converted + * to an array. The recommendation for headers to be an array is for optimization purposes. The + * header array should have the header (or field) name as the array key (or indicies) and the + * header value as the array value. + * + * The defaults are 'method', 'timeout', 'redirection', 'httpversion', 'blocking' and + * 'user-agent'. + * + * Accepted 'method' values are 'GET', 'POST', and 'HEAD', some transports technically allow + * others, but should not be assumed. The 'timeout' is used to sent how long the connection + * should stay open before failing when no response. 'redirection' is used to track how many + * redirects were taken and used to sent the amount for other transports, but not all transports + * accept setting that value. + * + * The 'httpversion' option is used to sent the HTTP version and accepted values are '1.0', and + * '1.1' and should be a string. Version 1.1 is supported, since chunked responses are + * supported. The 'user-agent' option is the user-agent and is used to replace the default + * user-agent, which is 'WordPress/WP_Version', where WP_Version is the value from $wp_version. + * + * 'blocking' is the default, which is used to tell the transport, whether it should halt PHP + * while it performs the request or continue regardless. Actually, that isn't entirely correct. + * Blocking mode really just means whether the fread should just pull what it can whenever it + * gets bytes or if it should wait until it has enough in the buffer to read or finishes reading + * the entire content. It doesn't actually always mean that PHP will continue going after making + * the request. + * + * @access public + * @since {unknown} + * + * @param str|array $args Optional. Override the defaults. + * @return array Transports for either sending body or for get requests. + */ + function process( $args = array() ) { + global $wp_version; + + $defaults = array( + 'method' => 'GET', + 'timeout' => apply_filters( 'http_request_timeout', 5), + 'redirection' => apply_filters( 'http_request_redirection_count', 5), + 'httpversion' => apply_filters( 'http_request_version', '1.0'), + 'user-agent' => apply_filters( 'http_headers_useragent', 'WordPress/' . $wp_version . '; ' . get_bloginfo( 'url' ) ), + 'blocking' => true, + 'headers' => array(), + 'cookies' => array(), + 'body' => null, + 'compress' => false, + 'decompress' => true, + 'sslverify' => true + ); + + $r = wp_parse_args( $args, $defaults ); + $r = apply_filters( 'http_request_args', $r, $this->uri ); + + // Allow plugins to short-circuit the request + $pre = apply_filters( 'pre_http_request', false, $r, $this->uri ); + if ( false !== $pre ) + return $pre; + + $arrURL = parse_url($this->uri); + + if ( empty( $arrURL ) || empty($arrURL['scheme'] ) ) + return new WP_Error('http_request_failed', __('A valid URL was not provided.')); + + if ( $this->block_request() ) + return new WP_Error('http_request_failed', __('User has blocked requests through HTTP.')); + + // Determine if this is a https call and pass that on to the transport functions + // so that we can blacklist the transports that do not support ssl verification + $r['ssl'] = $arrURL['scheme'] == 'https' || $arrURL['scheme'] == 'ssl'; + + // Determine if this request is to OUR install of WordPress + $homeURL = parse_url( get_bloginfo('url') ); + $r['local'] = $homeURL['host'] == $arrURL['host'] || 'localhost' == $arrURL['host']; + unset($homeURL); + + if ( is_null( $r['headers'] ) ) + $r['headers'] = array(); + + // Convert string to an array, if needed. + if ( ! is_array($r['headers']) ) { + $processedHeaders = WP_Http::processHeaders($r['headers']); + $r['headers'] = $processedHeaders['headers']; + } + + // Change all headers to lowercase to standardize header checks. + // RFC 1945 section 4.2 states that "Field names are case-insensitive." + $r['headers'] = array_change_key_case($r['headers']); + + // Most transports do not support setting user-agent by header value alone. Therefore, + // to prevent possible problems, we change it to an argument + if ( isset($r['headers']['user-agent']) ) { + $r['user-agent'] = $r['headers']['user-agent']; + unset($r['headers']['user-agent']); + } + + // Construct Cookie: header if any cookies are set + WP_Http::buildCookieHeader( $r ); + + if ( WP_Http_Encoding::is_available() ) + $r['headers']['accept-encoding'] = WP_Http_Encoding::accept_encoding(); + + if ( empty($r['body']) ) { + // Some servers fail when sending content without the content-length header being set. + // Also, to fix another bug, we only send when doing POST and PUT and the content-length + // header isn't already set. + if( ($r['method'] == 'POST' || $r['method'] == 'PUT') && ! isset($r['headers']['content-length']) ) + $r['headers']['content-length'] = 0; + } else { + if ( is_array( $r['body'] ) || is_object( $r['body'] ) ) { + if ( ! version_compare(phpversion(), '5.1.2', '>=') ) + $r['body'] = _http_build_query($r['body'], null, '&'); + else + $r['body'] = http_build_query($r['body'], null, '&'); + $r['headers']['content-type'] = 'application/x-www-form-urlencoded; charset=' . get_option('blog_charset'); + $r['headers']['content-length'] = strlen($r['body']); + } + + if ( ! isset( $r['headers']['content-length'] ) && ! isset( $r['headers']['content-length'] ) ) + $r['headers']['content-length'] = strlen($r['body']); + } + + $r['processed'] = true; + + $this->args = $r; + } + + /** + * Retrieve transports based on whether body is sent with the request. + * + * There used to be a note in the methods used that they both are ambiguous. The note was given + * to prevent future coders from incorrectly assuming that the 'get' in + * {@link WP_Http::_getTransport()} was for HTTP GET method requests and that the 'post' in + * {@link WP_Http::_postTransport()} was for HTTP POST method requests. This is not the case, + * the two methods were created because there is a transport for PHP4 that does not support + * sending the request body and must be ignored for those requests. + * + * The above note are part of the methods, but the note was duplicated for clarity sake to + * prevent questions on why they are that way. + * + * @since {unknown} + * + * @return array Transports for sending requests. + */ + function get_transports() { + return ( empty($this->args['body']) ) ? WP_Http::_getTransport($r) : WP_Http::_postTransport($r); + } + + /** + * Retrieve processed arguments. + * + * The {@link WP_Http_Config::process()} needs to be called first or this method will only + * return an empty array. + * + * @since {unknown} + * + * @return array Processed Arguments for requests. + */ + function get_arguments() { + return $this->args; + } + + /** + * Block requests through the proxy. + * + * Those who are behind a proxy and want to prevent access to certain hosts may do so. This will + * prevent plugins from working and core functionality, if you don't include api.wordpress.org. + * + * You block external URL requests by defining WP_HTTP_BLOCK_EXTERNAL as true in your wp-config.php + * file and this will only allow localhost and your blog to make requests. The constant + * WP_ACCESSIBLE_HOSTS will allow additional hosts to go through for requests. The format of the + * WP_ACCESSIBLE_HOSTS constant is a comma separated list of hostnames to allow. + * + * @since 2.8.0 + * @link http://core.trac.wordpress.org/ticket/8927 Allow preventing external requests. + * + * @param string $uri URI of url. + * @return bool True to block, false to allow. + */ + function block_request() { // We don't need to block requests, because nothing is blocked. if ( ! defined( 'WP_HTTP_BLOCK_EXTERNAL' ) || ! WP_HTTP_BLOCK_EXTERNAL ) return false; // parse_url() only handles http, https type URLs, and will emit E_WARNING on failure. // This will be displayed on blogs, which is not reasonable. - $check = @parse_url($uri); + $check = @parse_url($this->uri); /* Malformed URL, can not process, but this could mean ssl, so let through anyway. * @@ -609,26 +736,14 @@ * @return array 'headers', 'body', 'cookies' and 'response' keys. */ function request($url, $args = array()) { - $defaults = array( - 'method' => 'GET', 'timeout' => 5, - 'redirection' => 5, 'httpversion' => '1.0', - 'blocking' => true, - 'headers' => array(), 'body' => null, 'cookies' => array() - ); + $config = new WP_Http_Config($url); - $r = wp_parse_args( $args, $defaults ); - - if ( isset($r['headers']['User-Agent']) ) { - $r['user-agent'] = $r['headers']['User-Agent']; - unset($r['headers']['User-Agent']); - } else if( isset($r['headers']['user-agent']) ) { - $r['user-agent'] = $r['headers']['user-agent']; - unset($r['headers']['user-agent']); + $r = $args; + if( ! isset($args['processed']) && ! $args['processed'] ) { + $config->process($args); + $r = $config->get_arguments(); } - // Construct Cookie: header if any cookies are set - WP_Http::buildCookieHeader( $r ); - $iError = null; // Store error number $strError = null; // Store error string @@ -729,10 +844,7 @@ return array( 'headers' => array(), 'body' => '', 'response' => array('code' => false, 'message' => false), 'cookies' => array() ); } - $strResponse = ''; - while ( ! feof($handle) ) - $strResponse .= fread($handle, 4096); - + $strResponse = $this->_get_response(&$handle); fclose($handle); if ( true === $secure_transport ) @@ -765,6 +877,24 @@ } /** + * Retrieves the response message using resource handle. + * + * This should allow for others to inherit and extend the class to implement their own resource + * handling. A request was made a long time ago for handling long streams which will exhaust + * memory, but is not a feature that majority of developers will need. + * + * @param resource $handle Fsockopen resource + * @return string Response message (includes header and body). + */ + function _get_response(&$handle) { + $strResponse = ''; + while ( ! feof($handle) ) + $strResponse .= fread($handle, 4096); + + return $strResponse; + } + + /** * Whether this class can be used for retrieving an URL. * * @since 2.7.0 @@ -818,14 +948,13 @@ * @return array 'headers', 'body', 'cookies' and 'response' keys. */ function request($url, $args = array()) { - $defaults = array( - 'method' => 'GET', 'timeout' => 5, - 'redirection' => 5, 'httpversion' => '1.0', - 'blocking' => true, - 'headers' => array(), 'body' => null, 'cookies' => array() - ); + $config = new WP_Http_Config($url); - $r = wp_parse_args( $args, $defaults ); + $r = $args; + if( ! isset($args['processed']) && ! $args['processed'] ) { + $config->process($args); + $r = $config->get_arguments(); + } $arrURL = parse_url($url); @@ -961,26 +1090,14 @@ * @return array 'headers', 'body', 'cookies' and 'response' keys. */ function request($url, $args = array()) { - $defaults = array( - 'method' => 'GET', 'timeout' => 5, - 'redirection' => 5, 'httpversion' => '1.0', - 'blocking' => true, - 'headers' => array(), 'body' => null, 'cookies' => array() - ); + $config = new WP_Http_Config($url); - $r = wp_parse_args( $args, $defaults ); - - if ( isset($r['headers']['User-Agent']) ) { - $r['user-agent'] = $r['headers']['User-Agent']; - unset($r['headers']['User-Agent']); - } else if( isset($r['headers']['user-agent']) ) { - $r['user-agent'] = $r['headers']['user-agent']; - unset($r['headers']['user-agent']); + $r = $args; + if( ! isset($args['processed']) && ! $args['processed'] ) { + $config->process($args); + $r = $config->get_arguments(); } - // Construct Cookie: header if any cookies are set - WP_Http::buildCookieHeader( $r ); - $arrURL = parse_url($url); if ( false === $arrURL ) @@ -1134,26 +1251,14 @@ * @return array 'headers', 'body', 'cookies' and 'response' keys. */ function request($url, $args = array()) { - $defaults = array( - 'method' => 'GET', 'timeout' => 5, - 'redirection' => 5, 'httpversion' => '1.0', - 'blocking' => true, - 'headers' => array(), 'body' => null, 'cookies' => array() - ); + $config = new WP_Http_Config($url); - $r = wp_parse_args( $args, $defaults ); - - if ( isset($r['headers']['User-Agent']) ) { - $r['user-agent'] = $r['headers']['User-Agent']; - unset($r['headers']['User-Agent']); - } else if( isset($r['headers']['user-agent']) ) { - $r['user-agent'] = $r['headers']['user-agent']; - unset($r['headers']['user-agent']); + $r = $args; + if( ! isset($args['processed']) && ! $args['processed'] ) { + $config->process($args); + $r = $config->get_arguments(); } - // Construct Cookie: header if any cookies are set - WP_Http::buildCookieHeader( $r ); - switch ( $r['method'] ) { case 'POST': $r['method'] = HTTP_METH_POST; @@ -1225,7 +1330,7 @@ if ( ! $r['blocking'] ) return array( 'headers' => array(), 'body' => '', 'response' => array('code' => false, 'message' => false), 'cookies' => array() ); - $headers_body = WP_HTTP::processResponse($strResponse); + $headers_body = WP_Http::processResponse($strResponse); $theHeaders = $headers_body['headers']; $theBody = $headers_body['body']; unset($headers_body); @@ -1284,26 +1389,14 @@ * @return array 'headers', 'body', 'cookies' and 'response' keys. */ function request($url, $args = array()) { - $defaults = array( - 'method' => 'GET', 'timeout' => 5, - 'redirection' => 5, 'httpversion' => '1.0', - 'blocking' => true, - 'headers' => array(), 'body' => null, 'cookies' => array() - ); + $config = new WP_Http_Config($url); - $r = wp_parse_args( $args, $defaults ); - - if ( isset($r['headers']['User-Agent']) ) { - $r['user-agent'] = $r['headers']['User-Agent']; - unset($r['headers']['User-Agent']); - } else if( isset($r['headers']['user-agent']) ) { - $r['user-agent'] = $r['headers']['user-agent']; - unset($r['headers']['user-agent']); + $r = $args; + if( ! isset($args['processed']) && ! $args['processed'] ) { + $config->process($args); + $r = $config->get_arguments(); } - // Construct Cookie: header if any cookies are set. - WP_Http::buildCookieHeader( $r ); - $handle = curl_init(); // cURL offers really easy proxy support.