WordPress Bug - PHP Warning Message "Unable to parse URL"

[onetarek]

Today I was viewing the error_log. I found thousands thousands warning message like following.

[20-Sep-2012 09:33:46] PHP Warning: parse_url(:blogsearch.google.ae/ping/RPC2) [<a href='function.parse-url'>function.parse-url</a>]: Unable to parse URL in /home/...../public_html/wp-includes/class-http.php on line 120

I found the issue. We have a list of blog directory to ping in this page ​http://example.com/wp-admin/options-writing.php

rpc.pingomatic.com
api.feedster.com/ping
​http://api.moreover.com/ping
........and more......

Some of those are not started with ​http://
When a post is published/updated, WP pings those urls and the warning message is occurred. Any one can test this problem by adding urls with out ​http:// in your ping list.
When I added this missing ​http:// to all urls the problem was solved.
I opened the core file wp-includes/class-http.php on line 120
There is a function parse_url($url).
This function returns the warning message.

Wordpress should check if the $url contains ​http:// or not, before parsing.

No, the correct course of action is for you to add the missing http://. A URL without a scheme is not a valid URL: ​http://en.wikipedia.org/wiki/URI_scheme#Generic_syntax

Actually, I don't even see the field you mention in wp-admin/options-writing.php. Are you sure you're using WP 3.4.2?

Nevermind, it's disabled on MultiSite.

We should validate the entered URLs before they're saved to the database. Currently, I can insert whatever I want in there.

Replying to scribu:

Actually, I don't even see the field you mention in wp-admin/options-writing.php. Are you sure you're using WP 3.4.2?

Screenshot of my /wp-admin/options-writing.php

Replying to scribu:

No, the correct course of action is for you to add the missing http://. A URL without a scheme is not a valid URL: ​http://en.wikipedia.org/wiki/URI_scheme#Generic_syntax

Yes I know, But human can mistake and system should check before use.

You are correct. But as said by reporter, its possible to make mistake. But we should not let system save it without checking and keep making error with each update. Need to look into this matter. I am also getting GBs of error log mostly filled with this.

Replying to scribu:

No, the correct course of action is for you to add the missing http://. A URL without a scheme is not a valid URL: ​http://en.wikipedia.org/wiki/URI_scheme#Generic_syntax

Hm... I had meant to reopen when I switched the milestone back. So yeah, needs patch.

Replying to SergeyBiryukov:
I tested the patch.
It does not solve the problem. I am still getting that warning message.
I just edited wp-includes/formatting.php file with following codes from the patch file.

case 'ping_sites':
	$value = strip_tags( $value );
	$value = wp_kses_data( $value );
        	$ping_sites = array();
		$services = explode( "\n", $value );
		foreach ( (array) $services as $service ) {
			$service = esc_url_raw( trim( $service ) );
			if ( '' != $service )
			$ping_sites[] = $service;
			}
	$value = implode( "\n", $ping_sites );
	break;

I tested with wp 3.4.2

Please set the severity back to minor. Getting a notice message isn't a big deal!

As for your testing, you need to go to wp-admin/options-writing and re-save the settings.

Also, you probably forgot to remove the previous instance of case 'ping_sites':.

Sergey, I don't think running the previous filtering code adds any protection:

$value = strip_tags( $value ); 
$value = wp_kses_data( $value );

since it's then chopped up and ran through esc_url_raw() anyway.

Replying to scribu:

Sergey, I don't think running the previous filtering code adds any protection

Agreed. 21966.2.patch​ is the simplified patch.

In [22255]:

Pass each url in ping_sites through esc_url_raw() upin save. This ensures the urls have a valid protocol and avoids "Unable to parse URL" warning in WP_Http. Props SergeyBiryukov. fixes #21966