Ticket #7224 (closed enhancement: duplicate)
wp_get_http, discover_pingback_server_uri does not consider HTTP chuck format
| Reported by: |
|
Owned by: |
|
|---|---|---|---|
| Priority: | normal | Milestone: | |
| Component: | General | Version: | 2.6 |
| Severity: | major | Keywords: | |
| Cc: |
Description
wp_get_http() at wp-includes/functions.php, discover_pingback_server_uri() at wp-includes/comment.php speaks HTTP with fcoskopen(), fputs(), fgets(), fread(). But, thease codes does not consider HTTP chunk format. If the server returns chunk format, received data will be malformed. The chunk format is described in http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html
To handle chunk format, check Transfer-Encoding field in HTTP header, and read chunk-size and the content.
Attachments
-
pingback.patch
(355 bytes) -
added by lilyfan 4 years ago.
- Patch for discover_pingback_server_uri()
-
pingback.diff
(355 bytes) -
added by lilyfan 4 years ago.
- Patch for discover_pingback_server_uri()
Change History
-
attachment
pingback.patch
added
HTTP/1.0 does not understand chunked-encoding, therefore, should not accept the header and ignore it. If it is received, then the standard states that we must send a 501 response back.
HTTP/1.0 does not understand chunked-encoding
The function in question should be set to use 1.0, I believe the function in question uses HTTP/1.1, which is probably the reason the server is returning that content type.
comment:7
jacobsantos — 4 years ago
I think the easiest way to fix this problem is to use HTTP 1.0 instead.
This can use the new HTTP API WP_Http method for decoding chunked transfer-encoding messages. I'm not sure if the team wants to convert those functions over to the new HTTP API yet. I think the HTTP API is stable enough, but there does seem to still be problems.
comment:9
jacobsantos — 3 years ago
- Keywords HTTP chuck removed
- Status changed from assigned to closed
- Resolution set to duplicate
- Milestone 2.7 deleted
Superceded by #7793.
Patch for discover_pingback_server_uri()