Opened 5 years ago
Closed 5 years ago
#7224 closed enhancement (duplicate)
wp_get_http, discover_pingback_server_uri does not consider HTTP chuck format
| Reported by: |
|
Owned by: |
|
|---|---|---|---|
| Priority: | normal | Milestone: | |
| Component: | General | Version: | 2.6 |
| Severity: | major | Keywords: | |
| Cc: |
Description
wp_get_http() at wp-includes/functions.php, discover_pingback_server_uri() at wp-includes/comment.php speaks HTTP with fcoskopen(), fputs(), fgets(), fread(). But, thease codes does not consider HTTP chunk format.
If the server returns chunk format, received data will be malformed.
The chunk format is described in http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html
To handle chunk format, check Transfer-Encoding field in HTTP header, and read chunk-size and the content.
Attachments (2)
Change History (11)
HTTP/1.0 does not understand chunked-encoding, therefore, should not accept the header and ignore it. If it is received, then the standard states that we must send a 501 response back.
HTTP/1.0 does not understand chunked-encoding
The function in question should be set to use 1.0, I believe the function in question uses HTTP/1.1, which is probably the reason the server is returning that content type.
comment:5
jacobsantos — 5 years ago
- Owner changed from anonymous to jacobsantos
comment:6
jacobsantos — 5 years ago
- Status changed from new to assigned
comment:7
jacobsantos — 5 years ago
I think the easiest way to fix this problem is to use HTTP 1.0 instead.
This can use the new HTTP API WP_Http method for decoding chunked transfer-encoding messages. I'm not sure if the team wants to convert those functions over to the new HTTP API yet. I think the HTTP API is stable enough, but there does seem to still be problems.
comment:9
jacobsantos — 5 years ago
- Keywords HTTP chuck removed
- Milestone 2.7 deleted
- Resolution set to duplicate
- Status changed from assigned to closed
Superceded by #7793.
Patch for discover_pingback_server_uri()