WordPress.org

Make WordPress Core

Ticket #17490: 17490-2.diff

File 17490-2.diff, 1.7 KB (added by simonwheatley, 6 years ago)

Handle redirections outside Curl

  • wp-includes/class-http.php

     
    10421042                curl_setopt( $handle, CURLOPT_SSL_VERIFYHOST, ( $ssl_verify === true ) ? 2 : false );
    10431043                curl_setopt( $handle, CURLOPT_SSL_VERIFYPEER, $ssl_verify );
    10441044                curl_setopt( $handle, CURLOPT_USERAGENT, $r['user-agent'] );
    1045                 curl_setopt( $handle, CURLOPT_MAXREDIRS, $r['redirection'] );
     1045                curl_setopt( $handle, CURLOPT_MAXREDIRS, 0 );
    10461046
    10471047                switch ( $r['method'] ) {
    10481048                        case 'HEAD':
     
    10741074                        curl_setopt( $handle, CURLOPT_FILE, $stream_handle );
    10751075                }
    10761076
    1077                 // The option doesn't work with safe mode or when open_basedir is set.
    1078                 if ( !ini_get('safe_mode') && !ini_get('open_basedir') && 0 !== $r['_redirection'] )
    1079                         curl_setopt( $handle, CURLOPT_FOLLOWLOCATION, true );
     1077                // The option doesn't work with safe mode or when open_basedir is set, and there's a
     1078                // bug #17490 with redirected POST requests, so handle redirections outside Curl.
     1079                curl_setopt( $handle, CURLOPT_FOLLOWLOCATION, false );
    10801080
    10811081                if ( !empty( $r['headers'] ) ) {
    10821082                        // cURL expects full header strings in each element
     
    11301130                        fclose( $stream_handle );
    11311131
    11321132                // See #11305 - When running under safe mode, redirection is disabled above. Handle it manually.
    1133                 if ( ! empty( $theHeaders['headers']['location'] ) && ( ini_get( 'safe_mode' ) || ini_get( 'open_basedir' ) ) && 0 !== $r['_redirection'] ) {
     1133                if ( ! empty( $theHeaders['headers']['location'] ) && 0 !== $r['_redirection'] ) {
    11341134                        if ( $r['redirection']-- > 0 ) {
    11351135                                return $this->request( $theHeaders['headers']['location'], $r );
    11361136                        } else {