WordPress.org

Make WordPress Core

Ticket #17490: 17490-2.diff

File 17490-2.diff, 1.7 KB (added by simonwheatley, 2 years ago)

Handle redirections outside Curl

  • wp-includes/class-http.php

     
    10421042                curl_setopt( $handle, CURLOPT_SSL_VERIFYHOST, ( $ssl_verify === true ) ? 2 : false ); 
    10431043                curl_setopt( $handle, CURLOPT_SSL_VERIFYPEER, $ssl_verify ); 
    10441044                curl_setopt( $handle, CURLOPT_USERAGENT, $r['user-agent'] ); 
    1045                 curl_setopt( $handle, CURLOPT_MAXREDIRS, $r['redirection'] ); 
     1045                curl_setopt( $handle, CURLOPT_MAXREDIRS, 0 ); 
    10461046 
    10471047                switch ( $r['method'] ) { 
    10481048                        case 'HEAD': 
     
    10741074                        curl_setopt( $handle, CURLOPT_FILE, $stream_handle ); 
    10751075                } 
    10761076 
    1077                 // The option doesn't work with safe mode or when open_basedir is set. 
    1078                 if ( !ini_get('safe_mode') && !ini_get('open_basedir') && 0 !== $r['_redirection'] ) 
    1079                         curl_setopt( $handle, CURLOPT_FOLLOWLOCATION, true ); 
     1077                // The option doesn't work with safe mode or when open_basedir is set, and there's a 
     1078                // bug #17490 with redirected POST requests, so handle redirections outside Curl. 
     1079                curl_setopt( $handle, CURLOPT_FOLLOWLOCATION, false ); 
    10801080 
    10811081                if ( !empty( $r['headers'] ) ) { 
    10821082                        // cURL expects full header strings in each element 
     
    11301130                        fclose( $stream_handle ); 
    11311131 
    11321132                // See #11305 - When running under safe mode, redirection is disabled above. Handle it manually. 
    1133                 if ( ! empty( $theHeaders['headers']['location'] ) && ( ini_get( 'safe_mode' ) || ini_get( 'open_basedir' ) ) && 0 !== $r['_redirection'] ) { 
     1133                if ( ! empty( $theHeaders['headers']['location'] ) && 0 !== $r['_redirection'] ) { 
    11341134                        if ( $r['redirection']-- > 0 ) { 
    11351135                                return $this->request( $theHeaders['headers']['location'], $r ); 
    11361136                        } else {