Ticket #19023: 19023.ssl_proxy.2.patch
File 19023.ssl_proxy.2.patch, 3.9 KB (added by , 13 years ago) |
---|
-
wp-admin/ssl_proxy.php
1 <?php 2 /** 3 * WordPress SSL Proxy 4 * 5 * @package WordPress 6 * @subpackage Administration 7 */ 8 9 // Get admin libs 10 require_once('./admin.php'); 11 12 // Make sure URL is present 13 if (empty($_REQUEST['url'])) 14 default_image(); 15 16 // Get the URL arg 17 $url = base64_decode($_REQUEST['url']); 18 19 // Check that base64 decoded okay 20 if ( false === $url ) 21 default_image(); 22 23 // Make sure it's a valid URL 24 if ( false === parse_url($url) ) 25 default_image(); 26 27 // Fetch it 28 $req = wp_remote_get(base64_decode($_REQUEST['url'])); 29 30 // Look for errors 31 if ( is_wp_error($req) ) 32 default_image(); 33 34 // Look for error status codes 35 if ( $req['response']['code'] < 200 || $req['response']['code'] >= 400) 36 default_image(); 37 38 // Okay, no errors, show the image 39 if (isset($req['headers']['content-type'])) 40 header('Content-type: ' . $req['headers']['content-type']); 41 echo $req['body']; 42 43 /** 44 * Show the default image. This is called when an error happened. 45 */ 46 function default_image() { 47 header('Content-type: image/gif'); 48 readfile('./images/loading.gif'); 49 die(); 50 } -
wp-admin/edit-comments.php
Property changes on: wp-admin\ssl_proxy.php ___________________________________________________________________ Added: svn:eol-style + native
16 16 17 17 $doaction = $wp_list_table->current_action(); 18 18 19 // Filter out any insecure content to avoid SSL warnings 20 if ( is_ssl() ) 21 add_filter( 'comment_text', 'proxy_insecure_content', 999 ); 22 19 23 if ( $doaction ) { 20 24 check_admin_referer( 'bulk-comments' ); 21 25 -
wp-includes/comment-template.php
615 615 } 616 616 617 617 /** 618 * Filter out any images from insecure sources 619 * @param string $content 620 * @return string 621 */ 622 function proxy_insecure_content($content) { 623 if ( preg_match_all('/src=[\'"]?([^\'">]+)[\'"]?/iS', $content, $matches )) { 624 foreach ( $matches[1] as $k => $v ) { 625 $parts = parse_url($v); 626 if ( $parts === false ) 627 continue; 628 629 // If we can just slap "https://" onto the front, go ahead 630 if ( $parts['host'] == $_SERVER['HTTP_HOST'] ) { 631 $url = str_replace('http://', 'https://', $v); 632 633 // If not, it's probably an external image and needs to be proxied 634 } else { 635 $url = get_ssl_proxy_url($v); 636 } 637 638 // Update the content 639 $content = str_replace($v, $url, $content); 640 } 641 } 642 return $content; 643 } 644 645 /** 646 * Run non-secure items through an SSL proxy 647 * Why base64 encode? mod_security will detect it as an attack otherwise. 648 * @param string $url 649 * @return string 650 */ 651 function get_ssl_proxy_url($url) { 652 return get_admin_url() . 'ssl_proxy.php?url=' . base64_encode($url); 653 } 654 655 /** 618 656 * Retrieve the comment time of the current comment. 619 657 * 620 658 * @since 1.5.0 -
wp-admin/admin-ajax.php
733 733 $wp_list_table = _get_list_table( $checkbox ? 'WP_Comments_List_Table' : 'WP_Post_Comments_List_Table' ); 734 734 735 735 ob_start(); 736 // Filter out any insecure content to avoid SSL warnings 737 if ( is_ssl() ) 738 add_filter( 'comment_text', 'proxy_insecure_content', 999 ); 736 739 $wp_list_table->single_row( get_comment( $comment_id ) ); 737 740 $comment_list_item = ob_get_contents(); 738 741 ob_end_clean();