Ticket #24646: 24646.diff
| File 24646.diff, 6.7 KB (added by , 10 years ago) |
|---|
-
wp-admin/includes/class-wp-importer.php
183 183 184 184 $headers = array(); 185 185 $args = array(); 186 $args['reject_unsafe_urls'] = true;187 186 if ( true === $head ) 188 187 $args['method'] = 'HEAD'; 189 188 if ( !empty( $username ) && !empty( $password ) ) … … 191 190 192 191 $args['headers'] = $headers; 193 192 194 return wp_ remote_request( $url, $args );193 return wp_safe_remote_request( $url, $args ); 195 194 } 196 195 197 196 /** -
wp-admin/includes/file.php
497 497 if ( ! $tmpfname ) 498 498 return new WP_Error('http_no_file', __('Could not create Temporary file.')); 499 499 500 $response = wp_ remote_get( $url, array( 'timeout' => $timeout, 'stream' => true, 'filename' => $tmpfname, 'reject_unsafe_urls' => true ));500 $response = wp_safe_remote_get( $url, array( 'timeout' => $timeout, 'stream' => true, 'filename' => $tmpfname ); 501 501 502 502 if ( is_wp_error( $response ) ) { 503 503 unlink( $tmpfname ); -
wp-includes/class-feed.php
69 69 $args = array( 70 70 'timeout' => $this->timeout, 71 71 'redirection' => $this->redirects, 72 'reject_unsafe_urls' => true,73 72 ); 74 73 75 74 if ( !empty($this->headers) ) … … 78 77 if ( SIMPLEPIE_USERAGENT != $this->useragent ) //Use default WP user agent unless custom has been specified 79 78 $args['user-agent'] = $this->useragent; 80 79 81 $res = wp_ remote_request($url, $args);80 $res = wp_safe_remote_request($url, $args); 82 81 83 82 if ( is_wp_error($res) ) { 84 83 $this->error = 'WP HTTP Error: ' . $res->get_error_message(); -
wp-includes/class-oembed.php
113 113 $providers = array(); 114 114 115 115 // Fetch URL content 116 if ( $html = wp_remote_retrieve_body( wp_ remote_get( $url, array( 'reject_unsafe_urls' => true )) ) ) {116 if ( $html = wp_remote_retrieve_body( wp_safe_remote_get( $url ) ) ) { 117 117 118 118 // <link> types that contain oEmbed provider URLs 119 119 $linktypes = apply_filters( 'oembed_linktypes', array( … … 195 195 */ 196 196 function _fetch_with_format( $provider_url_with_args, $format ) { 197 197 $provider_url_with_args = add_query_arg( 'format', $format, $provider_url_with_args ); 198 $response = wp_ remote_get( $provider_url_with_args, array( 'reject_unsafe_urls' => true ));198 $response = wp_safe_remote_get( $provider_url_with_args ); 199 199 if ( 501 == wp_remote_retrieve_response_code( $response ) ) 200 200 return new WP_Error( 'not-implemented' ); 201 201 if ( ! $body = wp_remote_retrieve_body( $response ) ) -
wp-includes/class-wp-xmlrpc-server.php
5392 5392 $http_api_args = array( 5393 5393 'timeout' => 10, 5394 5394 'redirection' => 0, 5395 'reject_unsafe_urls' => true,5396 5395 'limit_response_size' => 153600, // 150 KB 5397 5396 ); 5398 $linea = wp_remote_retrieve_body( wp_ remote_get( $pagelinkedfrom, $http_api_args ) );5397 $linea = wp_remote_retrieve_body( wp_safe_remote_get( $pagelinkedfrom, $http_api_args ) ); 5399 5398 5400 5399 if ( !$linea ) 5401 5400 return $this->pingback_error( 16, __( 'The source URL does not exist.' ) ); -
wp-includes/comment.php
1658 1658 if ( 0 === strpos($url, $uploads_dir['baseurl']) ) 1659 1659 return false; 1660 1660 1661 $response = wp_ remote_head( $url, array( 'timeout' => 2, 'httpversion' => '1.0', 'reject_unsafe_urls' => true) );1661 $response = wp_safe_remote_head( $url, array( 'timeout' => 2, 'httpversion' => '1.0' ) ); 1662 1662 1663 1663 if ( is_wp_error( $response ) ) 1664 1664 return false; … … 1671 1671 return false; 1672 1672 1673 1673 // Now do a GET since we're going to look in the html headers (and we're sure it's not a binary file) 1674 $response = wp_ remote_get( $url, array( 'timeout' => 2, 'httpversion' => '1.0', 'reject_unsafe_urls' => true) );1674 $response = wp_safe_remote_get( $url, array( 'timeout' => 2, 'httpversion' => '1.0' ) ); 1675 1675 1676 1676 if ( is_wp_error( $response ) ) 1677 1677 return false; … … 1906 1906 1907 1907 $options = array(); 1908 1908 $options['timeout'] = 4; 1909 $options['reject_unsafe_urls'] = true;1910 1909 $options['body'] = array( 1911 1910 'title' => $title, 1912 1911 'url' => get_permalink($ID), … … 1914 1913 'excerpt' => $excerpt 1915 1914 ); 1916 1915 1917 $response = wp_ remote_post($trackback_url, $options);1916 $response = wp_safe_remote_post( $trackback_url, $options ); 1918 1917 1919 1918 if ( is_wp_error( $response ) ) 1920 1919 return; -
wp-includes/functions.php
496 496 497 497 $options = array(); 498 498 $options['redirection'] = 5; 499 $options['reject_unsafe_urls'] = true;500 499 501 500 if ( false == $file_path ) 502 501 $options['method'] = 'HEAD'; … … 503 502 else 504 503 $options['method'] = 'GET'; 505 504 506 $response = wp_ remote_request($url, $options);505 $response = wp_safe_remote_request( $url, $options ); 507 506 508 507 if ( is_wp_error( $response ) ) 509 508 return false; … … 544 543 if ( !empty( $deprecated ) ) 545 544 _deprecated_argument( __FUNCTION__, '2.7' ); 546 545 547 $response = wp_ remote_head( $url, array( 'reject_unsafe_urls' => true ));546 $response = wp_safe_remote_head( $url ); 548 547 549 548 if ( is_wp_error( $response ) ) 550 549 return false; … … 759 758 760 759 $options = array(); 761 760 $options['timeout'] = 10; 762 $options['reject_unsafe_urls'] = true;763 761 764 $response = wp_ remote_get( $uri, $options );762 $response = wp_safe_remote_get( $uri, $options ); 765 763 766 764 if ( is_wp_error( $response ) ) 767 765 return false; -
wp-includes/rss.php
536 536 * @return Snoopy style response 537 537 */ 538 538 function _fetch_remote_file($url, $headers = "" ) { 539 $resp = wp_ remote_request($url, array('headers' => $headers, 'timeout' => MAGPIE_FETCH_TIME_OUT, 'reject_unsafe_urls' => true ));539 $resp = wp_safe_remote_request( $url, array( 'headers' => $headers, 'timeout' => MAGPIE_FETCH_TIME_OUT ) ); 540 540 if ( is_wp_error($resp) ) { 541 541 $error = array_shift($resp->errors); 542 542