Ticket #4779: http.r6350.patch
| File http.r6350.patch, 17.9 KB (added by darkdragon, 7 years ago) |
|---|
-
wp-admin/includes/update.php
40 40 } 41 41 add_action( 'admin_notices', 'update_nag', 3 ); 42 42 43 function wp_update_plugins () {43 function wp_update_plugins_user_agent($useragent) { 44 44 global $wp_version; 45 return 'User-Agent: WordPress/' . $wp_version . '; ' . get_bloginfo('url') . "\r\n" 46 } 45 47 46 if ( !function_exists('fsockopen') ) 47 return false; 48 function wp_update_plugins() { 48 49 49 50 $plugins = get_plugins(); 50 51 $active = get_option( 'active_plugins' ); … … 77 78 $to_send->active = $active; 78 79 $send = serialize( $to_send ); 79 80 81 add_filter('http_headers_useragent', 'wp_update_plugins_user_agent', 1); 82 80 83 $request = 'plugins=' . urlencode( $send ); 81 $http_request = "POST /plugins/update-check/1.0/ HTTP/1.0\r\n";82 $http_request .= "Host: api.wordpress.org\r\n";83 84 $http_request .= "Content-Type: application/x-www-form-urlencoded; charset=" . get_option('blog_charset') . "\r\n"; 84 85 $http_request .= "Content-Length: " . strlen($request) . "\r\n"; 85 $http_request .= 'User-Agent: WordPress/' . $wp_version . '; ' . get_bloginfo('url') . "\r\n";86 $http_request .= "\r\n";87 $http_request .= $request;88 86 89 $response = ''; 90 if( false != ( $fs = @fsockopen( 'api.wordpress.org', 80, $errno, $errstr, 3) ) && is_resource($fs) ) { 91 fwrite($fs, $http_request); 87 $objResponse = wp_remote_post_object('api.wordpress.org/plugins/update-check/1.0/', $http_request, $request); 92 88 93 while ( !feof($fs) ) 94 $response .= fgets($fs, 1160); // One TCP-IP packet 95 fclose($fs); 96 $response = explode("\r\n\r\n", $response, 2); 89 remove_filter('http_headers_useragent', 'wp_update_plugins_user_agent', 1); 90 91 if( true === $objResponse->hasError() ) { 92 unset($objResponse); 93 return; 97 94 } 98 95 99 $response = unserialize( $response[1] ); 96 $body = $objResponse->getBody(); 97 $response = unserialize( $body ); 100 98 101 99 if ( $response ) 102 100 $new_option->response = $response; -
wp-admin/update-links.php
1 1 <?php 2 2 require_once('../wp-config.php'); 3 require_once( ABSPATH . 'wp-includes/class-snoopy.php');4 3 5 4 if ( !get_option('use_linksupdate') ) 6 5 wp_die(__('Feature disabled.')); … … 14 13 15 14 $query_string = "uris=$link_uris"; 16 15 17 $http_request = "POST /updated-batch/ HTTP/1.0\r\n";18 $http_request .= "Host: api.pingomatic.com\r\n";19 16 $http_request .= 'Content-Type: application/x-www-form-urlencoded; charset='.get_option('blog_charset')."\r\n"; 20 17 $http_request .= 'Content-Length: ' . strlen($query_string) . "\r\n"; 21 $http_request .= 'User-Agent: WordPress/' . $wp_version . "\r\n";22 $http_request .= "\r\n";23 $http_request .= $query_string;24 18 25 $response = ''; 26 if ( false !== ( $fs = @fsockopen('api.pingomatic.com', 80, $errno, $errstr, 5) ) ) { 27 fwrite($fs, $http_request); 28 while ( !feof($fs) ) 29 $response .= fgets($fs, 1160); // One TCP-IP packet 30 fclose($fs); 19 $objResponse = wp_remote_post_object('http://api.pingomatic.org/updated-batch/', $http_request, $query_string); 31 20 32 $response = explode("\r\n\r\n", $response, 2); 33 $body = trim( $response[1]);34 $body = str_replace(array("\r\n", "\r"), "\n", $body); 21 if( true === $objResponse->hasError() ) { 22 wp_die(__('No Connection Established')); 23 } 35 24 36 $returns = explode("\n", $body); 25 $body = trim( $objResponse->getBody() ); 26 $returns = explode("\n", $body); 37 27 38 39 40 41 42 43 } 44 ?> 28 foreach ($returns as $return) : 29 $time = $wpdb->escape( substr($return, 0, 19) ); 30 $uri = $wpdb->escape( preg_replace('/(.*?) | (.*?)/', '$2', $return) ); 31 $wpdb->query("UPDATE $wpdb->links SET link_updated = '$time' WHERE link_url = '$uri'"); 32 endforeach; 33 ?> 34 No newline at end of file -
wp-includes/comment.php
532 532 $headers = ''; 533 533 $pingback_str_dquote = 'rel="pingback"'; 534 534 $pingback_str_squote = 'rel=\'pingback\''; 535 $x_pingback_str = 'x-pingback :';535 $x_pingback_str = 'x-pingback'; 536 536 $pingback_href_original_pos = 27; 537 537 538 extract(parse_url($url), EXTR_SKIP); 538 $objResponse = wp_remote_get_object($url, null, null, 2); 539 540 $x_pingback_header = $objResponse->getHeaders($x_pingback_str); 541 if( false === $x_pingback_header ) 542 foreach($objResponse->getHeaders() as $name => $value) { 543 if( 0 == strcasecmp($x_pingback_str, $name) ) 544 $x_pingback_header = $value; 539 545 540 if ( !isset($host) ) // Not an URL. This should never happen. 541 return false; 546 $content_type = trim($objResponse->getHeaders('Content-type')); 542 547 543 $path = ( !isset($path) ) ? '/' : $path; 544 $path .= ( isset($query) ) ? '?' . $query : ''; 545 $port = ( isset($port) ) ? $port : 80; 546 547 // Try to connect to the server at $host 548 $fp = @fsockopen($host, $port, $errno, $errstr, 2); 549 if ( !$fp ) // Couldn't open a connection to $host 548 if ( preg_match('#(image|audio|video|model)/#is', $content_type) ) // Not an (x)html, sgml, or xml page, no use going further 550 549 return false; 551 550 552 // Send the GET request 553 $request = "GET $path HTTP/1.1\r\nHost: $host\r\nUser-Agent: WordPress/$wp_version \r\n\r\n"; 554 // ob_end_flush(); 555 fputs($fp, $request); 556 557 // Let's check for an X-Pingback header first 558 while ( !feof($fp) ) { 559 $line = fgets($fp, 512); 560 if ( trim($line) == '' ) 561 break; 562 $headers .= trim($line)."\n"; 563 $x_pingback_header_offset = strpos(strtolower($headers), $x_pingback_str); 564 if ( $x_pingback_header_offset ) { 565 // We got it! 566 preg_match('#x-pingback: (.+)#is', $headers, $matches); 567 $pingback_server_url = trim($matches[1]); 551 $contents .= trim($objResponse->getBody()); 552 $pingback_link_offset_dquote = strpos($contents, $pingback_str_dquote); 553 $pingback_link_offset_squote = strpos($contents, $pingback_str_squote); 554 if ( $pingback_link_offset_dquote || $pingback_link_offset_squote ) { 555 $quote = ($pingback_link_offset_dquote) ? '"' : '\''; 556 $pingback_link_offset = ($quote=='"') ? $pingback_link_offset_dquote : $pingback_link_offset_squote; 557 $pingback_href_pos = @strpos($contents, 'href=', $pingback_link_offset); 558 $pingback_href_start = $pingback_href_pos+6; 559 $pingback_href_end = @strpos($contents, $quote, $pingback_href_start); 560 $pingback_server_url_len = $pingback_href_end - $pingback_href_start; 561 $pingback_server_url = substr($contents, $pingback_href_start, $pingback_server_url_len); 562 // We may find rel="pingback" but an incomplete pingback URL 563 if ( $pingback_server_url_len > 0 ) // We got it! 568 564 return $pingback_server_url; 569 }570 if ( strpos(strtolower($headers), 'content-type: ') ) {571 preg_match('#content-type: (.+)#is', $headers, $matches);572 $content_type = trim($matches[1]);573 }574 565 } 575 576 if ( preg_match('#(image|audio|video|model)/#is', $content_type) ) // Not an (x)html, sgml, or xml page, no use going further 566 $byte_count += strlen($line); 567 if ( $byte_count > $timeout_bytes ) { 568 // It's no use going further, there probably isn't any pingback 569 // server to find in this file. (Prevents loading large files.) 577 570 return false; 578 579 while ( !feof($fp) ) {580 $line = fgets($fp, 1024);581 $contents .= trim($line);582 $pingback_link_offset_dquote = strpos($contents, $pingback_str_dquote);583 $pingback_link_offset_squote = strpos($contents, $pingback_str_squote);584 if ( $pingback_link_offset_dquote || $pingback_link_offset_squote ) {585 $quote = ($pingback_link_offset_dquote) ? '"' : '\'';586 $pingback_link_offset = ($quote=='"') ? $pingback_link_offset_dquote : $pingback_link_offset_squote;587 $pingback_href_pos = @strpos($contents, 'href=', $pingback_link_offset);588 $pingback_href_start = $pingback_href_pos+6;589 $pingback_href_end = @strpos($contents, $quote, $pingback_href_start);590 $pingback_server_url_len = $pingback_href_end - $pingback_href_start;591 $pingback_server_url = substr($contents, $pingback_href_start, $pingback_server_url_len);592 // We may find rel="pingback" but an incomplete pingback URL593 if ( $pingback_server_url_len > 0 ) // We got it!594 return $pingback_server_url;595 }596 $byte_count += strlen($line);597 if ( $byte_count > $timeout_bytes ) {598 // It's no use going further, there probably isn't any pingback599 // server to find in this file. (Prevents loading large files.)600 return false;601 }602 571 } 603 572 604 573 // We didn't find anything. … … 764 733 765 734 if ( empty($trackback_url) ) 766 735 return; 767 736 st); 768 737 $title = urlencode($title); 769 738 $excerpt = urlencode($excerpt); 770 739 $blog_name = urlencode(get_option('blogname')); … … 772 741 $url = urlencode(get_permalink($ID)); 773 742 $query_string = "title=$title&url=$url&blog_name=$blog_name&excerpt=$excerpt"; 774 743 $trackback_url = parse_url($trackback_url); 744 745 775 746 $http_request = 'POST ' . $trackback_url['path'] . ($trackback_url['query'] ? '?'.$trackback_url['query'] : '') . " HTTP/1.0\r\n"; 776 747 $http_request .= 'Host: '.$trackback_url['host']."\r\n"; 777 748 $http_request .= 'Content-Type: application/x-www-form-urlencoded; charset='.get_option('blog_charset')."\r\n"; … … 782 753 if ( '' == $trackback_url['port'] ) 783 754 $trackback_url['port'] = 80; 784 755 $fs = @fsockopen($trackback_url['host'], $trackback_url['port'], $errno, $errstr, 4); 785 @fputs($fs, $http_reque st);756 @fputs($fs, $http_reque 786 757 @fclose($fs); 787 758 788 759 $tb_url = addslashes( $tb_url ); -
wp-includes/cron.php
82 82 return; 83 83 84 84 $cron_url = get_option( 'siteurl' ) . '/wp-cron.php'; 85 $parts = parse_url( $cron_url );86 85 87 if ($parts['scheme'] == 'https') { 88 // support for SSL was added in 4.3.0 89 if (version_compare(phpversion(), '4.3.0', '>=') && function_exists('openssl_open')) { 90 $port = isset($parts['port']) ? $parts['port'] : 443; 91 $argyle = @fsockopen('ssl://' . $parts['host'], $port, $errno, $errstr, 0.01); 92 } else { 93 return false; 94 } 95 } else { 96 $port = isset($parts['port']) ? $parts['port'] : 80; 97 $argyle = @ fsockopen( $parts['host'], $port, $errno, $errstr, 0.01 ); 98 } 99 100 if ( $argyle ) 101 fputs( $argyle, 102 "GET {$parts['path']}?check=" . wp_hash('187425') . " HTTP/1.0\r\n" 103 . "Host: {$_SERVER['HTTP_HOST']}\r\n\r\n" 104 ); 86 wp_remote_post_object($cron_url.'?check='.wp_hash('187425'), null, null, 0.2); 105 87 } 106 88 107 89 function wp_cron() { -
wp-includes/functions.php
533 533 } 534 534 } 535 535 536 537 function wp_get_http_headers( $url, $red = 1 ) { 538 global $wp_version; 539 @set_time_limit( 60 ); 540 541 if ( $red > 5 ) 542 return false; 543 544 $parts = parse_url( $url ); 545 $file = $parts['path'] . ( ( $parts['query'] ) ? '?' . $parts['query'] : '' ); 546 $host = $parts['host']; 547 if ( !isset( $parts['port'] ) ) 548 $parts['port'] = 80; 549 550 $head = "HEAD $file HTTP/1.1\r\nHOST: $host\r\nUser-Agent: WordPress/" . $wp_version . "\r\n\r\n"; 551 552 $fp = @fsockopen( $host, $parts['port'], $err_num, $err_msg, 3 ); 553 if ( !$fp ) 554 return false; 555 556 $response = ''; 557 fputs( $fp, $head ); 558 while ( !feof( $fp ) && strpos( $response, "\r\n\r\n" ) == false ) 559 $response .= fgets( $fp, 2048 ); 560 fclose( $fp ); 561 preg_match_all( '/(.*?): (.*)\r/', $response, $matches ); 562 $count = count( $matches[1] ); 563 for ( $i = 0; $i < $count; $i++ ) { 564 $key = strtolower( $matches[1][$i] ); 565 $headers["$key"] = $matches[2][$i]; 566 } 567 568 preg_match( '/.*([0-9]{3}).*/', $response, $return ); 569 $headers['response'] = $return[1]; // HTTP response code eg 204, 200, 404 570 571 $code = $headers['response']; 572 if ( ( '302' == $code || '301' == $code ) && isset( $headers['location'] ) ) 573 return wp_get_http_headers( $headers['location'], ++$red ); 574 575 return $headers; 536 /** 537 * Returns only the headers from the URL 538 * 539 * @package WordPress 540 * @since 1.5.1 541 * @uses wp_remote_get_head() Is alias of wp_remote_get_head() 542 * @deprecated Use wp_remote_get_head() instead. 543 * 544 * @param string $url The URL to retrieve the headers from. 545 * @param int $deprecated Deprecated. Not used any more. 546 * @returns array Each header has key/value pair with key as the header name. 547 */ 548 function wp_get_http_headers( $url, $deprecated = 1 ) { 549 return wp_remote_get_head($url); 576 550 } 577 551 578 552 … … 699 673 return $array; 700 674 } 701 675 676 /** 677 * Returns only the body from the URL 678 * 679 * @package WordPress 680 * @since 1.5.1 681 * @uses wp_remote_get_body() Is alias of wp_remote_get_body() 682 * @deprecated Use wp_remote_get_body() instead. 683 * 684 * @param string $url The URL to retrieve the headers from. 685 * @returns string The body of hte response 686 */ 702 687 function wp_remote_fopen( $uri ) { 703 $timeout = 10; 704 $parsed_url = @parse_url( $uri ); 705 706 if ( !$parsed_url || !is_array( $parsed_url ) ) 707 return false; 708 709 if ( !isset( $parsed_url['scheme'] ) || !in_array( $parsed_url['scheme'], array( 'http','https' ) ) ) 710 $uri = 'http://' . $uri; 711 712 if ( ini_get( 'allow_url_fopen' ) ) { 713 $fp = @fopen( $uri, 'r' ); 714 if ( !$fp ) 715 return false; 716 717 //stream_set_timeout($fp, $timeout); // Requires php 4.3 718 $linea = ''; 719 while ( $remote_read = fread( $fp, 4096 ) ) 720 $linea .= $remote_read; 721 fclose( $fp ); 722 return $linea; 723 } elseif ( function_exists( 'curl_init' ) ) { 724 $handle = curl_init(); 725 curl_setopt( $handle, CURLOPT_URL, $uri); 726 curl_setopt( $handle, CURLOPT_CONNECTTIMEOUT, 1 ); 727 curl_setopt( $handle, CURLOPT_RETURNTRANSFER, 1 ); 728 curl_setopt( $handle, CURLOPT_TIMEOUT, $timeout ); 729 $buffer = curl_exec( $handle ); 730 curl_close( $handle ); 731 return $buffer; 732 } else { 733 return false; 734 } 688 return wp_remote_get_body($uri, null, null, 10); 735 689 } 736 690 737 691 -
wp-includes/update.php
7 7 */ 8 8 9 9 /** 10 * wp_version_check() -Check WordPress version against the newest version.10 * Check WordPress version against the newest version. 11 11 * 12 12 * The WordPress version, PHP version, and Locale is sent. Checks against the WordPress server at 13 * api.wordpress.org server. Will only check if PHP has fsockopen enabled andWordPress isn't installing.13 * api.wordpress.org server. Will only check if WordPress isn't installing. 14 14 * 15 15 * @package WordPress 16 16 * @since 2.3 … … 19 19 * @return mixed Returns null if update is unsupported. Returns false if check is too soon. 20 20 */ 21 21 function wp_version_check() { 22 if ( !function_exists('fsockopen') ||strpos($_SERVER['PHP_SELF'], 'install.php') !== false || defined('WP_INSTALLING') )22 if ( strpos($_SERVER['PHP_SELF'], 'install.php') !== false || defined('WP_INSTALLING') ) 23 23 return; 24 24 25 25 global $wp_version; … … 36 36 return false; 37 37 38 38 $new_option = ''; 39 $new_option->last_checked = time(); // this gets set whether we get a response or not, so if something is down or misconfigured it won't delay the page load for more than 3 seconds, twice a day 39 // this gets set whether we get a response or not, so if something is down or misconfigured it won't delay the page load for more than 3 seconds, twice a day 40 $new_option->last_checked = time(); 40 41 $new_option->version_checked = $wp_version; 41 42 42 $http_request = "GET /core/version-check/1.0/?version=$wp_version&php=$php_version&locale=$locale HTTP/1.0\r\n";43 $http_request .= "Host: api.wordpress.org\r\n";44 43 $http_request .= 'Content-Type: application/x-www-form-urlencoded; charset=' . get_option('blog_charset') . "\r\n"; 45 $http_request .= 'User-Agent: WordPress/' . $wp_version . '; ' . get_bloginfo('url') . "\r\n";46 $http_request .= "\r\n";47 44 48 $response = ''; 49 if ( false !== ( $fs = @fsockopen( 'api.wordpress.org', 80, $errno, $errstr, 3 ) ) && is_resource($fs) ) { 50 fwrite( $fs, $http_request ); 51 while ( !feof( $fs ) ) 52 $response .= fgets( $fs, 1160 ); // One TCP-IP packet 53 fclose( $fs ); 45 add_filter('http_headers_useragent', 'wp_version_check_useragent', 1); 46 $body = wp_remote_get_body('http://api.wordpress.org/core/version-check/1.0/?version=$wp_version&php=$php_version&locale=$locale', $http_request, null, 3); 47 remove_filter('http_headers_useragent', 'wp_version_check_useragent', 1); 54 48 55 $response = explode("\r\n\r\n", $response, 2); 56 $body = trim( $response[1] ); 57 $body = str_replace(array("\r\n", "\r"), "\n", $body); 49 $returns = explode("\n", trim($body) ); 58 50 59 $returns = explode("\n", $body); 51 $new_option->response = $returns[0]; 52 if ( isset( $returns[1] ) ) 53 $new_option->url = $returns[1]; 60 54 61 $new_option->response = $returns[0];62 if ( isset( $returns[1] ) )63 $new_option->url = $returns[1];64 }65 55 update_option( 'update_core', $new_option ); 66 56 } 67 57 58 /** 59 * Changes filter for the wp_version_check useragent 60 * 61 * @package WordPress 62 * @since Unknown 63 * @uses $wp_version Used to check against the newest WordPress version. 64 * 65 * @param string $useragent Ignores passed useragent 66 * @return string Bypasses string and returns new user agent. 67 */ 68 function wp_version_check_useragent($useragent) { 69 global $wp_version; 70 return 'User-Agent: WordPress/' . $wp_version . '; ' . get_bloginfo('url') . "\r\n"; 71 } 72 68 73 add_action( 'init', 'wp_version_check' ); 69 74 70 75 ?> 76 No newline at end of file -
wp-settings.php
119 119 require (ABSPATH . WPINC . '/compat.php'); 120 120 require (ABSPATH . WPINC . '/functions.php'); 121 121 require (ABSPATH . WPINC . '/classes.php'); 122 require (ABSPATH . WPINC . '/http.php'); 122 123 123 124 require_wp_db(); 124 125 $prefix = $wpdb->set_prefix($table_prefix);
