Ticket #54659: 54659.diff
File 54659.diff, 16.6 KB (added by , 3 years ago) |
---|
-
src/wp-includes/class-simplepie.php
460 460 public $error; 461 461 462 462 /** 463 * @var int HTTP status code 464 * @see SimplePie::status_code() 465 * @access private 466 */ 467 public $status_code; 468 469 /** 463 470 * @var object Instance of SimplePie_Sanitize (or other class) 464 471 * @see SimplePie::set_sanitize_class() 465 472 * @access private … … 944 951 } 945 952 946 953 /** 954 * Return the filename (i.e. hash, without path and without extension) of the file to cache a given URL. 955 * @param string $url The URL of the feed to be cached. 956 * @return string A filename (i.e. hash, without path and without extension). 957 */ 958 public function get_cache_filename($url) 959 { 960 // Append custom parameters to the URL to avoid cache pollution in case of multiple calls with different parameters. 961 $url .= $this->force_feed ? '#force_feed' : ''; 962 $options = array(); 963 if ($this->timeout != 10) 964 { 965 $options[CURLOPT_TIMEOUT] = $this->timeout; 966 } 967 if ($this->useragent !== SIMPLEPIE_USERAGENT) 968 { 969 $options[CURLOPT_USERAGENT] = $this->useragent; 970 } 971 if (!empty($this->curl_options)) 972 { 973 foreach ($this->curl_options as $k => $v) 974 { 975 $options[$k] = $v; 976 } 977 } 978 if (!empty($options)) 979 { 980 ksort($options); 981 $url .= '#' . urlencode(var_export($options, true)); 982 } 983 return call_user_func($this->cache_name_function, $url); 984 } 985 986 /** 947 987 * Set whether feed items should be sorted into reverse chronological order 948 988 * 949 989 * @param bool $enable Sort as reverse chronological order. … … 1181 1221 $this->strip_attributes(false); 1182 1222 $this->add_attributes(false); 1183 1223 $this->set_image_handler(false); 1224 $this->set_https_domains(array()); 1184 1225 } 1185 1226 } 1186 1227 … … 1284 1325 } 1285 1326 1286 1327 /** 1328 * Set the list of domains for which to force HTTPS. 1329 * @see SimplePie_Sanitize::set_https_domains() 1330 * @param array List of HTTPS domains. Example array('biz', 'example.com', 'example.org', 'www.example.net'). 1331 */ 1332 public function set_https_domains($domains = array()) 1333 { 1334 if (is_array($domains)) 1335 { 1336 $this->sanitize->set_https_domains($domains); 1337 } 1338 } 1339 1340 /** 1287 1341 * Set the handler to enable the display of cached images. 1288 1342 * 1289 1343 * @param string $page Web-accessible path to the handler_image.php file. … … 1408 1462 // Decide whether to enable caching 1409 1463 if ($this->cache && $parsed_feed_url['scheme'] !== '') 1410 1464 { 1411 $ url = $this->feed_url . ($this->force_feed ? '#force_feed' : '');1412 $cache = $this->registry->call('Cache', 'get_handler', array($this->cache_location, call_user_func($this->cache_name_function, $url), 'spc'));1465 $filename = $this->get_cache_filename($this->feed_url); 1466 $cache = $this->registry->call('Cache', 'get_handler', array($this->cache_location, $filename, 'spc')); 1413 1467 } 1414 1468 1415 1469 // Fetch the data via SimplePie_File into $this->raw_data … … 1549 1603 * Fetch the data via SimplePie_File 1550 1604 * 1551 1605 * If the data is already cached, attempt to fetch it from there instead 1552 * @param SimplePie_Cache |false $cache Cache handler, or false to not load from the cache1606 * @param SimplePie_Cache_Base|false $cache Cache handler, or false to not load from the cache 1553 1607 * @return array|true Returns true if the data was loaded from the cache, or an array of HTTP headers and sniffed type 1554 1608 */ 1555 1609 protected function fetch_data(&$cache) … … 1612 1666 } 1613 1667 1614 1668 $file = $this->registry->create('File', array($this->feed_url, $this->timeout/10, 5, $headers, $this->useragent, $this->force_fsockopen, $this->curl_options)); 1669 $this->status_code = $file->status_code; 1615 1670 1616 1671 if ($file->success) 1617 1672 { … … 1666 1721 $file = $this->registry->create('File', array($this->feed_url, $this->timeout, 5, $headers, $this->useragent, $this->force_fsockopen, $this->curl_options)); 1667 1722 } 1668 1723 } 1724 $this->status_code = $file->status_code; 1725 1669 1726 // If the file connection has an error, set SimplePie::error to that and quit 1670 1727 if (!$file->success && !($file->method & SIMPLEPIE_FILE_SOURCE_REMOTE === 0 || ($file->status_code === 200 || $file->status_code > 206 && $file->status_code < 300))) 1671 1728 { … … 1773 1830 } 1774 1831 1775 1832 /** 1833 * Get the last HTTP status code 1834 * 1835 * @return int Status code 1836 */ 1837 public function status_code() 1838 { 1839 return $this->status_code; 1840 } 1841 1842 /** 1776 1843 * Get the raw XML 1777 1844 * 1778 1845 * This is the same as the old `$feed->enable_xml_dump(true)`, but returns … … 2615 2682 } 2616 2683 } 2617 2684 2618 if (isset($this->data['headers']['link']) && 2619 preg_match('/<([^>]+)>; rel='.preg_quote($rel).'/', 2620 $this->data['headers']['link'], $match)) 2685 if (isset($this->data['headers']['link'])) 2621 2686 { 2622 return array($match[1]); 2687 $link_headers = $this->data['headers']['link']; 2688 if (is_string($link_headers)) { 2689 $link_headers = array($link_headers); 2690 } 2691 $matches = preg_filter('/<([^>]+)>; rel='.preg_quote($rel).'/', '$1', $link_headers); 2692 if (!empty($matches)) { 2693 return $matches; 2694 } 2623 2695 } 2624 else if (isset($this->data['links'][$rel])) 2696 2697 if (isset($this->data['links'][$rel])) 2625 2698 { 2626 2699 return $this->data['links'][$rel]; 2627 2700 } -
src/wp-includes/SimplePie/Cache/Redis.php
152 152 if ($data !== false) { 153 153 $return = $this->cache->set($this->name, $data); 154 154 if ($this->options['expire']) { 155 return $this->cache->expire($this->name, $this-> ttl);155 return $this->cache->expire($this->name, $this->options['expire']); 156 156 } 157 157 return $return; 158 158 } -
src/wp-includes/SimplePie/Enclosure.php
1152 1152 // If we encounter an unsupported mime-type, check the file extension and guess intelligently. 1153 1153 if (!in_array($type, array_merge($types_flash, $types_fmedia, $types_quicktime, $types_wmedia, $types_mp3))) 1154 1154 { 1155 switch (strtolower($this->get_extension())) 1155 $extension = $this->get_extension(); 1156 if ($extension === null) { 1157 return null; 1158 } 1159 1160 switch (strtolower($extension)) 1156 1161 { 1157 1162 // Audio mime-types 1158 1163 case 'aac': -
src/wp-includes/SimplePie/File.php
106 106 curl_setopt($fp, CURLOPT_FAILONERROR, 1); 107 107 curl_setopt($fp, CURLOPT_TIMEOUT, $timeout); 108 108 curl_setopt($fp, CURLOPT_CONNECTTIMEOUT, $timeout); 109 curl_setopt($fp, CURLOPT_REFERER, $url);109 curl_setopt($fp, CURLOPT_REFERER, SimplePie_Misc::url_remove_credentials($url)); 110 110 curl_setopt($fp, CURLOPT_USERAGENT, $useragent); 111 111 curl_setopt($fp, CURLOPT_HTTPHEADER, $headers2); 112 112 foreach ($curl_options as $curl_param => $curl_value) { … … 119 119 curl_setopt($fp, CURLOPT_ENCODING, 'none'); 120 120 $this->headers = curl_exec($fp); 121 121 } 122 $this->status_code = curl_getinfo($fp, CURLINFO_HTTP_CODE); 122 123 if (curl_errno($fp)) 123 124 { 124 125 $this->error = 'cURL error ' . curl_errno($fp) . ': ' . curl_error($fp); -
src/wp-includes/SimplePie/HTTP/Parser.php
507 507 { 508 508 $data = explode("\r\n\r\n", $headers, $count); 509 509 $data = array_pop($data); 510 if (false !== stripos($data, "HTTP/1.0 200 Connection established\r\n\r\n")) { 511 $data = str_ireplace("HTTP/1.0 200 Connection established\r\n\r\n", '', $data); 510 if (false !== stripos($data, "HTTP/1.0 200 Connection established\r\n")) { 511 $exploded = explode("\r\n\r\n", $data, 2); 512 $data = end($exploded); 512 513 } 513 if (false !== stripos($data, "HTTP/1.1 200 Connection established\r\n\r\n")) { 514 $data = str_ireplace("HTTP/1.1 200 Connection established\r\n\r\n", '', $data); 514 if (false !== stripos($data, "HTTP/1.1 200 Connection established\r\n")) { 515 $exploded = explode("\r\n\r\n", $data, 2); 516 $data = end($exploded); 515 517 } 516 518 return $data; 517 519 } -
src/wp-includes/SimplePie/Item.php
1803 1803 } 1804 1804 if (isset($content['attribs']['']['fileSize'])) 1805 1805 { 1806 $length = ceil($content['attribs']['']['fileSize']);1806 $length = intval($content['attribs']['']['fileSize']); 1807 1807 } 1808 1808 if (isset($content['attribs']['']['medium'])) 1809 1809 { … … 2425 2425 } 2426 2426 if (isset($content['attribs']['']['fileSize'])) 2427 2427 { 2428 $length = ceil($content['attribs']['']['fileSize']);2428 $length = intval($content['attribs']['']['fileSize']); 2429 2429 } 2430 2430 if (isset($content['attribs']['']['medium'])) 2431 2431 { … … 2790 2790 } 2791 2791 if (isset($link['attribs']['']['length'])) 2792 2792 { 2793 $length = ceil($link['attribs']['']['length']);2793 $length = intval($link['attribs']['']['length']); 2794 2794 } 2795 2795 if (isset($link['attribs']['']['title'])) 2796 2796 { … … 2833 2833 } 2834 2834 if (isset($link['attribs']['']['length'])) 2835 2835 { 2836 $length = ceil($link['attribs']['']['length']);2836 $length = intval($link['attribs']['']['length']); 2837 2837 } 2838 2838 2839 2839 // Since we don't have group or content for these, we'll just pass the '*_parent' variables directly to the constructor … … 2862 2862 $width = null; 2863 2863 2864 2864 $url = $this->sanitize($enclosure[0]['attribs']['']['url'], SIMPLEPIE_CONSTRUCT_IRI, $this->get_base($enclosure[0])); 2865 $url = $this->feed->sanitize->https_url($url); 2865 2866 if (isset($enclosure[0]['attribs']['']['type'])) 2866 2867 { 2867 2868 $type = $this->sanitize($enclosure[0]['attribs']['']['type'], SIMPLEPIE_CONSTRUCT_TEXT); … … 2868 2869 } 2869 2870 if (isset($enclosure[0]['attribs']['']['length'])) 2870 2871 { 2871 $length = ceil($enclosure[0]['attribs']['']['length']);2872 $length = intval($enclosure[0]['attribs']['']['length']); 2872 2873 } 2873 2874 2874 2875 // Since we don't have group or content for these, we'll just pass the '*_parent' variables directly to the constructor -
src/wp-includes/SimplePie/Locator.php
64 64 var $max_checked_feeds = 10; 65 65 var $force_fsockopen = false; 66 66 var $curl_options = array(); 67 var $dom; 67 68 protected $registry; 68 69 69 70 public function __construct(SimplePie_File $file, $timeout = 10, $useragent = null, $max_checked_feeds = 10, $force_fsockopen = false, $curl_options = array()) … … 75 76 $this->force_fsockopen = $force_fsockopen; 76 77 $this->curl_options = $curl_options; 77 78 78 if (class_exists('DOMDocument') )79 if (class_exists('DOMDocument') && $this->file->body != '') 79 80 { 80 81 $this->dom = new DOMDocument(); 81 82 82 83 set_error_handler(array('SimplePie_Misc', 'silence_errors')); 83 $this->dom->loadHTML($this->file->body); 84 try 85 { 86 $this->dom->loadHTML($this->file->body); 87 } 88 catch (Throwable $ex) 89 { 90 $this->dom = null; 91 } 84 92 restore_error_handler(); 85 93 } 86 94 else -
src/wp-includes/SimplePie/Misc.php
2260 2260 { 2261 2261 // No-op 2262 2262 } 2263 2264 /** 2265 * Sanitize a URL by removing HTTP credentials. 2266 * @param string $url the URL to sanitize. 2267 * @return string the same URL without HTTP credentials. 2268 */ 2269 public static function url_remove_credentials($url) 2270 { 2271 return preg_replace('#^(https?://)[^/:@]+:[^/:@]+@#i', '$1', $url); 2272 } 2263 2273 } -
src/wp-includes/SimplePie/Parser.php
164 164 xml_set_element_handler($xml, 'tag_open', 'tag_close'); 165 165 166 166 // Parse! 167 if (!xml_parse($xml, $data, true)) 167 $wrapper = @is_writable(sys_get_temp_dir()) ? 'php://temp' : 'php://memory'; 168 if (($stream = fopen($wrapper, 'r+')) && 169 fwrite($stream, $data) && 170 rewind($stream)) 168 171 { 169 $this->error_code = xml_get_error_code($xml); 170 $this->error_string = xml_error_string($this->error_code); 172 //Parse by chunks not to use too much memory 173 do 174 { 175 $stream_data = fread($stream, 1048576); 176 if (!xml_parse($xml, $stream_data === false ? '' : $stream_data, feof($stream))) 177 { 178 $this->error_code = xml_get_error_code($xml); 179 $this->error_string = xml_error_string($this->error_code); 180 $return = false; 181 break; 182 } 183 } while (!feof($stream)); 184 fclose($stream); 185 } 186 else 187 { 171 188 $return = false; 172 189 } 190 173 191 $this->current_line = xml_get_current_line_number($xml); 174 192 $this->current_column = xml_get_current_column_number($xml); 175 193 $this->current_byte = xml_get_current_byte_index($xml); -
src/wp-includes/SimplePie/Registry.php
208 208 { 209 209 case 'Cache': 210 210 // For backwards compatibility with old non-static 211 // Cache::create() methods 211 // Cache::create() methods in PHP < 8.0. 212 // No longer supported as of PHP 8.0. 212 213 if ($method === 'get_handler') 213 214 { 214 215 $result = @call_user_func_array(array($class, 'create'), $parameters); -
src/wp-includes/SimplePie/Sanitize.php
71 71 var $useragent = ''; 72 72 var $force_fsockopen = false; 73 73 var $replace_url_attributes = null; 74 var $registry; 74 75 76 /** 77 * List of domains for which to force HTTPS. 78 * @see SimplePie_Sanitize::set_https_domains() 79 * Array is a tree split at DNS levels. Example: 80 * array('biz' => true, 'com' => array('example' => true), 'net' => array('example' => array('www' => true))) 81 */ 82 var $https_domains = array(); 83 75 84 public function __construct() 76 85 { 77 86 // Set defaults … … 241 250 $this->replace_url_attributes = (array) $element_attribute; 242 251 } 243 252 253 /** 254 * Set the list of domains for which to force HTTPS. 255 * @see SimplePie_Misc::https_url() 256 * Example array('biz', 'example.com', 'example.org', 'www.example.net'); 257 */ 258 public function set_https_domains($domains) 259 { 260 $this->https_domains = array(); 261 foreach ($domains as $domain) 262 { 263 $domain = trim($domain, ". \t\n\r\0\x0B"); 264 $segments = array_reverse(explode('.', $domain)); 265 $node =& $this->https_domains; 266 foreach ($segments as $segment) 267 {//Build a tree 268 if ($node === true) 269 { 270 break; 271 } 272 if (!isset($node[$segment])) 273 { 274 $node[$segment] = array(); 275 } 276 $node =& $node[$segment]; 277 } 278 $node = true; 279 } 280 } 281 282 /** 283 * Check if the domain is in the list of forced HTTPS. 284 */ 285 protected function is_https_domain($domain) 286 { 287 $domain = trim($domain, '. '); 288 $segments = array_reverse(explode('.', $domain)); 289 $node =& $this->https_domains; 290 foreach ($segments as $segment) 291 {//Explore the tree 292 if (isset($node[$segment])) 293 { 294 $node =& $node[$segment]; 295 } 296 else 297 { 298 break; 299 } 300 } 301 return $node === true; 302 } 303 304 /** 305 * Force HTTPS for selected Web sites. 306 */ 307 public function https_url($url) 308 { 309 return (strtolower(substr($url, 0, 7)) === 'http://') && 310 $this->is_https_domain(parse_url($url, PHP_URL_HOST)) ? 311 substr_replace($url, 's', 4, 0) : //Add the 's' to HTTPS 312 $url; 313 } 314 244 315 public function sanitize($data, $type, $base = '') 245 316 { 246 317 $data = trim($data); … … 443 514 $value = $this->registry->call('Misc', 'absolutize_url', array($element->getAttribute($attribute), $this->base)); 444 515 if ($value !== false) 445 516 { 517 $value = $this->https_url($value); 446 518 $element->setAttribute($attribute, $value); 447 519 } 448 520 }