WordPress.org

Make WordPress Core

Ticket #8620: 8620-isset-works-best-patch-less-complex-flow-with-input-sanitization.patch

File 8620-isset-works-best-patch-less-complex-flow-with-input-sanitization.patch, 2.5 KB (added by hakre, 9 years ago)

Propper input sanitization added.

  • wp-includes/http.php

    ### Eclipse Workspace Patch 1.0
    #P wordpress
     
    19621962 * @return array The headers of the response. Empty array if incorrect parameter given.
    19631963 */
    19641964function wp_remote_retrieve_headers(&$response) {
    1965         if ( is_wp_error($response) || ! isset($response['headers']) || ! is_array($response['headers']))
    1966                 return array();
    1967 
    1968         return $response['headers'];
     1965        $sanitzed = (array) $response; 
     1966        if ( isset($sanitzed['headers']) && is_array($sanitzed['headers']) )
     1967                return $sanitzed['headers'];   
     1968        return array();
    19691969}
    19701970
    19711971/**
     
    19781978 * @return string The header value. Empty string on if incorrect parameter given, or if the header doesnt exist.
    19791979 */
    19801980function wp_remote_retrieve_header(&$response, $header) {
    1981         if ( is_wp_error($response) || ! isset($response['headers']) || ! is_array($response['headers']))
    1982                 return '';
    1983 
    1984         if ( array_key_exists($header, $response['headers']) )
    1985                 return $response['headers'][$header];
    1986 
    1987         return '';
     1981        $sanitzed = (array) $response;
     1982        return isset($sanitzed['headers'][$header]) ? $sanitzed['headers'][$header] : '';
    19881983}
    19891984
    19901985/**
     
    19981993 * @return string the response code. Empty string on incorrect parameter given.
    19991994 */
    20001995function wp_remote_retrieve_response_code(&$response) {
    2001         if ( is_wp_error($response) ||! isset($response['response']) || ! is_array($response['response']))
    2002                 return '';
    2003 
    2004         return $response['response']['code'];
     1996        $sanitzed = (array) $response;
     1997        return isset($sanitzed['response']['code']) ? $sanitzed['response']['code'] : '';
    20051998}
    20061999
    20072000/**
     
    20152008 * @return string The response message. Empty string on incorrect parameter given.
    20162009 */
    20172010function wp_remote_retrieve_response_message(&$response) {
    2018         if ( is_wp_error($response) || ! isset($response['response']) || ! is_array($response['response']))
    2019                 return '';
    2020 
    2021         return $response['response']['message'];
     2011        $sanitzed = (array) $response;
     2012        return isset($sanitzed['response']['message']) ? $sanitzed['response']['message'] : '';
    20222013}
    20232014
    20242015/**
     
    20302021 * @return string The body of the response. Empty string if no body or incorrect parameter given.
    20312022 */
    20322023function wp_remote_retrieve_body(&$response) {
    2033         if ( is_wp_error($response) || ! isset($response['body']) )
    2034                 return '';
    2035 
    2036         return $response['body'];
     2024        $sanitzed = (array) $response;
     2025        return isset($sanitzed['body']) ? $sanitzed['body'] : '';
    20372026}
    20382027
    20392028?>