WordPress.org

Make WordPress Core


Ignore:
Timestamp:
06/21/2013 06:07:47 AM (8 years ago)
Author:
nacin
Message:

Better validation of the URL used in core HTTP requests.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/class-feed.php

    r22811 r24480  
    6767
    6868        if ( preg_match('/^http(s)?:\/\//i', $url) ) {
    69             $args = array( 'timeout' => $this->timeout, 'redirection' => $this->redirects);
     69            $args = array(
     70                'timeout' => $this->timeout,
     71                'redirection' => $this->redirects,
     72                'reject_unsafe_urls' => true,
     73            );
    7074
    7175            if ( !empty($this->headers) )
     
    8690            }
    8791        } else {
    88             if ( ! file_exists($url) || ( ! $this->body = file_get_contents($url) ) ) {
    89                 $this->error = 'file_get_contents could not read the file';
    90                 $this->success = false;
    91             }
     92            $this->error = '';
     93            $this->success = false;
    9294        }
    9395    }
Note: See TracChangeset for help on using the changeset viewer.