Changeset 24480 for trunk/wp-includes/class-wp-xmlrpc-server.php

Timestamp:

06/21/2013 06:07:47 AM (12 years ago)

Author:

nacin

Message:

Better validation of the URL used in core HTTP requests.

File:

• trunk/wp-includes/class-wp-xmlrpc-server.php (modified) (1 diff)

trunk/wp-includes/class-wp-xmlrpc-server.php

@@ -5397 +5397 @@
 
         // Let's check the remote site
-        $linea = wp_remote_retrieve_body( wp_remote_get( $pagelinkedfrom, array( 'timeout' => 10, 'redirection' => 0 ) ) );
+        $linea = wp_remote_retrieve_body( wp_remote_get( $pagelinkedfrom, array( 'timeout' => 10, 'redirection' => 0, 'reject_unsafe_urls' => true ) ) );
+
         if ( !$linea )
             return $this->pingback_error( 16, __( 'The source URL does not exist.' ) );