WordPress.org

Make WordPress Core


Ignore:
Timestamp:
06/21/2013 06:07:47 AM (8 years ago)
Author:
nacin
Message:

Better validation of the URL used in core HTTP requests.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/class-wp-xmlrpc-server.php

    r24382 r24480  
    53975397
    53985398        // Let's check the remote site
    5399         $linea = wp_remote_retrieve_body( wp_remote_get( $pagelinkedfrom, array( 'timeout' => 10, 'redirection' => 0 ) ) );
     5399        $linea = wp_remote_retrieve_body( wp_remote_get( $pagelinkedfrom, array( 'timeout' => 10, 'redirection' => 0, 'reject_unsafe_urls' => true ) ) );
     5400
    54005401        if ( !$linea )
    54015402            return $this->pingback_error( 16, __( 'The source URL does not exist.' ) );
Note: See TracChangeset for help on using the changeset viewer.