Make WordPress Core


Ignore:
Timestamp:
06/21/2013 06:07:47 AM (11 years ago)
Author:
nacin
Message:

Better validation of the URL used in core HTTP requests.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/rss.php

    r23191 r24480  
    537537 */
    538538function _fetch_remote_file($url, $headers = "" ) {
    539     $resp = wp_remote_request($url, array('headers' => $headers, 'timeout' => MAGPIE_FETCH_TIME_OUT));
     539    $resp = wp_remote_request($url, array('headers' => $headers, 'timeout' => MAGPIE_FETCH_TIME_OUT, 'reject_unsafe_urls' => true ));
    540540    if ( is_wp_error($resp) ) {
    541541        $error = array_shift($resp->errors);
Note: See TracChangeset for help on using the changeset viewer.