Make WordPress Core


Ignore:
Timestamp:
06/21/2013 06:12:17 AM (11 years ago)
Author:
nacin
Message:

Better validation of the URL used in core HTTP requests.

Merges [24480] to the 3.5 branch.

Location:
branches/3.5
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/3.5

  • branches/3.5/wp-admin/includes/file.php

    r24464 r24481  
    498498        return new WP_Error('http_no_file', __('Could not create Temporary file.'));
    499499
    500     $response = wp_remote_get( $url, array( 'timeout' => $timeout, 'stream' => true, 'filename' => $tmpfname ) );
     500    $response = wp_remote_get( $url, array( 'timeout' => $timeout, 'stream' => true, 'filename' => $tmpfname, 'reject_unsafe_urls' => true ) );
    501501
    502502    if ( is_wp_error( $response ) ) {
Note: See TracChangeset for help on using the changeset viewer.