Make WordPress Core


Ignore:
Timestamp:
06/21/2013 06:12:17 AM (11 years ago)
Author:
nacin
Message:

Better validation of the URL used in core HTTP requests.

Merges [24480] to the 3.5 branch.

Location:
branches/3.5
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/3.5

  • branches/3.5/wp-includes/class-wp-xmlrpc-server.php

    r23330 r24481  
    53815381
    53825382        // Let's check the remote site
    5383         $linea = wp_remote_retrieve_body( wp_remote_get( $pagelinkedfrom, array( 'timeout' => 10, 'redirection' => 0 ) ) );
     5383        $linea = wp_remote_retrieve_body( wp_remote_get( $pagelinkedfrom, array( 'timeout' => 10, 'redirection' => 0, 'reject_unsafe_urls' => true ) ) );
     5384
    53845385        if ( !$linea )
    53855386            return $this->pingback_error( 16, __( 'The source URL does not exist.' ) );
Note: See TracChangeset for help on using the changeset viewer.