Changeset 24481 for branches/3.5/wp-includes/comment.php

Timestamp:

06/21/2013 06:12:17 AM (12 years ago)

Author:

nacin

Message:

Better validation of the URL used in core HTTP requests.

Merges [24480] to the 3.5 branch.

Location:

branches/3.5

Files:

• . (modified) (1 prop)
• wp-includes/comment.php (modified) (5 diffs)

branches/3.5/wp-includes/comment.php

@@ -1662 +1662 @@
         return false;
 
-    $response = wp_remote_head( $url, array( 'timeout' => 2, 'httpversion' => '1.0' ) );
+    $response = wp_remote_head( $url, array( 'timeout' => 2, 'httpversion' => '1.0', 'reject_unsafe_urls' => true ) );
 
     if ( is_wp_error( $response ) )
@@ -1675 +1675 @@
 
     // Now do a GET since we're going to look in the html headers (and we're sure its not a binary file)
-    $response = wp_remote_get( $url, array( 'timeout' => 2, 'httpversion' => '1.0' ) );
+    $response = wp_remote_get( $url, array( 'timeout' => 2, 'httpversion' => '1.0', 'reject_unsafe_urls' => true ) );
 
     if ( is_wp_error( $response ) )
@@ -1909 +1909 @@
     $options = array();
     $options['timeout'] = 4;
+    $options['reject_unsafe_urls'] = true;
     $options['body'] = array(
         'title' => $title,
@@ -1956 +1957 @@
  *
  * @since 3.5.1
+ * @see wp_http_validate_url()
  *
  * @param string $source_uri
@@ -1961 +1963 @@
  */
 function pingback_ping_source_uri( $source_uri ) {
-    $uri = esc_url_raw( $source_uri, array( 'http', 'https' ) );
-    if ( ! $uri )
-        return '';
-
-    $parsed_url = @parse_url( $uri );
-    if ( ! $parsed_url )
-        return '';
-
-    if ( isset( $parsed_url['user'] ) || isset( $parsed_url['pass'] ) )
-        return '';
-
-    if ( false !== strpos( $parsed_url['host'], ':' ) )
-        return '';
-
-    $parsed_home = @parse_url( get_option( 'home' ) );
-
-    $same_host = strtolower( $parsed_home['host'] ) === strtolower( $parsed_url['host'] );
-
-    if ( ! $same_host ) {
-        $host = trim( $parsed_url['host'], '.' );
-        if ( preg_match( '#^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$#', $host ) ) {
-            $ip = $host;
-        } else {
-            $ip = gethostbyname( $host );
-            if ( $ip === $host ) // Error condition for gethostbyname()
-                $ip = false;
-        }
-        if ( $ip ) {
-            if ( '127.0.0.1' === $ip )
-                return '';
-            $parts = array_map( 'intval', explode( '.', $ip ) );
-            if ( 10 === $parts[0] )
-                return '';
-            if ( 172 === $parts[0] && 16 <= $parts[1] && 31 >= $parts[1] )
-                return '';
-            if ( 192 === $parts[0] && 168 === $parts[1] )
-                return '';
-        }
-    }
-
-    if ( empty( $parsed_url['port'] ) )
-        return $uri;
-
-    $port = $parsed_url['port'];
-    if ( 80 === $port || 443 === $port || 8080 === $port )
-        return $uri;
-
-    if ( $parsed_home && $same_host && $parsed_home['port'] === $port )
-        return $uri;
-
-    return '';
+    return (string) wp_http_validate_url( $source_uri );
 }