WordPress.org

Make WordPress Core


Ignore:
Timestamp:
06/21/2013 06:12:17 AM (7 years ago)
Author:
nacin
Message:

Better validation of the URL used in core HTTP requests.

Merges [24480] to the 3.5 branch.

Location:
branches/3.5
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/3.5

  • branches/3.5/wp-includes/functions.php

    r24445 r24481  
    497497    $options = array();
    498498    $options['redirection'] = 5;
     499    $options['reject_unsafe_urls'] = true;
    499500
    500501    if ( false == $file_path )
     
    544545        _deprecated_argument( __FUNCTION__, '2.7' );
    545546
    546     $response = wp_remote_head( $url );
     547    $response = wp_remote_head( $url, array( 'reject_unsafe_urls' => true ) );
    547548
    548549    if ( is_wp_error( $response ) )
     
    759760    $options = array();
    760761    $options['timeout'] = 10;
     762    $options['reject_unsafe_urls'] = true;
    761763
    762764    $response = wp_remote_get( $uri, $options );
Note: See TracChangeset for help on using the changeset viewer.