Make WordPress Core


Ignore:
Timestamp:
06/21/2013 06:12:17 AM (11 years ago)
Author:
nacin
Message:

Better validation of the URL used in core HTTP requests.

Merges [24480] to the 3.5 branch.

Location:
branches/3.5
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/3.5

  • branches/3.5/wp-includes/rss.php

    r19712 r24481  
    537537 */
    538538function _fetch_remote_file($url, $headers = "" ) {
    539     $resp = wp_remote_request($url, array('headers' => $headers, 'timeout' => MAGPIE_FETCH_TIME_OUT));
     539    $resp = wp_remote_request($url, array('headers' => $headers, 'timeout' => MAGPIE_FETCH_TIME_OUT, 'reject_unsafe_urls' => true ));
    540540    if ( is_wp_error($resp) ) {
    541541        $error = array_shift($resp->errors);
Note: See TracChangeset for help on using the changeset viewer.