Changeset 24916
- Timestamp:
- 07/31/2013 06:46:02 AM (11 years ago)
- Location:
- branches/3.6
- Files:
-
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/3.6
-
branches/3.6/wp-includes/default-filters.php
r24738 r24916 196 196 add_filter( 'pingback_ping_source_uri', 'pingback_ping_source_uri' ); 197 197 add_filter( 'xmlrpc_pingback_error', 'xmlrpc_pingback_error' ); 198 199 add_filter( 'http_request_host_is_external', 'allowed_http_request_hosts', 10, 2 ); 198 200 199 201 // Actions -
branches/3.6/wp-includes/http.php
r24896 r24916 452 452 } 453 453 if ( $ip ) { 454 if ( '127.0.0.1' === $ip )455 return false;456 454 $parts = array_map( 'intval', explode( '.', $ip ) ); 457 if ( 10 === $parts[0] ) 458 return false; 459 if ( 172 === $parts[0] && 16 <= $parts[1] && 31 >= $parts[1] ) 460 return false; 461 if ( 192 === $parts[0] && 168 === $parts[1] ) 462 return false; 455 if ( '127.0.0.1' === $ip 456 || ( 10 === $parts[0] ) 457 || ( 172 === $parts[0] && 16 <= $parts[1] && 31 >= $parts[1] ) 458 || ( 192 === $parts[0] && 168 === $parts[1] ) 459 ) { 460 // If host appears local, reject unless specifically allowed. 461 if ( ! apply_filters( 'http_request_host_is_external', false, $host, $url ) ) 462 return false; 463 } 463 464 } 464 465 } … … 476 477 return false; 477 478 } 479 480 /** 481 * Whitelists allowed redirect hosts for safe HTTP requests as well. 482 * 483 * Attached to the http_request_host_is_external filter. 484 * 485 * @since 3.6.0 486 * 487 * @param bool $is_external 488 * @param string $host 489 * @return bool 490 */ 491 function allowed_http_request_hosts( $is_external, $host ) { 492 if ( ! $is_external && wp_validate_redirect( 'http://' . $host ) ) 493 $is_external = true; 494 return $is_external; 495 } 496 497 /** 498 * Whitelists any domain in a multisite installation for safe HTTP requests. 499 * 500 * Attached to the http_request_host_is_external filter. 501 * 502 * @since 3.6.0 503 * 504 * @param bool $is_external 505 * @param string $host 506 * @return bool 507 */ 508 function ms_allowed_http_request_hosts( $is_external, $host ) { 509 global $wpdb, $current_site; 510 static $queried = array(); 511 if ( $is_external ) 512 return $is_external; 513 if ( $host === $current_site->domain ) 514 return true; 515 if ( isset( $queried[ $host ] ) ) 516 return $queried[ $host ]; 517 $queried[ $host ] = (bool) $wpdb->get_var( $wpdb->prepare( "SELECT domain FROM $wpdb->blogs WHERE domain = %s LIMIT 1", $host ) ); 518 return $queried[ $host ]; 519 } -
branches/3.6/wp-includes/ms-default-filters.php
r21823 r24916 65 65 // If the network upgrade hasn't run yet, assume ms-files.php rewriting is used. 66 66 add_filter( 'default_site_option_ms_files_rewriting', '__return_true' ); 67 68 // Whitelist multisite domains for HTTP requests 69 add_filter( 'http_request_host_is_external', 'ms_allowed_http_request_hosts', 20, 2 );
Note: See TracChangeset
for help on using the changeset viewer.