Index: wp-admin/includes/update.php =================================================================== --- wp-admin/includes/update.php (revision 6350) +++ wp-admin/includes/update.php (working copy) @@ -40,11 +40,12 @@ } add_action( 'admin_notices', 'update_nag', 3 ); -function wp_update_plugins() { +function wp_update_plugins_user_agent($useragent) { global $wp_version; + return 'User-Agent: WordPress/' . $wp_version . '; ' . get_bloginfo('url') . "\r\n" +} - if ( !function_exists('fsockopen') ) - return false; +function wp_update_plugins() { $plugins = get_plugins(); $active = get_option( 'active_plugins' ); @@ -77,26 +78,23 @@ $to_send->active = $active; $send = serialize( $to_send ); + add_filter('http_headers_useragent', 'wp_update_plugins_user_agent', 1); + $request = 'plugins=' . urlencode( $send ); - $http_request = "POST /plugins/update-check/1.0/ HTTP/1.0\r\n"; - $http_request .= "Host: api.wordpress.org\r\n"; $http_request .= "Content-Type: application/x-www-form-urlencoded; charset=" . get_option('blog_charset') . "\r\n"; $http_request .= "Content-Length: " . strlen($request) . "\r\n"; - $http_request .= 'User-Agent: WordPress/' . $wp_version . '; ' . get_bloginfo('url') . "\r\n"; - $http_request .= "\r\n"; - $http_request .= $request; - $response = ''; - if( false != ( $fs = @fsockopen( 'api.wordpress.org', 80, $errno, $errstr, 3) ) && is_resource($fs) ) { - fwrite($fs, $http_request); + $objResponse = wp_remote_post_object('api.wordpress.org/plugins/update-check/1.0/', $http_request, $request); - while ( !feof($fs) ) - $response .= fgets($fs, 1160); // One TCP-IP packet - fclose($fs); - $response = explode("\r\n\r\n", $response, 2); + remove_filter('http_headers_useragent', 'wp_update_plugins_user_agent', 1); + + if( true === $objResponse->hasError() ) { + unset($objResponse); + return; } - $response = unserialize( $response[1] ); + $body = $objResponse->getBody(); + $response = unserialize( $body ); if ( $response ) $new_option->response = $response; Index: wp-admin/update-links.php =================================================================== --- wp-admin/update-links.php (revision 6350) +++ wp-admin/update-links.php (working copy) @@ -1,6 +1,5 @@ hasError() ) { + wp_die(__('No Connection Established')); +} - $returns = explode("\n", $body); +$body = trim( $objResponse->getBody() ); +$returns = explode("\n", $body); - foreach ($returns as $return) : - $time = $wpdb->escape( substr($return, 0, 19) ); - $uri = $wpdb->escape( preg_replace('/(.*?) | (.*?)/', '$2', $return) ); - $wpdb->query("UPDATE $wpdb->links SET link_updated = '$time' WHERE link_url = '$uri'"); - endforeach; -} -?> +foreach ($returns as $return) : + $time = $wpdb->escape( substr($return, 0, 19) ); + $uri = $wpdb->escape( preg_replace('/(.*?) | (.*?)/', '$2', $return) ); + $wpdb->query("UPDATE $wpdb->links SET link_updated = '$time' WHERE link_url = '$uri'"); +endforeach; +?> \ No newline at end of file Index: wp-includes/comment.php =================================================================== --- wp-includes/comment.php (revision 6350) +++ wp-includes/comment.php (working copy) @@ -532,73 +532,42 @@ $headers = ''; $pingback_str_dquote = 'rel="pingback"'; $pingback_str_squote = 'rel=\'pingback\''; - $x_pingback_str = 'x-pingback: '; + $x_pingback_str = 'x-pingback'; $pingback_href_original_pos = 27; - extract(parse_url($url), EXTR_SKIP); + $objResponse = wp_remote_get_object($url, null, null, 2); + + $x_pingback_header = $objResponse->getHeaders($x_pingback_str); + if( false === $x_pingback_header ) + foreach($objResponse->getHeaders() as $name => $value) { + if( 0 == strcasecmp($x_pingback_str, $name) ) + $x_pingback_header = $value; - if ( !isset($host) ) // Not an URL. This should never happen. - return false; + $content_type = trim($objResponse->getHeaders('Content-type')); - $path = ( !isset($path) ) ? '/' : $path; - $path .= ( isset($query) ) ? '?' . $query : ''; - $port = ( isset($port) ) ? $port : 80; - - // Try to connect to the server at $host - $fp = @fsockopen($host, $port, $errno, $errstr, 2); - if ( !$fp ) // Couldn't open a connection to $host + if ( preg_match('#(image|audio|video|model)/#is', $content_type) ) // Not an (x)html, sgml, or xml page, no use going further return false; - // Send the GET request - $request = "GET $path HTTP/1.1\r\nHost: $host\r\nUser-Agent: WordPress/$wp_version \r\n\r\n"; - // ob_end_flush(); - fputs($fp, $request); - - // Let's check for an X-Pingback header first - while ( !feof($fp) ) { - $line = fgets($fp, 512); - if ( trim($line) == '' ) - break; - $headers .= trim($line)."\n"; - $x_pingback_header_offset = strpos(strtolower($headers), $x_pingback_str); - if ( $x_pingback_header_offset ) { - // We got it! - preg_match('#x-pingback: (.+)#is', $headers, $matches); - $pingback_server_url = trim($matches[1]); + $contents .= trim($objResponse->getBody()); + $pingback_link_offset_dquote = strpos($contents, $pingback_str_dquote); + $pingback_link_offset_squote = strpos($contents, $pingback_str_squote); + if ( $pingback_link_offset_dquote || $pingback_link_offset_squote ) { + $quote = ($pingback_link_offset_dquote) ? '"' : '\''; + $pingback_link_offset = ($quote=='"') ? $pingback_link_offset_dquote : $pingback_link_offset_squote; + $pingback_href_pos = @strpos($contents, 'href=', $pingback_link_offset); + $pingback_href_start = $pingback_href_pos+6; + $pingback_href_end = @strpos($contents, $quote, $pingback_href_start); + $pingback_server_url_len = $pingback_href_end - $pingback_href_start; + $pingback_server_url = substr($contents, $pingback_href_start, $pingback_server_url_len); + // We may find rel="pingback" but an incomplete pingback URL + if ( $pingback_server_url_len > 0 ) // We got it! return $pingback_server_url; - } - if ( strpos(strtolower($headers), 'content-type: ') ) { - preg_match('#content-type: (.+)#is', $headers, $matches); - $content_type = trim($matches[1]); - } } - - if ( preg_match('#(image|audio|video|model)/#is', $content_type) ) // Not an (x)html, sgml, or xml page, no use going further + $byte_count += strlen($line); + if ( $byte_count > $timeout_bytes ) { + // It's no use going further, there probably isn't any pingback + // server to find in this file. (Prevents loading large files.) return false; - - while ( !feof($fp) ) { - $line = fgets($fp, 1024); - $contents .= trim($line); - $pingback_link_offset_dquote = strpos($contents, $pingback_str_dquote); - $pingback_link_offset_squote = strpos($contents, $pingback_str_squote); - if ( $pingback_link_offset_dquote || $pingback_link_offset_squote ) { - $quote = ($pingback_link_offset_dquote) ? '"' : '\''; - $pingback_link_offset = ($quote=='"') ? $pingback_link_offset_dquote : $pingback_link_offset_squote; - $pingback_href_pos = @strpos($contents, 'href=', $pingback_link_offset); - $pingback_href_start = $pingback_href_pos+6; - $pingback_href_end = @strpos($contents, $quote, $pingback_href_start); - $pingback_server_url_len = $pingback_href_end - $pingback_href_start; - $pingback_server_url = substr($contents, $pingback_href_start, $pingback_server_url_len); - // We may find rel="pingback" but an incomplete pingback URL - if ( $pingback_server_url_len > 0 ) // We got it! - return $pingback_server_url; - } - $byte_count += strlen($line); - if ( $byte_count > $timeout_bytes ) { - // It's no use going further, there probably isn't any pingback - // server to find in this file. (Prevents loading large files.) - return false; - } } // We didn't find anything. @@ -764,7 +733,7 @@ if ( empty($trackback_url) ) return; - +st); $title = urlencode($title); $excerpt = urlencode($excerpt); $blog_name = urlencode(get_option('blogname')); @@ -772,6 +741,8 @@ $url = urlencode(get_permalink($ID)); $query_string = "title=$title&url=$url&blog_name=$blog_name&excerpt=$excerpt"; $trackback_url = parse_url($trackback_url); + + $http_request = 'POST ' . $trackback_url['path'] . ($trackback_url['query'] ? '?'.$trackback_url['query'] : '') . " HTTP/1.0\r\n"; $http_request .= 'Host: '.$trackback_url['host']."\r\n"; $http_request .= 'Content-Type: application/x-www-form-urlencoded; charset='.get_option('blog_charset')."\r\n"; @@ -782,7 +753,7 @@ if ( '' == $trackback_url['port'] ) $trackback_url['port'] = 80; $fs = @fsockopen($trackback_url['host'], $trackback_url['port'], $errno, $errstr, 4); - @fputs($fs, $http_request); + @fputs($fs, $http_reque @fclose($fs); $tb_url = addslashes( $tb_url ); Index: wp-includes/cron.php =================================================================== --- wp-includes/cron.php (revision 6350) +++ wp-includes/cron.php (working copy) @@ -82,26 +82,8 @@ return; $cron_url = get_option( 'siteurl' ) . '/wp-cron.php'; - $parts = parse_url( $cron_url ); - if ($parts['scheme'] == 'https') { - // support for SSL was added in 4.3.0 - if (version_compare(phpversion(), '4.3.0', '>=') && function_exists('openssl_open')) { - $port = isset($parts['port']) ? $parts['port'] : 443; - $argyle = @fsockopen('ssl://' . $parts['host'], $port, $errno, $errstr, 0.01); - } else { - return false; - } - } else { - $port = isset($parts['port']) ? $parts['port'] : 80; - $argyle = @ fsockopen( $parts['host'], $port, $errno, $errstr, 0.01 ); - } - - if ( $argyle ) - fputs( $argyle, - "GET {$parts['path']}?check=" . wp_hash('187425') . " HTTP/1.0\r\n" - . "Host: {$_SERVER['HTTP_HOST']}\r\n\r\n" - ); + wp_remote_post_object($cron_url.'?check='.wp_hash('187425'), null, null, 0.2); } function wp_cron() { Index: wp-includes/functions.php =================================================================== --- wp-includes/functions.php (revision 6350) +++ wp-includes/functions.php (working copy) @@ -533,46 +533,20 @@ } } - -function wp_get_http_headers( $url, $red = 1 ) { - global $wp_version; - @set_time_limit( 60 ); - - if ( $red > 5 ) - return false; - - $parts = parse_url( $url ); - $file = $parts['path'] . ( ( $parts['query'] ) ? '?' . $parts['query'] : '' ); - $host = $parts['host']; - if ( !isset( $parts['port'] ) ) - $parts['port'] = 80; - - $head = "HEAD $file HTTP/1.1\r\nHOST: $host\r\nUser-Agent: WordPress/" . $wp_version . "\r\n\r\n"; - - $fp = @fsockopen( $host, $parts['port'], $err_num, $err_msg, 3 ); - if ( !$fp ) - return false; - - $response = ''; - fputs( $fp, $head ); - while ( !feof( $fp ) && strpos( $response, "\r\n\r\n" ) == false ) - $response .= fgets( $fp, 2048 ); - fclose( $fp ); - preg_match_all( '/(.*?): (.*)\r/', $response, $matches ); - $count = count( $matches[1] ); - for ( $i = 0; $i < $count; $i++ ) { - $key = strtolower( $matches[1][$i] ); - $headers["$key"] = $matches[2][$i]; - } - - preg_match( '/.*([0-9]{3}).*/', $response, $return ); - $headers['response'] = $return[1]; // HTTP response code eg 204, 200, 404 - - $code = $headers['response']; - if ( ( '302' == $code || '301' == $code ) && isset( $headers['location'] ) ) - return wp_get_http_headers( $headers['location'], ++$red ); - - return $headers; +/** + * Returns only the headers from the URL + * + * @package WordPress + * @since 1.5.1 + * @uses wp_remote_get_head() Is alias of wp_remote_get_head() + * @deprecated Use wp_remote_get_head() instead. + * + * @param string $url The URL to retrieve the headers from. + * @param int $deprecated Deprecated. Not used any more. + * @returns array Each header has key/value pair with key as the header name. + */ +function wp_get_http_headers( $url, $deprecated = 1 ) { + return wp_remote_get_head($url); } @@ -699,39 +673,19 @@ return $array; } +/** + * Returns only the body from the URL + * + * @package WordPress + * @since 1.5.1 + * @uses wp_remote_get_body() Is alias of wp_remote_get_body() + * @deprecated Use wp_remote_get_body() instead. + * + * @param string $url The URL to retrieve the headers from. + * @returns string The body of hte response + */ function wp_remote_fopen( $uri ) { - $timeout = 10; - $parsed_url = @parse_url( $uri ); - - if ( !$parsed_url || !is_array( $parsed_url ) ) - return false; - - if ( !isset( $parsed_url['scheme'] ) || !in_array( $parsed_url['scheme'], array( 'http','https' ) ) ) - $uri = 'http://' . $uri; - - if ( ini_get( 'allow_url_fopen' ) ) { - $fp = @fopen( $uri, 'r' ); - if ( !$fp ) - return false; - - //stream_set_timeout($fp, $timeout); // Requires php 4.3 - $linea = ''; - while ( $remote_read = fread( $fp, 4096 ) ) - $linea .= $remote_read; - fclose( $fp ); - return $linea; - } elseif ( function_exists( 'curl_init' ) ) { - $handle = curl_init(); - curl_setopt( $handle, CURLOPT_URL, $uri); - curl_setopt( $handle, CURLOPT_CONNECTTIMEOUT, 1 ); - curl_setopt( $handle, CURLOPT_RETURNTRANSFER, 1 ); - curl_setopt( $handle, CURLOPT_TIMEOUT, $timeout ); - $buffer = curl_exec( $handle ); - curl_close( $handle ); - return $buffer; - } else { - return false; - } + return wp_remote_get_body($uri, null, null, 10); } Index: wp-includes/update.php =================================================================== --- wp-includes/update.php (revision 6350) +++ wp-includes/update.php (working copy) @@ -7,10 +7,10 @@ */ /** - * wp_version_check() - Check WordPress version against the newest version. + * Check WordPress version against the newest version. * * The WordPress version, PHP version, and Locale is sent. Checks against the WordPress server at - * api.wordpress.org server. Will only check if PHP has fsockopen enabled and WordPress isn't installing. + * api.wordpress.org server. Will only check if WordPress isn't installing. * * @package WordPress * @since 2.3 @@ -19,7 +19,7 @@ * @return mixed Returns null if update is unsupported. Returns false if check is too soon. */ function wp_version_check() { - if ( !function_exists('fsockopen') || strpos($_SERVER['PHP_SELF'], 'install.php') !== false || defined('WP_INSTALLING') ) + if ( strpos($_SERVER['PHP_SELF'], 'install.php') !== false || defined('WP_INSTALLING') ) return; global $wp_version; @@ -36,35 +36,40 @@ return false; $new_option = ''; - $new_option->last_checked = time(); // this gets set whether we get a response or not, so if something is down or misconfigured it won't delay the page load for more than 3 seconds, twice a day + // this gets set whether we get a response or not, so if something is down or misconfigured it won't delay the page load for more than 3 seconds, twice a day + $new_option->last_checked = time(); $new_option->version_checked = $wp_version; - $http_request = "GET /core/version-check/1.0/?version=$wp_version&php=$php_version&locale=$locale HTTP/1.0\r\n"; - $http_request .= "Host: api.wordpress.org\r\n"; $http_request .= 'Content-Type: application/x-www-form-urlencoded; charset=' . get_option('blog_charset') . "\r\n"; - $http_request .= 'User-Agent: WordPress/' . $wp_version . '; ' . get_bloginfo('url') . "\r\n"; - $http_request .= "\r\n"; - $response = ''; - if ( false !== ( $fs = @fsockopen( 'api.wordpress.org', 80, $errno, $errstr, 3 ) ) && is_resource($fs) ) { - fwrite( $fs, $http_request ); - while ( !feof( $fs ) ) - $response .= fgets( $fs, 1160 ); // One TCP-IP packet - fclose( $fs ); + add_filter('http_headers_useragent', 'wp_version_check_useragent', 1); + $body = wp_remote_get_body('http://api.wordpress.org/core/version-check/1.0/?version=$wp_version&php=$php_version&locale=$locale', $http_request, null, 3); + remove_filter('http_headers_useragent', 'wp_version_check_useragent', 1); - $response = explode("\r\n\r\n", $response, 2); - $body = trim( $response[1] ); - $body = str_replace(array("\r\n", "\r"), "\n", $body); + $returns = explode("\n", trim($body) ); - $returns = explode("\n", $body); + $new_option->response = $returns[0]; + if ( isset( $returns[1] ) ) + $new_option->url = $returns[1]; - $new_option->response = $returns[0]; - if ( isset( $returns[1] ) ) - $new_option->url = $returns[1]; - } update_option( 'update_core', $new_option ); } +/** + * Changes filter for the wp_version_check useragent + * + * @package WordPress + * @since Unknown + * @uses $wp_version Used to check against the newest WordPress version. + * + * @param string $useragent Ignores passed useragent + * @return string Bypasses string and returns new user agent. + */ +function wp_version_check_useragent($useragent) { + global $wp_version; + return 'User-Agent: WordPress/' . $wp_version . '; ' . get_bloginfo('url') . "\r\n"; +} + add_action( 'init', 'wp_version_check' ); ?> \ No newline at end of file Index: wp-settings.php =================================================================== --- wp-settings.php (revision 6350) +++ wp-settings.php (working copy) @@ -119,6 +119,7 @@ require (ABSPATH . WPINC . '/compat.php'); require (ABSPATH . WPINC . '/functions.php'); require (ABSPATH . WPINC . '/classes.php'); +require (ABSPATH . WPINC . '/http.php'); require_wp_db(); $prefix = $wpdb->set_prefix($table_prefix);