WordPress.org

Make WordPress Core

Opened 5 years ago

Closed 4 years ago

#36253 closed defect (bug) (duplicate)

Host header should not include port in WP_Http_Streams

Reported by: bangelov Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: HTTP API Keywords:
Focuses: Cc:

Description (last modified by swissspidy)

If you set Host header that includes port in wp_remote_* methods and you are using WP_Http_Streams, port will be doubly added into the Host header which breaks the HTTP request

Example request:

<?php
wp_remote_post( 'http://example.org', array( 'headers' => array( 'Host' => 'localhost:8080' ) );

will become localhost:8080:8080 because the following code doesn't strip the port from the Host header

<?php
if ( isset( $r['headers']['Host'] ) || isset( $r['headers']['host'] ) ) {
        if ( isset( $r['headers']['Host'] ) )
                $arrURL['host'] = $r['headers']['Host'];
        else
                $arrURL['host'] = $r['headers']['host'];
        unset( $r['headers']['Host'], $r['headers']['host'] );
}

Solution:

<?php
if ( isset( $r['headers']['Host'] ) || isset( $r['headers']['host'] ) ) {
        if ( isset( $r['headers']['Host'] ) )
                $arrURL['host'] = array_shift( explode( ':', $r['headers']['Host'] ) );
        else
                $arrURL['host'] = array_shift( explode( ':', $r['headers']['host'] ) );
                unset( $r['headers']['Host'], $r['headers']['host'] );
        }

Attachments (2)

fix_port_in_host_header.diff (689 bytes) - added by bangelov 5 years ago.
fix_port_in_host_header_new.diff (706 bytes) - added by bangelov 5 years ago.
new fix

Download all attachments as: .zip

Change History (6)

#1 @swissspidy
5 years ago

  • Component changed from General to HTTP API
  • Description modified (diff)

#2 @bangelov
5 years ago

I am adding new and better solution on the problem because if Host header contain IPv6 the above logic will fail

<?php
if ( isset( $r['headers']['Host'] ) || isset( $r['headers']['host'] ) ) {
        if ( isset( $r['headers']['Host'] ) )
                $arrURL['host'] = preg_replace( '/:\d+$/', '', $r['headers']['Host'] );
        else
                $arrURL['host'] = preg_replace( '/:\d+$/', '', $r['headers']['host'] );
        unset( $r['headers']['Host'], $r['headers']['host'] );
}

#3 @obenland
5 years ago

  • Version trunk deleted

#4 @dd32
4 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed

This was fixed by switching to Requests / fixed in #37991

Note: See TracTickets for help on using tickets.