#48761 closed defect (bug) (duplicate)
Update of WP-core, themes and Plugins fails behind a firewall
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Priority: | normal | |
| Severity: | major | Version: | 5.3 |
| Component: | HTTP API | Keywords: | needs-patch |
| Focuses: | Cc: |
Description
Hello to all!
Please excuse, that i am reporting #48509 again, but i am not familiar with
the bug track (second time for me) and don't know, how to move the ticket to the new version. It is not possible (for me), to select a higher version than 5.2.4 in the original #48509.
The error in ticket 48509 continues in Version 5.3.
Because i am using wordpress behind a firewall, it is very important, that
updates etc. are working. This error avoid correct operation behind a firewall.
Here is 48509 again:
Thank you very much for creating wordpress and giving me the chance to report a bug.
I am working in a governmental organization, which uses a big firewall to protect
themselves agains the attacks from the internet.
The error appeared first in version 5.2.4, in versions before all went well.
I have set the severity to "major", because you can't use any of the update functions
of wordpress behind a firewall anymore.
I found out the following:
In wp-includes/http.php in version 5.2.4 the following changes in function wp_http_validate_url() take part:
<?php //-------------- wp-includes/http.php version 5.2.4 ----------------------------- ... 551 if ( ! $same_host ) { 552 $host = trim( $parsed_url['host'], '.' ); 553 if ( preg_match( '#^(([1-9]?\d|1\d\d|25[0-5]|2[0-4]\d)\.){3}([1-9]?\d|1\d\d|25[0-5]|2[0-4]\d)$#', $host ) ) { 554 $ip = $host; 555 } else { 556 $ip = gethostbyname( $host ); 557 if ( $ip === $host ) { // Error condition for gethostbyname() /////////////////////////////////////////////////////// 558 return false; // <---- This is in version 5.2.4 /////////////////////////////////////////////////////// 559 } 560 } 561 if ( $ip ) { 562 $parts = array_map( 'intval', explode( '.', $ip ) ); 563 if ( 127 === $parts[0] || 10 === $parts[0] || 0 === $parts[0] 564 || ( 172 === $parts[0] && 16 <= $parts[1] && 31 >= $parts[1] ) 565 || ( 192 === $parts[0] && 168 === $parts[1] ) 566 ) { ... //--------------------------------------------------------------------------------
Since this change updates of wp-core, install and update of plugins and/or themes are not(!!) successful.
In version 5.2.3 all went well and i show you the corresponding lines:
<?php //-------------- wp-includes/http.php version 5.2.3 ------------------------------ ... 551 if ( ! $same_host ) { 552 $host = trim( $parsed_url['host'], '.' ); 553 if ( preg_match( '#^(([1-9]?\d|1\d\d|25[0-5]|2[0-4]\d)\.){3}([1-9]?\d|1\d\d|25[0-5]|2[0-4]\d)$#', $host ) ) { 554 $ip = $host; 555 } else { 556 $ip = gethostbyname( $host ); 557 if ( $ip === $host ) { // Error condition for gethostbyname() //////////////////////////////////////////////// 558 $ip = false; // this works fine behind firewall //////////////////////////////////////////////// 559 } 560 } 561 if ( $ip ) { 562 $parts = array_map( 'intval', explode( '.', $ip ) ); 563 if ( 127 === $parts[0] || 10 === $parts[0] || 0 === $parts[0] 564 || ( 172 === $parts[0] && 16 <= $parts[1] && 31 >= $parts[1] ) 565 || ( 192 === $parts[0] && 168 === $parts[1] ) 566 ) { ... //--------------------------------------------------------------------------------
The reason is the php-function "gethostbyname()", which returns an ip-number to a given host.
Behind a firewall you will find typically no dns-resolving of internet host names. In this
case gethostbyname() does not return an ip-number, it returns the host name. Therefore the
condition in line 557 becomes "true" and the result of wp_http_validate_url() is false.
This produces the error 'A valid URL was not provided.' in public function request in
wp-includes/class-http.php
I hope, that helps you to enhance wordpress. I change the 558 back to version 5.2.3
and wordpress works as good as ever behind a firewall.
Greetings karlte
Change History (2)
#1
follow-up:
↓ 2
@
5 years ago
- Milestone Awaiting Review deleted
- Resolution set to duplicate
- Status changed from new to closed
#2
in reply to:
↑ 1
@
5 years ago
Hi dd32!
Thanks for your information, sorry, i didn't know, how you deal with this.
As #48432 is still open, it's still a known unfixed bug.
I'm looking forward, that bug will be fixed, because for now i have to patch
all my wordpress instances manually or make no more updates (which is no solution).
Replying to dd32:
Hi @karlte,
We're already tracking this issue in #48432.
The version field refers to the earliest version of WordPress affected, and the Milestone indicates the version in which it's expected to be fixed in. As #48432 is still open, it's still a known unfixed bug.
I'm closing this as a duplicate of #48432, just the same as your other ticket. Opening new tickets won't help further the issue. The ticket does not need to be updated to reflect that a bug remains unfixed in a later version of WordPress.
Hi @karlte,
We're already tracking this issue in #48432.
The version field refers to the earliest version of WordPress affected, and the Milestone indicates the version in which it's expected to be fixed in. As #48432 is still open, it's still a known unfixed bug.
I'm closing this as a duplicate of #48432, just the same as your other ticket. Opening new tickets won't help further the issue. The ticket does not need to be updated to reflect that a bug remains unfixed in a later version of WordPress.