Use wp_safe_remote_request() and friends instead of reject_unsafe_urls = true.

fixes #24646.



git-svn-id: http://core.svn.wordpress.org/trunk@24917 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Andrew Nacin 2013-07-31 06:52:13 +00:00
parent 1ec392175c
commit 21a1fe8d4b
8 changed files with 13 additions and 19 deletions

View File

@ -183,7 +183,6 @@ class WP_Importer {
$headers = array(); $headers = array();
$args = array(); $args = array();
$args['reject_unsafe_urls'] = true;
if ( true === $head ) if ( true === $head )
$args['method'] = 'HEAD'; $args['method'] = 'HEAD';
if ( !empty( $username ) && !empty( $password ) ) if ( !empty( $username ) && !empty( $password ) )
@ -191,7 +190,7 @@ class WP_Importer {
$args['headers'] = $headers; $args['headers'] = $headers;
return wp_remote_request( $url, $args ); return wp_safe_remote_request( $url, $args );
} }
/** /**

View File

@ -497,7 +497,7 @@ function download_url( $url, $timeout = 300 ) {
if ( ! $tmpfname ) if ( ! $tmpfname )
return new WP_Error('http_no_file', __('Could not create Temporary file.')); return new WP_Error('http_no_file', __('Could not create Temporary file.'));
$response = wp_remote_get( $url, array( 'timeout' => $timeout, 'stream' => true, 'filename' => $tmpfname, 'reject_unsafe_urls' => true ) ); $response = wp_safe_remote_get( $url, array( 'timeout' => $timeout, 'stream' => true, 'filename' => $tmpfname ) );
if ( is_wp_error( $response ) ) { if ( is_wp_error( $response ) ) {
unlink( $tmpfname ); unlink( $tmpfname );

View File

@ -69,7 +69,6 @@ class WP_SimplePie_File extends SimplePie_File {
$args = array( $args = array(
'timeout' => $this->timeout, 'timeout' => $this->timeout,
'redirection' => $this->redirects, 'redirection' => $this->redirects,
'reject_unsafe_urls' => true,
); );
if ( !empty($this->headers) ) if ( !empty($this->headers) )
@ -78,7 +77,7 @@ class WP_SimplePie_File extends SimplePie_File {
if ( SIMPLEPIE_USERAGENT != $this->useragent ) //Use default WP user agent unless custom has been specified if ( SIMPLEPIE_USERAGENT != $this->useragent ) //Use default WP user agent unless custom has been specified
$args['user-agent'] = $this->useragent; $args['user-agent'] = $this->useragent;
$res = wp_remote_request($url, $args); $res = wp_safe_remote_request($url, $args);
if ( is_wp_error($res) ) { if ( is_wp_error($res) ) {
$this->error = 'WP HTTP Error: ' . $res->get_error_message(); $this->error = 'WP HTTP Error: ' . $res->get_error_message();

View File

@ -113,7 +113,7 @@ class WP_oEmbed {
$providers = array(); $providers = array();
// Fetch URL content // Fetch URL content
if ( $html = wp_remote_retrieve_body( wp_remote_get( $url, array( 'reject_unsafe_urls' => true ) ) ) ) { if ( $html = wp_remote_retrieve_body( wp_safe_remote_get( $url ) ) ) {
// <link> types that contain oEmbed provider URLs // <link> types that contain oEmbed provider URLs
$linktypes = apply_filters( 'oembed_linktypes', array( $linktypes = apply_filters( 'oembed_linktypes', array(
@ -195,7 +195,7 @@ class WP_oEmbed {
*/ */
function _fetch_with_format( $provider_url_with_args, $format ) { function _fetch_with_format( $provider_url_with_args, $format ) {
$provider_url_with_args = add_query_arg( 'format', $format, $provider_url_with_args ); $provider_url_with_args = add_query_arg( 'format', $format, $provider_url_with_args );
$response = wp_remote_get( $provider_url_with_args, array( 'reject_unsafe_urls' => true ) ); $response = wp_safe_remote_get( $provider_url_with_args );
if ( 501 == wp_remote_retrieve_response_code( $response ) ) if ( 501 == wp_remote_retrieve_response_code( $response ) )
return new WP_Error( 'not-implemented' ); return new WP_Error( 'not-implemented' );
if ( ! $body = wp_remote_retrieve_body( $response ) ) if ( ! $body = wp_remote_retrieve_body( $response ) )

View File

@ -5392,10 +5392,9 @@ class wp_xmlrpc_server extends IXR_Server {
$http_api_args = array( $http_api_args = array(
'timeout' => 10, 'timeout' => 10,
'redirection' => 0, 'redirection' => 0,
'reject_unsafe_urls' => true,
'limit_response_size' => 153600, // 150 KB 'limit_response_size' => 153600, // 150 KB
); );
$linea = wp_remote_retrieve_body( wp_remote_get( $pagelinkedfrom, $http_api_args ) ); $linea = wp_remote_retrieve_body( wp_safe_remote_get( $pagelinkedfrom, $http_api_args ) );
if ( !$linea ) if ( !$linea )
return $this->pingback_error( 16, __( 'The source URL does not exist.' ) ); return $this->pingback_error( 16, __( 'The source URL does not exist.' ) );

View File

@ -1658,7 +1658,7 @@ function discover_pingback_server_uri( $url, $deprecated = '' ) {
if ( 0 === strpos($url, $uploads_dir['baseurl']) ) if ( 0 === strpos($url, $uploads_dir['baseurl']) )
return false; return false;
$response = wp_remote_head( $url, array( 'timeout' => 2, 'httpversion' => '1.0', 'reject_unsafe_urls' => true ) ); $response = wp_safe_remote_head( $url, array( 'timeout' => 2, 'httpversion' => '1.0' ) );
if ( is_wp_error( $response ) ) if ( is_wp_error( $response ) )
return false; return false;
@ -1671,7 +1671,7 @@ function discover_pingback_server_uri( $url, $deprecated = '' ) {
return false; return false;
// Now do a GET since we're going to look in the html headers (and we're sure it's not a binary file) // Now do a GET since we're going to look in the html headers (and we're sure it's not a binary file)
$response = wp_remote_get( $url, array( 'timeout' => 2, 'httpversion' => '1.0', 'reject_unsafe_urls' => true ) ); $response = wp_safe_remote_get( $url, array( 'timeout' => 2, 'httpversion' => '1.0' ) );
if ( is_wp_error( $response ) ) if ( is_wp_error( $response ) )
return false; return false;
@ -1906,7 +1906,6 @@ function trackback($trackback_url, $title, $excerpt, $ID) {
$options = array(); $options = array();
$options['timeout'] = 4; $options['timeout'] = 4;
$options['reject_unsafe_urls'] = true;
$options['body'] = array( $options['body'] = array(
'title' => $title, 'title' => $title,
'url' => get_permalink($ID), 'url' => get_permalink($ID),
@ -1914,7 +1913,7 @@ function trackback($trackback_url, $title, $excerpt, $ID) {
'excerpt' => $excerpt 'excerpt' => $excerpt
); );
$response = wp_remote_post($trackback_url, $options); $response = wp_safe_remote_post( $trackback_url, $options );
if ( is_wp_error( $response ) ) if ( is_wp_error( $response ) )
return; return;

View File

@ -496,14 +496,13 @@ function wp_get_http( $url, $file_path = false, $red = 1 ) {
$options = array(); $options = array();
$options['redirection'] = 5; $options['redirection'] = 5;
$options['reject_unsafe_urls'] = true;
if ( false == $file_path ) if ( false == $file_path )
$options['method'] = 'HEAD'; $options['method'] = 'HEAD';
else else
$options['method'] = 'GET'; $options['method'] = 'GET';
$response = wp_remote_request($url, $options); $response = wp_safe_remote_request( $url, $options );
if ( is_wp_error( $response ) ) if ( is_wp_error( $response ) )
return false; return false;
@ -544,7 +543,7 @@ function wp_get_http_headers( $url, $deprecated = false ) {
if ( !empty( $deprecated ) ) if ( !empty( $deprecated ) )
_deprecated_argument( __FUNCTION__, '2.7' ); _deprecated_argument( __FUNCTION__, '2.7' );
$response = wp_remote_head( $url, array( 'reject_unsafe_urls' => true ) ); $response = wp_safe_remote_head( $url );
if ( is_wp_error( $response ) ) if ( is_wp_error( $response ) )
return false; return false;
@ -759,9 +758,8 @@ function wp_remote_fopen( $uri ) {
$options = array(); $options = array();
$options['timeout'] = 10; $options['timeout'] = 10;
$options['reject_unsafe_urls'] = true;
$response = wp_remote_get( $uri, $options ); $response = wp_safe_remote_get( $uri, $options );
if ( is_wp_error( $response ) ) if ( is_wp_error( $response ) )
return false; return false;

View File

@ -536,7 +536,7 @@ endif;
* @return Snoopy style response * @return Snoopy style response
*/ */
function _fetch_remote_file($url, $headers = "" ) { function _fetch_remote_file($url, $headers = "" ) {
$resp = wp_remote_request($url, array('headers' => $headers, 'timeout' => MAGPIE_FETCH_TIME_OUT, 'reject_unsafe_urls' => true )); $resp = wp_safe_remote_request( $url, array( 'headers' => $headers, 'timeout' => MAGPIE_FETCH_TIME_OUT ) );
if ( is_wp_error($resp) ) { if ( is_wp_error($resp) ) {
$error = array_shift($resp->errors); $error = array_shift($resp->errors);