From 37f6e6813a7def737797768a15da43d9067523c3 Mon Sep 17 00:00:00 2001 From: Ryan McCue Date: Fri, 13 May 2016 04:42:28 +0000 Subject: [PATCH] HTTP API: Replace internals with Requests library. Requests is a library very similar to WP_HTTP, with a high level of unit test coverage, and has a common lineage and development team. It also supports parallel requests. See #33055. Built from https://develop.svn.wordpress.org/trunk@37428 git-svn-id: http://core.svn.wordpress.org/trunk@37394 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/Requests/Auth.php | 33 + wp-includes/Requests/Auth/Basic.php | 88 ++ wp-includes/Requests/Cookie.php | 500 ++++++++ wp-includes/Requests/Cookie/Jar.php | 175 +++ wp-includes/Requests/Exception.php | 62 + wp-includes/Requests/Exception/HTTP.php | 71 ++ wp-includes/Requests/Exception/HTTP/304.php | 27 + wp-includes/Requests/Exception/HTTP/305.php | 27 + wp-includes/Requests/Exception/HTTP/306.php | 27 + wp-includes/Requests/Exception/HTTP/400.php | 27 + wp-includes/Requests/Exception/HTTP/401.php | 27 + wp-includes/Requests/Exception/HTTP/402.php | 27 + wp-includes/Requests/Exception/HTTP/403.php | 27 + wp-includes/Requests/Exception/HTTP/404.php | 27 + wp-includes/Requests/Exception/HTTP/405.php | 27 + wp-includes/Requests/Exception/HTTP/406.php | 27 + wp-includes/Requests/Exception/HTTP/407.php | 27 + wp-includes/Requests/Exception/HTTP/408.php | 27 + wp-includes/Requests/Exception/HTTP/409.php | 27 + wp-includes/Requests/Exception/HTTP/410.php | 27 + wp-includes/Requests/Exception/HTTP/411.php | 27 + wp-includes/Requests/Exception/HTTP/412.php | 27 + wp-includes/Requests/Exception/HTTP/413.php | 27 + wp-includes/Requests/Exception/HTTP/414.php | 27 + wp-includes/Requests/Exception/HTTP/415.php | 27 + wp-includes/Requests/Exception/HTTP/416.php | 27 + wp-includes/Requests/Exception/HTTP/417.php | 27 + wp-includes/Requests/Exception/HTTP/418.php | 29 + wp-includes/Requests/Exception/HTTP/428.php | 29 + wp-includes/Requests/Exception/HTTP/429.php | 29 + wp-includes/Requests/Exception/HTTP/431.php | 29 + wp-includes/Requests/Exception/HTTP/500.php | 27 + wp-includes/Requests/Exception/HTTP/501.php | 27 + wp-includes/Requests/Exception/HTTP/502.php | 27 + wp-includes/Requests/Exception/HTTP/503.php | 27 + wp-includes/Requests/Exception/HTTP/504.php | 27 + wp-includes/Requests/Exception/HTTP/505.php | 27 + wp-includes/Requests/Exception/HTTP/511.php | 29 + .../Requests/Exception/HTTP/Unknown.php | 44 + wp-includes/Requests/Exception/Transport.php | 5 + .../Requests/Exception/Transport/cURL.php | 56 + wp-includes/Requests/Hooker.php | 33 + wp-includes/Requests/Hooks.php | 68 ++ wp-includes/Requests/IDNAEncoder.php | 388 ++++++ wp-includes/Requests/IPv6.php | 190 +++ wp-includes/Requests/IRI.php | 1087 +++++++++++++++++ wp-includes/Requests/Proxy.php | 35 + wp-includes/Requests/Proxy/HTTP.php | 151 +++ wp-includes/Requests/Response.php | 121 ++ wp-includes/Requests/Response/Headers.php | 98 ++ wp-includes/Requests/SSL.php | 152 +++ wp-includes/Requests/Session.php | 266 ++++ wp-includes/Requests/Transport.php | 41 + wp-includes/Requests/Transport/cURL.php | 526 ++++++++ wp-includes/Requests/Transport/fsockopen.php | 441 +++++++ .../Utility/CaseInsensitiveDictionary.php | 103 ++ .../Requests/Utility/FilteredIterator.php | 45 + wp-includes/class-http.php | 211 ++-- wp-includes/class-requests.php | 976 +++++++++++++++ .../class-wp-http-requests-response.php | 229 ++++ wp-includes/default-filters.php | 3 +- wp-includes/http.php | 9 +- wp-includes/version.php | 2 +- wp-settings.php | 1 + 64 files changed, 7000 insertions(+), 84 deletions(-) create mode 100644 wp-includes/Requests/Auth.php create mode 100644 wp-includes/Requests/Auth/Basic.php create mode 100644 wp-includes/Requests/Cookie.php create mode 100644 wp-includes/Requests/Cookie/Jar.php create mode 100644 wp-includes/Requests/Exception.php create mode 100644 wp-includes/Requests/Exception/HTTP.php create mode 100644 wp-includes/Requests/Exception/HTTP/304.php create mode 100644 wp-includes/Requests/Exception/HTTP/305.php create mode 100644 wp-includes/Requests/Exception/HTTP/306.php create mode 100644 wp-includes/Requests/Exception/HTTP/400.php create mode 100644 wp-includes/Requests/Exception/HTTP/401.php create mode 100644 wp-includes/Requests/Exception/HTTP/402.php create mode 100644 wp-includes/Requests/Exception/HTTP/403.php create mode 100644 wp-includes/Requests/Exception/HTTP/404.php create mode 100644 wp-includes/Requests/Exception/HTTP/405.php create mode 100644 wp-includes/Requests/Exception/HTTP/406.php create mode 100644 wp-includes/Requests/Exception/HTTP/407.php create mode 100644 wp-includes/Requests/Exception/HTTP/408.php create mode 100644 wp-includes/Requests/Exception/HTTP/409.php create mode 100644 wp-includes/Requests/Exception/HTTP/410.php create mode 100644 wp-includes/Requests/Exception/HTTP/411.php create mode 100644 wp-includes/Requests/Exception/HTTP/412.php create mode 100644 wp-includes/Requests/Exception/HTTP/413.php create mode 100644 wp-includes/Requests/Exception/HTTP/414.php create mode 100644 wp-includes/Requests/Exception/HTTP/415.php create mode 100644 wp-includes/Requests/Exception/HTTP/416.php create mode 100644 wp-includes/Requests/Exception/HTTP/417.php create mode 100644 wp-includes/Requests/Exception/HTTP/418.php create mode 100644 wp-includes/Requests/Exception/HTTP/428.php create mode 100644 wp-includes/Requests/Exception/HTTP/429.php create mode 100644 wp-includes/Requests/Exception/HTTP/431.php create mode 100644 wp-includes/Requests/Exception/HTTP/500.php create mode 100644 wp-includes/Requests/Exception/HTTP/501.php create mode 100644 wp-includes/Requests/Exception/HTTP/502.php create mode 100644 wp-includes/Requests/Exception/HTTP/503.php create mode 100644 wp-includes/Requests/Exception/HTTP/504.php create mode 100644 wp-includes/Requests/Exception/HTTP/505.php create mode 100644 wp-includes/Requests/Exception/HTTP/511.php create mode 100644 wp-includes/Requests/Exception/HTTP/Unknown.php create mode 100644 wp-includes/Requests/Exception/Transport.php create mode 100644 wp-includes/Requests/Exception/Transport/cURL.php create mode 100644 wp-includes/Requests/Hooker.php create mode 100644 wp-includes/Requests/Hooks.php create mode 100644 wp-includes/Requests/IDNAEncoder.php create mode 100644 wp-includes/Requests/IPv6.php create mode 100644 wp-includes/Requests/IRI.php create mode 100644 wp-includes/Requests/Proxy.php create mode 100644 wp-includes/Requests/Proxy/HTTP.php create mode 100644 wp-includes/Requests/Response.php create mode 100644 wp-includes/Requests/Response/Headers.php create mode 100644 wp-includes/Requests/SSL.php create mode 100644 wp-includes/Requests/Session.php create mode 100644 wp-includes/Requests/Transport.php create mode 100644 wp-includes/Requests/Transport/cURL.php create mode 100644 wp-includes/Requests/Transport/fsockopen.php create mode 100644 wp-includes/Requests/Utility/CaseInsensitiveDictionary.php create mode 100644 wp-includes/Requests/Utility/FilteredIterator.php create mode 100644 wp-includes/class-requests.php create mode 100644 wp-includes/class-wp-http-requests-response.php diff --git a/wp-includes/Requests/Auth.php b/wp-includes/Requests/Auth.php new file mode 100644 index 0000000000..bca4109209 --- /dev/null +++ b/wp-includes/Requests/Auth.php @@ -0,0 +1,33 @@ +user, $this->pass) = $args; + } + } + + /** + * Register the necessary callbacks + * + * @see curl_before_send + * @see fsockopen_header + * @param Requests_Hooks $hooks Hook system + */ + public function register(Requests_Hooks &$hooks) { + $hooks->register('curl.before_send', array(&$this, 'curl_before_send')); + $hooks->register('fsockopen.after_headers', array(&$this, 'fsockopen_header')); + } + + /** + * Set cURL parameters before the data is sent + * + * @param resource $handle cURL resource + */ + public function curl_before_send(&$handle) { + curl_setopt($handle, CURLOPT_HTTPAUTH, CURLAUTH_BASIC); + curl_setopt($handle, CURLOPT_USERPWD, $this->getAuthString()); + } + + /** + * Add extra headers to the request before sending + * + * @param string $out HTTP header string + */ + public function fsockopen_header(&$out) { + $out .= sprintf("Authorization: Basic %s\r\n", base64_encode($this->getAuthString())); + } + + /** + * Get the authentication string (user:pass) + * + * @return string + */ + public function getAuthString() { + return $this->user . ':' . $this->pass; + } +} \ No newline at end of file diff --git a/wp-includes/Requests/Cookie.php b/wp-includes/Requests/Cookie.php new file mode 100644 index 0000000000..00fbbc73be --- /dev/null +++ b/wp-includes/Requests/Cookie.php @@ -0,0 +1,500 @@ +name = $name; + $this->value = $value; + $this->attributes = $attributes; + $default_flags = array( + 'creation' => time(), + 'last-access' => time(), + 'persistent' => false, + 'host-only' => true, + ); + $this->flags = array_merge($default_flags, $flags); + + $this->reference_time = time(); + if ($reference_time !== null) { + $this->reference_time = $reference_time; + } + + $this->normalize(); + } + + /** + * Check if a cookie is expired. + * + * Checks the age against $this->reference_time to determine if the cookie + * is expired. + * + * @return boolean True if expired, false if time is valid. + */ + public function is_expired() { + // RFC6265, s. 4.1.2.2: + // If a cookie has both the Max-Age and the Expires attribute, the Max- + // Age attribute has precedence and controls the expiration date of the + // cookie. + if (isset($this->attributes['max-age'])) { + $max_age = $this->attributes['max-age']; + return $max_age < $this->reference_time; + } + + if (isset($this->attributes['expires'])) { + $expires = $this->attributes['expires']; + return $expires < $this->reference_time; + } + + return false; + } + + /** + * Check if a cookie is valid for a given URI + * + * @param Requests_IRI $uri URI to check + * @return boolean Whether the cookie is valid for the given URI + */ + public function uri_matches(Requests_IRI $uri) { + if (!$this->domain_matches($uri->host)) { + return false; + } + + if (!$this->path_matches($uri->path)) { + return false; + } + + return empty($this->attributes['secure']) || $uri->scheme === 'https'; + } + + /** + * Check if a cookie is valid for a given domain + * + * @param string $string Domain to check + * @return boolean Whether the cookie is valid for the given domain + */ + public function domain_matches($string) { + if (!isset($this->attributes['domain'])) { + // Cookies created manually; cookies created by Requests will set + // the domain to the requested domain + return true; + } + + $domain_string = $this->attributes['domain']; + if ($domain_string === $string) { + // The domain string and the string are identical. + return true; + } + + // If the cookie is marked as host-only and we don't have an exact + // match, reject the cookie + if ($this->flags['host-only'] === true) { + return false; + } + + if (strlen($string) <= strlen($domain_string)) { + // For obvious reasons, the string cannot be a suffix if the domain + // is shorter than the domain string + return false; + } + + if (substr($string, -1 * strlen($domain_string)) !== $domain_string) { + // The domain string should be a suffix of the string. + return false; + } + + $prefix = substr($string, 0, strlen($string) - strlen($domain_string)); + if (substr($prefix, -1) !== '.') { + // The last character of the string that is not included in the + // domain string should be a %x2E (".") character. + return false; + } + + // The string should be a host name (i.e., not an IP address). + return !preg_match('#^(.+\.)\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$#', $string); + } + + /** + * Check if a cookie is valid for a given path + * + * From the path-match check in RFC 6265 section 5.1.4 + * + * @param string $request_path Path to check + * @return boolean Whether the cookie is valid for the given path + */ + public function path_matches($request_path) { + if (empty($request_path)) { + // Normalize empty path to root + $request_path = '/'; + } + + if (!isset($this->attributes['path'])) { + // Cookies created manually; cookies created by Requests will set + // the path to the requested path + return true; + } + + $cookie_path = $this->attributes['path']; + + if ($cookie_path === $request_path) { + // The cookie-path and the request-path are identical. + return true; + } + + if (strlen($request_path) > strlen($cookie_path) && substr($request_path, 0, strlen($cookie_path)) === $cookie_path) { + if (substr($cookie_path, -1) === '/') { + // The cookie-path is a prefix of the request-path, and the last + // character of the cookie-path is %x2F ("/"). + return true; + } + + if (substr($request_path, strlen($cookie_path), 1) === '/') { + // The cookie-path is a prefix of the request-path, and the + // first character of the request-path that is not included in + // the cookie-path is a %x2F ("/") character. + return true; + } + } + + return false; + } + + /** + * Normalize cookie and attributes + * + * @return boolean Whether the cookie was successfully normalized + */ + public function normalize() { + foreach ($this->attributes as $key => $value) { + $orig_value = $value; + $value = $this->normalize_attribute($key, $value); + if ($value === null) { + unset($this->attributes[$key]); + continue; + } + + if ($value !== $orig_value) { + $this->attributes[$key] = $value; + } + } + + return true; + } + + /** + * Parse an individual cookie attribute + * + * Handles parsing individual attributes from the cookie values. + * + * @param string $name Attribute name + * @param string|boolean $value Attribute value (string value, or true if empty/flag) + * @return mixed Value if available, or null if the attribute value is invalid (and should be skipped) + */ + protected function normalize_attribute($name, $value) { + switch (strtolower($name)) { + case 'expires': + // Expiration parsing, as per RFC 6265 section 5.2.1 + if (is_int($value)) { + return $value; + } + + $expiry_time = strtotime($value); + if ($expiry_time === false) { + return null; + } + + return $expiry_time; + + case 'max-age': + // Expiration parsing, as per RFC 6265 section 5.2.2 + if (is_int($value)) { + return $value; + } + + // Check that we have a valid age + if (!preg_match('/^-?\d+$/', $value)) { + return null; + } + + $delta_seconds = (int) $value; + if ($delta_seconds <= 0) { + $expiry_time = 0; + } + else { + $expiry_time = $this->reference_time + $delta_seconds; + } + + return $expiry_time; + + case 'domain': + // Domain normalization, as per RFC 6265 section 5.2.3 + if ($value[0] === '.') { + $value = substr($value, 1); + } + + return $value; + + default: + return $value; + } + } + + /** + * Format a cookie for a Cookie header + * + * This is used when sending cookies to a server. + * + * @return string Cookie formatted for Cookie header + */ + public function format_for_header() { + return sprintf('%s=%s', $this->name, $this->value); + } + + /** + * Format a cookie for a Cookie header + * + * @codeCoverageIgnore + * @deprecated Use {@see Requests_Cookie::format_for_header} + * @return string + */ + public function formatForHeader() { + return $this->format_for_header(); + } + + /** + * Format a cookie for a Set-Cookie header + * + * This is used when sending cookies to clients. This isn't really + * applicable to client-side usage, but might be handy for debugging. + * + * @return string Cookie formatted for Set-Cookie header + */ + public function format_for_set_cookie() { + $header_value = $this->format_for_header(); + if (!empty($this->attributes)) { + $parts = array(); + foreach ($this->attributes as $key => $value) { + // Ignore non-associative attributes + if (is_numeric($key)) { + $parts[] = $value; + } + else { + $parts[] = sprintf('%s=%s', $key, $value); + } + } + + $header_value .= '; ' . implode('; ', $parts); + } + return $header_value; + } + + /** + * Format a cookie for a Set-Cookie header + * + * @codeCoverageIgnore + * @deprecated Use {@see Requests_Cookie::format_for_set_cookie} + * @return string + */ + public function formatForSetCookie() { + return $this->format_for_set_cookie(); + } + + /** + * Get the cookie value + * + * Attributes and other data can be accessed via methods. + */ + public function __toString() { + return $this->value; + } + + /** + * Parse a cookie string into a cookie object + * + * Based on Mozilla's parsing code in Firefox and related projects, which + * is an intentional deviation from RFC 2109 and RFC 2616. RFC 6265 + * specifies some of this handling, but not in a thorough manner. + * + * @param string Cookie header value (from a Set-Cookie header) + * @return Requests_Cookie Parsed cookie object + */ + public static function parse($string, $name = '', $reference_time = null) { + $parts = explode(';', $string); + $kvparts = array_shift($parts); + + if (!empty($name)) { + $value = $string; + } + elseif (strpos($kvparts, '=') === false) { + // Some sites might only have a value without the equals separator. + // Deviate from RFC 6265 and pretend it was actually a blank name + // (`=foo`) + // + // https://bugzilla.mozilla.org/show_bug.cgi?id=169091 + $name = ''; + $value = $kvparts; + } + else { + list($name, $value) = explode('=', $kvparts, 2); + } + $name = trim($name); + $value = trim($value); + + // Attribute key are handled case-insensitively + $attributes = new Requests_Utility_CaseInsensitiveDictionary(); + + if (!empty($parts)) { + foreach ($parts as $part) { + if (strpos($part, '=') === false) { + $part_key = $part; + $part_value = true; + } + else { + list($part_key, $part_value) = explode('=', $part, 2); + $part_value = trim($part_value); + } + + $part_key = trim($part_key); + $attributes[$part_key] = $part_value; + } + } + + return new Requests_Cookie($name, $value, $attributes, array(), $reference_time); + } + + /** + * Parse all Set-Cookie headers from request headers + * + * @param Requests_Response_Headers $headers Headers to parse from + * @param Requests_IRI|null $origin URI for comparing cookie origins + * @param int|null $time Reference time for expiration calculation + * @return array + */ + public static function parse_from_headers(Requests_Response_Headers $headers, Requests_IRI $origin = null, $time = null) { + $cookie_headers = $headers->getValues('Set-Cookie'); + if (empty($cookie_headers)) { + return array(); + } + + $cookies = array(); + foreach ($cookie_headers as $header) { + $parsed = self::parse($header, '', $time); + + // Default domain/path attributes + if (empty($parsed->attributes['domain']) && !empty($origin)) { + $parsed->attributes['domain'] = $origin->host; + $parsed->flags['host-only'] = true; + } + else { + $parsed->flags['host-only'] = false; + } + + $path_is_valid = (!empty($parsed->attributes['path']) && $parsed->attributes['path'][0] === '/'); + if (!$path_is_valid && !empty($origin)) { + $path = $origin->path; + + // Default path normalization as per RFC 6265 section 5.1.4 + if (substr($path, 0, 1) !== '/') { + // If the uri-path is empty or if the first character of + // the uri-path is not a %x2F ("/") character, output + // %x2F ("/") and skip the remaining steps. + $path = '/'; + } + elseif (substr_count($path, '/') === 1) { + // If the uri-path contains no more than one %x2F ("/") + // character, output %x2F ("/") and skip the remaining + // step. + $path = '/'; + } + else { + // Output the characters of the uri-path from the first + // character up to, but not including, the right-most + // %x2F ("/"). + $path = substr($path, 0, strrpos($path, '/')); + } + $parsed->attributes['path'] = $path; + } + + // Reject invalid cookie domains + if (!empty($origin) && !$parsed->domain_matches($origin->host)) { + continue; + } + + $cookies[$parsed->name] = $parsed; + } + + return $cookies; + } + + /** + * Parse all Set-Cookie headers from request headers + * + * @codeCoverageIgnore + * @deprecated Use {@see Requests_Cookie::parse_from_headers} + * @return string + */ + public static function parseFromHeaders(Requests_Response_Headers $headers) { + return self::parse_from_headers($headers); + } +} diff --git a/wp-includes/Requests/Cookie/Jar.php b/wp-includes/Requests/Cookie/Jar.php new file mode 100644 index 0000000000..69be0fb57f --- /dev/null +++ b/wp-includes/Requests/Cookie/Jar.php @@ -0,0 +1,175 @@ +cookies = $cookies; + } + + /** + * Normalise cookie data into a Requests_Cookie + * + * @param string|Requests_Cookie $cookie + * @return Requests_Cookie + */ + public function normalize_cookie($cookie, $key = null) { + if ($cookie instanceof Requests_Cookie) { + return $cookie; + } + + return Requests_Cookie::parse($cookie, $key); + } + + /** + * Normalise cookie data into a Requests_Cookie + * + * @codeCoverageIgnore + * @deprecated Use {@see Requests_Cookie_Jar::normalize_cookie} + * @return Requests_Cookie + */ + public function normalizeCookie($cookie, $key = null) { + return $this->normalize_cookie($cookie, $key); + } + + /** + * Check if the given item exists + * + * @param string $key Item key + * @return boolean Does the item exist? + */ + public function offsetExists($key) { + return isset($this->cookies[$key]); + } + + /** + * Get the value for the item + * + * @param string $key Item key + * @return string Item value + */ + public function offsetGet($key) { + if (!isset($this->cookies[$key])) { + return null; + } + + return $this->cookies[$key]; + } + + /** + * Set the given item + * + * @throws Requests_Exception On attempting to use dictionary as list (`invalidset`) + * + * @param string $key Item name + * @param string $value Item value + */ + public function offsetSet($key, $value) { + if ($key === null) { + throw new Requests_Exception('Object is a dictionary, not a list', 'invalidset'); + } + + $this->cookies[$key] = $value; + } + + /** + * Unset the given header + * + * @param string $key + */ + public function offsetUnset($key) { + unset($this->cookies[$key]); + } + + /** + * Get an iterator for the data + * + * @return ArrayIterator + */ + public function getIterator() { + return new ArrayIterator($this->cookies); + } + + /** + * Register the cookie handler with the request's hooking system + * + * @param Requests_Hooker $hooks Hooking system + */ + public function register(Requests_Hooker $hooks) { + $hooks->register('requests.before_request', array($this, 'before_request')); + $hooks->register('requests.before_redirect_check', array($this, 'before_redirect_check')); + } + + /** + * Add Cookie header to a request if we have any + * + * As per RFC 6265, cookies are separated by '; ' + * + * @param string $url + * @param array $headers + * @param array $data + * @param string $type + * @param array $options + */ + public function before_request($url, &$headers, &$data, &$type, &$options) { + if (!$url instanceof Requests_IRI) { + $url = new Requests_IRI($url); + } + + if (!empty($this->cookies)) { + $cookies = array(); + foreach ($this->cookies as $key => $cookie) { + $cookie = $this->normalize_cookie($cookie, $key); + + // Skip expired cookies + if ($cookie->is_expired()) { + continue; + } + + if ($cookie->domain_matches($url->host)) { + $cookies[] = $cookie->format_for_header(); + } + } + + $headers['Cookie'] = implode('; ', $cookies); + } + } + + /** + * Parse all cookies from a response and attach them to the response + * + * @var Requests_Response $response + */ + public function before_redirect_check(Requests_Response &$return) { + $url = $return->url; + if (!$url instanceof Requests_IRI) { + $url = new Requests_IRI($url); + } + + $cookies = Requests_Cookie::parse_from_headers($return->headers, $url); + $this->cookies = array_merge($this->cookies, $cookies); + $return->cookies = $this; + } +} \ No newline at end of file diff --git a/wp-includes/Requests/Exception.php b/wp-includes/Requests/Exception.php new file mode 100644 index 0000000000..37d4711c14 --- /dev/null +++ b/wp-includes/Requests/Exception.php @@ -0,0 +1,62 @@ +type = $type; + $this->data = $data; + } + + /** + * Like {@see getCode()}, but a string code. + * + * @codeCoverageIgnore + * @return string + */ + public function getType() { + return $this->type; + } + + /** + * Gives any relevant data + * + * @codeCoverageIgnore + * @return mixed + */ + public function getData() { + return $this->data; + } +} \ No newline at end of file diff --git a/wp-includes/Requests/Exception/HTTP.php b/wp-includes/Requests/Exception/HTTP.php new file mode 100644 index 0000000000..9ac6a873de --- /dev/null +++ b/wp-includes/Requests/Exception/HTTP.php @@ -0,0 +1,71 @@ +reason = $reason; + } + + $message = sprintf('%d %s', $this->code, $this->reason); + parent::__construct($message, 'httpresponse', $data, $this->code); + } + + /** + * Get the status message + */ + public function getReason() { + return $this->reason; + } + + /** + * Get the correct exception class for a given error code + * + * @param int|bool $code HTTP status code, or false if unavailable + * @return string Exception class name to use + */ + public static function get_class($code) { + if (!$code) { + return 'Requests_Exception_HTTP_Unknown'; + } + + $class = sprintf('Requests_Exception_HTTP_%d', $code); + if (class_exists($class)) { + return $class; + } + + return 'Requests_Exception_HTTP_Unknown'; + } +} \ No newline at end of file diff --git a/wp-includes/Requests/Exception/HTTP/304.php b/wp-includes/Requests/Exception/HTTP/304.php new file mode 100644 index 0000000000..6799033583 --- /dev/null +++ b/wp-includes/Requests/Exception/HTTP/304.php @@ -0,0 +1,27 @@ +code = $data->status_code; + } + + parent::__construct($reason, $data); + } +} \ No newline at end of file diff --git a/wp-includes/Requests/Exception/Transport.php b/wp-includes/Requests/Exception/Transport.php new file mode 100644 index 0000000000..e60b4884c2 --- /dev/null +++ b/wp-includes/Requests/Exception/Transport.php @@ -0,0 +1,5 @@ +type = $type; + } + + if ($code !== null) { + $this->code = $code; + } + + if ($message !== null) { + $this->reason = $message; + } + + $message = sprintf('%d %s', $this->code, $this->reason); + parent::__construct($message, $this->type, $data, $this->code); + } + + /** + * Get the error message + */ + public function getReason() { + return $this->reason; + } + +} diff --git a/wp-includes/Requests/Hooker.php b/wp-includes/Requests/Hooker.php new file mode 100644 index 0000000000..f667ae9c58 --- /dev/null +++ b/wp-includes/Requests/Hooker.php @@ -0,0 +1,33 @@ +0 is executed later + */ + public function register($hook, $callback, $priority = 0); + + /** + * Dispatch a message + * + * @param string $hook Hook name + * @param array $parameters Parameters to pass to callbacks + * @return boolean Successfulness + */ + public function dispatch($hook, $parameters = array()); +} \ No newline at end of file diff --git a/wp-includes/Requests/Hooks.php b/wp-includes/Requests/Hooks.php new file mode 100644 index 0000000000..2e61c73406 --- /dev/null +++ b/wp-includes/Requests/Hooks.php @@ -0,0 +1,68 @@ +0 is executed later + */ + public function register($hook, $callback, $priority = 0) { + if (!isset($this->hooks[$hook])) { + $this->hooks[$hook] = array(); + } + if (!isset($this->hooks[$hook][$priority])) { + $this->hooks[$hook][$priority] = array(); + } + + $this->hooks[$hook][$priority][] = $callback; + } + + /** + * Dispatch a message + * + * @param string $hook Hook name + * @param array $parameters Parameters to pass to callbacks + * @return boolean Successfulness + */ + public function dispatch($hook, $parameters = array()) { + if (empty($this->hooks[$hook])) { + return false; + } + + foreach ($this->hooks[$hook] as $priority => $hooked) { + foreach ($hooked as $callback) { + call_user_func_array($callback, $parameters); + } + } + + return true; + } +} \ No newline at end of file diff --git a/wp-includes/Requests/IDNAEncoder.php b/wp-includes/Requests/IDNAEncoder.php new file mode 100644 index 0000000000..eaecb73da8 --- /dev/null +++ b/wp-includes/Requests/IDNAEncoder.php @@ -0,0 +1,388 @@ + 0) { + if ($position + $length > $strlen) { + throw new Requests_Exception('Invalid Unicode codepoint', 'idna.invalidcodepoint', $character); + } + for ($position++; $remaining > 0; $position++) { + $value = ord($input[$position]); + + // If it is invalid, count the sequence as invalid and reprocess the current byte: + if (($value & 0xC0) !== 0x80) { + throw new Requests_Exception('Invalid Unicode codepoint', 'idna.invalidcodepoint', $character); + } + + $character |= ($value & 0x3F) << (--$remaining * 6); + } + $position--; + } + + if ( + // Non-shortest form sequences are invalid + $length > 1 && $character <= 0x7F + || $length > 2 && $character <= 0x7FF + || $length > 3 && $character <= 0xFFFF + // Outside of range of ucschar codepoints + // Noncharacters + || ($character & 0xFFFE) === 0xFFFE + || $character >= 0xFDD0 && $character <= 0xFDEF + || ( + // Everything else not in ucschar + $character > 0xD7FF && $character < 0xF900 + || $character < 0x20 + || $character > 0x7E && $character < 0xA0 + || $character > 0xEFFFD + ) + ) { + throw new Requests_Exception('Invalid Unicode codepoint', 'idna.invalidcodepoint', $character); + } + + $codepoints[] = $character; + } + + return $codepoints; + } + + /** + * RFC3492-compliant encoder + * + * @internal Pseudo-code from Section 6.3 is commented with "#" next to relevant code + * @throws Requests_Exception On character outside of the domain (never happens with Punycode) (`idna.character_outside_domain`) + * + * @param string $input UTF-8 encoded string to encode + * @return string Punycode-encoded string + */ + public static function punycode_encode($input) { + $output = ''; +# let n = initial_n + $n = self::BOOTSTRAP_INITIAL_N; +# let delta = 0 + $delta = 0; +# let bias = initial_bias + $bias = self::BOOTSTRAP_INITIAL_BIAS; +# let h = b = the number of basic code points in the input + $h = $b = 0; // see loop +# copy them to the output in order + $codepoints = self::utf8_to_codepoints($input); + $extended = array(); + + foreach ($codepoints as $char) { + if ($char < 128) { + // Character is valid ASCII + // TODO: this should also check if it's valid for a URL + $output .= chr($char); + $h++; + } + // Check if the character is non-ASCII, but below initial n + // This never occurs for Punycode, so ignore in coverage + // @codeCoverageIgnoreStart + elseif ($char < $n) { + throw new Requests_Exception('Invalid character', 'idna.character_outside_domain', $char); + } + // @codeCoverageIgnoreEnd + else { + $extended[$char] = true; + } + } + $extended = array_keys($extended); + sort($extended); + $b = $h; +# [copy them] followed by a delimiter if b > 0 + if (strlen($output) > 0) { + $output .= '-'; + } +# {if the input contains a non-basic code point < n then fail} +# while h < length(input) do begin + while ($h < count($codepoints)) { +# let m = the minimum code point >= n in the input + $m = array_shift($extended); + //printf('next code point to insert is %s' . PHP_EOL, dechex($m)); +# let delta = delta + (m - n) * (h + 1), fail on overflow + $delta += ($m - $n) * ($h + 1); +# let n = m + $n = $m; +# for each code point c in the input (in order) do begin + for ($num = 0; $num < count($codepoints); $num++) { + $c = $codepoints[$num]; +# if c < n then increment delta, fail on overflow + if ($c < $n) { + $delta++; + } +# if c == n then begin + elseif ($c === $n) { +# let q = delta + $q = $delta; +# for k = base to infinity in steps of base do begin + for ($k = self::BOOTSTRAP_BASE; ; $k += self::BOOTSTRAP_BASE) { +# let t = tmin if k <= bias {+ tmin}, or +# tmax if k >= bias + tmax, or k - bias otherwise + if ($k <= ($bias + self::BOOTSTRAP_TMIN)) { + $t = self::BOOTSTRAP_TMIN; + } + elseif ($k >= ($bias + self::BOOTSTRAP_TMAX)) { + $t = self::BOOTSTRAP_TMAX; + } + else { + $t = $k - $bias; + } +# if q < t then break + if ($q < $t) { + break; + } +# output the code point for digit t + ((q - t) mod (base - t)) + $digit = $t + (($q - $t) % (self::BOOTSTRAP_BASE - $t)); + $output .= self::digit_to_char($digit); +# let q = (q - t) div (base - t) + $q = floor(($q - $t) / (self::BOOTSTRAP_BASE - $t)); +# end + } +# output the code point for digit q + $output .= self::digit_to_char($q); +# let bias = adapt(delta, h + 1, test h equals b?) + $bias = self::adapt($delta, $h + 1, $h === $b); +# let delta = 0 + $delta = 0; +# increment h + $h++; +# end + } +# end + } +# increment delta and n + $delta++; + $n++; +# end + } + + return $output; + } + + /** + * Convert a digit to its respective character + * + * @see http://tools.ietf.org/html/rfc3492#section-5 + * @throws Requests_Exception On invalid digit (`idna.invalid_digit`) + * + * @param int $digit Digit in the range 0-35 + * @return string Single character corresponding to digit + */ + protected static function digit_to_char($digit) { + // @codeCoverageIgnoreStart + // As far as I know, this never happens, but still good to be sure. + if ($digit < 0 || $digit > 35) { + throw new Requests_Exception(sprintf('Invalid digit %d', $digit), 'idna.invalid_digit', $digit); + } + // @codeCoverageIgnoreEnd + $digits = 'abcdefghijklmnopqrstuvwxyz0123456789'; + return substr($digits, $digit, 1); + } + + /** + * Adapt the bias + * + * @see http://tools.ietf.org/html/rfc3492#section-6.1 + * @param int $delta + * @param int $numpoints + * @param bool $firsttime + * @return int New bias + */ + protected static function adapt($delta, $numpoints, $firsttime) { +# function adapt(delta,numpoints,firsttime): +# if firsttime then let delta = delta div damp + if ($firsttime) { + $delta = floor($delta / self::BOOTSTRAP_DAMP); + } +# else let delta = delta div 2 + else { + $delta = floor($delta / 2); + } +# let delta = delta + (delta div numpoints) + $delta += floor($delta / $numpoints); +# let k = 0 + $k = 0; +# while delta > ((base - tmin) * tmax) div 2 do begin + $max = floor(((self::BOOTSTRAP_BASE - self::BOOTSTRAP_TMIN) * self::BOOTSTRAP_TMAX) / 2); + while ($delta > $max) { +# let delta = delta div (base - tmin) + $delta = floor($delta / (self::BOOTSTRAP_BASE - self::BOOTSTRAP_TMIN)); +# let k = k + base + $k += self::BOOTSTRAP_BASE; +# end + } +# return k + (((base - tmin + 1) * delta) div (delta + skew)) + return $k + floor(((self::BOOTSTRAP_BASE - self::BOOTSTRAP_TMIN + 1) * $delta) / ($delta + self::BOOTSTRAP_SKEW)); + } +} \ No newline at end of file diff --git a/wp-includes/Requests/IPv6.php b/wp-includes/Requests/IPv6.php new file mode 100644 index 0000000000..204dbd7e66 --- /dev/null +++ b/wp-includes/Requests/IPv6.php @@ -0,0 +1,190 @@ + FF01:0:0:0:0:0:0:101 + * ::1 -> 0:0:0:0:0:0:0:1 + * + * @author Alexander Merz + * @author elfrink at introweb dot nl + * @author Josh Peck + * @copyright 2003-2005 The PHP Group + * @license http://www.opensource.org/licenses/bsd-license.php + * @param string $ip An IPv6 address + * @return string The uncompressed IPv6 address + */ + public static function uncompress($ip) { + if (substr_count($ip, '::') !== 1) { + return $ip; + } + + list($ip1, $ip2) = explode('::', $ip); + $c1 = ($ip1 === '') ? -1 : substr_count($ip1, ':'); + $c2 = ($ip2 === '') ? -1 : substr_count($ip2, ':'); + + if (strpos($ip2, '.') !== false) { + $c2++; + } + // :: + if ($c1 === -1 && $c2 === -1) { + $ip = '0:0:0:0:0:0:0:0'; + } + // ::xxx + else if ($c1 === -1) { + $fill = str_repeat('0:', 7 - $c2); + $ip = str_replace('::', $fill, $ip); + } + // xxx:: + else if ($c2 === -1) { + $fill = str_repeat(':0', 7 - $c1); + $ip = str_replace('::', $fill, $ip); + } + // xxx::xxx + else { + $fill = ':' . str_repeat('0:', 6 - $c2 - $c1); + $ip = str_replace('::', $fill, $ip); + } + return $ip; + } + + /** + * Compresses an IPv6 address + * + * RFC 4291 allows you to compress consecutive zero pieces in an address to + * '::'. This method expects a valid IPv6 address and compresses consecutive + * zero pieces to '::'. + * + * Example: FF01:0:0:0:0:0:0:101 -> FF01::101 + * 0:0:0:0:0:0:0:1 -> ::1 + * + * @see uncompress() + * @param string $ip An IPv6 address + * @return string The compressed IPv6 address + */ + public static function compress($ip) { + // Prepare the IP to be compressed + $ip = self::uncompress($ip); + $ip_parts = self::split_v6_v4($ip); + + // Replace all leading zeros + $ip_parts[0] = preg_replace('/(^|:)0+([0-9])/', '\1\2', $ip_parts[0]); + + // Find bunches of zeros + if (preg_match_all('/(?:^|:)(?:0(?::|$))+/', $ip_parts[0], $matches, PREG_OFFSET_CAPTURE)) { + $max = 0; + $pos = null; + foreach ($matches[0] as $match) { + if (strlen($match[0]) > $max) { + $max = strlen($match[0]); + $pos = $match[1]; + } + } + + $ip_parts[0] = substr_replace($ip_parts[0], '::', $pos, $max); + } + + if ($ip_parts[1] !== '') { + return implode(':', $ip_parts); + } + else { + return $ip_parts[0]; + } + } + + /** + * Splits an IPv6 address into the IPv6 and IPv4 representation parts + * + * RFC 4291 allows you to represent the last two parts of an IPv6 address + * using the standard IPv4 representation + * + * Example: 0:0:0:0:0:0:13.1.68.3 + * 0:0:0:0:0:FFFF:129.144.52.38 + * + * @param string $ip An IPv6 address + * @return string[] [0] contains the IPv6 represented part, and [1] the IPv4 represented part + */ + protected static function split_v6_v4($ip) { + if (strpos($ip, '.') !== false) { + $pos = strrpos($ip, ':'); + $ipv6_part = substr($ip, 0, $pos); + $ipv4_part = substr($ip, $pos + 1); + return array($ipv6_part, $ipv4_part); + } + else { + return array($ip, ''); + } + } + + /** + * Checks an IPv6 address + * + * Checks if the given IP is a valid IPv6 address + * + * @param string $ip An IPv6 address + * @return bool true if $ip is a valid IPv6 address + */ + public static function check_ipv6($ip) { + $ip = self::uncompress($ip); + list($ipv6, $ipv4) = self::split_v6_v4($ip); + $ipv6 = explode(':', $ipv6); + $ipv4 = explode('.', $ipv4); + if (count($ipv6) === 8 && count($ipv4) === 1 || count($ipv6) === 6 && count($ipv4) === 4) { + foreach ($ipv6 as $ipv6_part) { + // The section can't be empty + if ($ipv6_part === '') { + return false; + } + + // Nor can it be over four characters + if (strlen($ipv6_part) > 4) { + return false; + } + + // Remove leading zeros (this is safe because of the above) + $ipv6_part = ltrim($ipv6_part, '0'); + if ($ipv6_part === '') { + $ipv6_part = '0'; + } + + // Check the value is valid + $value = hexdec($ipv6_part); + if (dechex($value) !== strtolower($ipv6_part) || $value < 0 || $value > 0xFFFF) { + return false; + } + } + if (count($ipv4) === 4) { + foreach ($ipv4 as $ipv4_part) { + $value = (int) $ipv4_part; + if ((string) $value !== $ipv4_part || $value < 0 || $value > 0xFF) { + return false; + } + } + } + return true; + } + else { + return false; + } + } +} diff --git a/wp-includes/Requests/IRI.php b/wp-includes/Requests/IRI.php new file mode 100644 index 0000000000..44a95171b7 --- /dev/null +++ b/wp-includes/Requests/IRI.php @@ -0,0 +1,1087 @@ + array( + 'port' => 674 + ), + 'dict' => array( + 'port' => 2628 + ), + 'file' => array( + 'ihost' => 'localhost' + ), + 'http' => array( + 'port' => 80, + ), + 'https' => array( + 'port' => 443, + ), + ); + + /** + * Return the entire IRI when you try and read the object as a string + * + * @return string + */ + public function __toString() { + return $this->get_iri(); + } + + /** + * Overload __set() to provide access via properties + * + * @param string $name Property name + * @param mixed $value Property value + */ + public function __set($name, $value) { + if (method_exists($this, 'set_' . $name)) { + call_user_func(array($this, 'set_' . $name), $value); + } + elseif ( + $name === 'iauthority' + || $name === 'iuserinfo' + || $name === 'ihost' + || $name === 'ipath' + || $name === 'iquery' + || $name === 'ifragment' + ) { + call_user_func(array($this, 'set_' . substr($name, 1)), $value); + } + } + + /** + * Overload __get() to provide access via properties + * + * @param string $name Property name + * @return mixed + */ + public function __get($name) { + // isset() returns false for null, we don't want to do that + // Also why we use array_key_exists below instead of isset() + $props = get_object_vars($this); + + if ( + $name === 'iri' || + $name === 'uri' || + $name === 'iauthority' || + $name === 'authority' + ) { + $method = 'get_' . $name; + $return = $this->$method(); + } + elseif (array_key_exists($name, $props)) { + $return = $this->$name; + } + // host -> ihost + elseif (($prop = 'i' . $name) && array_key_exists($prop, $props)) { + $name = $prop; + $return = $this->$prop; + } + // ischeme -> scheme + elseif (($prop = substr($name, 1)) && array_key_exists($prop, $props)) { + $name = $prop; + $return = $this->$prop; + } + else { + trigger_error('Undefined property: ' . get_class($this) . '::' . $name, E_USER_NOTICE); + $return = null; + } + + if ($return === null && isset($this->normalization[$this->scheme][$name])) { + return $this->normalization[$this->scheme][$name]; + } + else { + return $return; + } + } + + /** + * Overload __isset() to provide access via properties + * + * @param string $name Property name + * @return bool + */ + public function __isset($name) { + return (method_exists($this, 'get_' . $name) || isset($this->$name)); + } + + /** + * Overload __unset() to provide access via properties + * + * @param string $name Property name + */ + public function __unset($name) { + if (method_exists($this, 'set_' . $name)) { + call_user_func(array($this, 'set_' . $name), ''); + } + } + + /** + * Create a new IRI object, from a specified string + * + * @param string|null $iri + */ + public function __construct($iri = null) { + $this->set_iri($iri); + } + + /** + * Create a new IRI object by resolving a relative IRI + * + * Returns false if $base is not absolute, otherwise an IRI. + * + * @param IRI|string $base (Absolute) Base IRI + * @param IRI|string $relative Relative IRI + * @return IRI|false + */ + public static function absolutize($base, $relative) { + if (!($relative instanceof Requests_IRI)) { + $relative = new Requests_IRI($relative); + } + if (!$relative->is_valid()) { + return false; + } + elseif ($relative->scheme !== null) { + return clone $relative; + } + + if (!($base instanceof Requests_IRI)) { + $base = new Requests_IRI($base); + } + if ($base->scheme === null || !$base->is_valid()) { + return false; + } + + if ($relative->get_iri() !== '') { + if ($relative->iuserinfo !== null || $relative->ihost !== null || $relative->port !== null) { + $target = clone $relative; + $target->scheme = $base->scheme; + } + else { + $target = new Requests_IRI; + $target->scheme = $base->scheme; + $target->iuserinfo = $base->iuserinfo; + $target->ihost = $base->ihost; + $target->port = $base->port; + if ($relative->ipath !== '') { + if ($relative->ipath[0] === '/') { + $target->ipath = $relative->ipath; + } + elseif (($base->iuserinfo !== null || $base->ihost !== null || $base->port !== null) && $base->ipath === '') { + $target->ipath = '/' . $relative->ipath; + } + elseif (($last_segment = strrpos($base->ipath, '/')) !== false) { + $target->ipath = substr($base->ipath, 0, $last_segment + 1) . $relative->ipath; + } + else { + $target->ipath = $relative->ipath; + } + $target->ipath = $target->remove_dot_segments($target->ipath); + $target->iquery = $relative->iquery; + } + else { + $target->ipath = $base->ipath; + if ($relative->iquery !== null) { + $target->iquery = $relative->iquery; + } + elseif ($base->iquery !== null) { + $target->iquery = $base->iquery; + } + } + $target->ifragment = $relative->ifragment; + } + } + else { + $target = clone $base; + $target->ifragment = null; + } + $target->scheme_normalization(); + return $target; + } + + /** + * Parse an IRI into scheme/authority/path/query/fragment segments + * + * @param string $iri + * @return array + */ + protected function parse_iri($iri) { + $iri = trim($iri, "\x20\x09\x0A\x0C\x0D"); + $has_match = preg_match('/^((?P[^:\/?#]+):)?(\/\/(?P[^\/?#]*))?(?P[^?#]*)(\?(?P[^#]*))?(#(?P.*))?$/', $iri, $match); + if (!$has_match) { + throw new Requests_Exception('Cannot parse supplied IRI', 'iri.cannot_parse', $iri); + } + + if ($match[1] === '') { + $match['scheme'] = null; + } + if (!isset($match[3]) || $match[3] === '') { + $match['authority'] = null; + } + if (!isset($match[5])) { + $match['path'] = ''; + } + if (!isset($match[6]) || $match[6] === '') { + $match['query'] = null; + } + if (!isset($match[8]) || $match[8] === '') { + $match['fragment'] = null; + } + return $match; + } + + /** + * Remove dot segments from a path + * + * @param string $input + * @return string + */ + protected function remove_dot_segments($input) { + $output = ''; + while (strpos($input, './') !== false || strpos($input, '/.') !== false || $input === '.' || $input === '..') { + // A: If the input buffer begins with a prefix of "../" or "./", + // then remove that prefix from the input buffer; otherwise, + if (strpos($input, '../') === 0) { + $input = substr($input, 3); + } + elseif (strpos($input, './') === 0) { + $input = substr($input, 2); + } + // B: if the input buffer begins with a prefix of "/./" or "/.", + // where "." is a complete path segment, then replace that prefix + // with "/" in the input buffer; otherwise, + elseif (strpos($input, '/./') === 0) { + $input = substr($input, 2); + } + elseif ($input === '/.') { + $input = '/'; + } + // C: if the input buffer begins with a prefix of "/../" or "/..", + // where ".." is a complete path segment, then replace that prefix + // with "/" in the input buffer and remove the last segment and its + // preceding "/" (if any) from the output buffer; otherwise, + elseif (strpos($input, '/../') === 0) { + $input = substr($input, 3); + $output = substr_replace($output, '', strrpos($output, '/')); + } + elseif ($input === '/..') { + $input = '/'; + $output = substr_replace($output, '', strrpos($output, '/')); + } + // D: if the input buffer consists only of "." or "..", then remove + // that from the input buffer; otherwise, + elseif ($input === '.' || $input === '..') { + $input = ''; + } + // E: move the first path segment in the input buffer to the end of + // the output buffer, including the initial "/" character (if any) + // and any subsequent characters up to, but not including, the next + // "/" character or the end of the input buffer + elseif (($pos = strpos($input, '/', 1)) !== false) { + $output .= substr($input, 0, $pos); + $input = substr_replace($input, '', 0, $pos); + } + else { + $output .= $input; + $input = ''; + } + } + return $output . $input; + } + + /** + * Replace invalid character with percent encoding + * + * @param string $string Input string + * @param string $extra_chars Valid characters not in iunreserved or + * iprivate (this is ASCII-only) + * @param bool $iprivate Allow iprivate + * @return string + */ + protected function replace_invalid_with_pct_encoding($string, $extra_chars, $iprivate = false) { + // Normalize as many pct-encoded sections as possible + $string = preg_replace_callback('/(?:%[A-Fa-f0-9]{2})+/', array(&$this, 'remove_iunreserved_percent_encoded'), $string); + + // Replace invalid percent characters + $string = preg_replace('/%(?![A-Fa-f0-9]{2})/', '%25', $string); + + // Add unreserved and % to $extra_chars (the latter is safe because all + // pct-encoded sections are now valid). + $extra_chars .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~%'; + + // Now replace any bytes that aren't allowed with their pct-encoded versions + $position = 0; + $strlen = strlen($string); + while (($position += strspn($string, $extra_chars, $position)) < $strlen) { + $value = ord($string[$position]); + + // Start position + $start = $position; + + // By default we are valid + $valid = true; + + // No one byte sequences are valid due to the while. + // Two byte sequence: + if (($value & 0xE0) === 0xC0) { + $character = ($value & 0x1F) << 6; + $length = 2; + $remaining = 1; + } + // Three byte sequence: + elseif (($value & 0xF0) === 0xE0) { + $character = ($value & 0x0F) << 12; + $length = 3; + $remaining = 2; + } + // Four byte sequence: + elseif (($value & 0xF8) === 0xF0) { + $character = ($value & 0x07) << 18; + $length = 4; + $remaining = 3; + } + // Invalid byte: + else { + $valid = false; + $length = 1; + $remaining = 0; + } + + if ($remaining) { + if ($position + $length <= $strlen) { + for ($position++; $remaining; $position++) { + $value = ord($string[$position]); + + // Check that the byte is valid, then add it to the character: + if (($value & 0xC0) === 0x80) { + $character |= ($value & 0x3F) << (--$remaining * 6); + } + // If it is invalid, count the sequence as invalid and reprocess the current byte: + else { + $valid = false; + $position--; + break; + } + } + } + else { + $position = $strlen - 1; + $valid = false; + } + } + + // Percent encode anything invalid or not in ucschar + if ( + // Invalid sequences + !$valid + // Non-shortest form sequences are invalid + || $length > 1 && $character <= 0x7F + || $length > 2 && $character <= 0x7FF + || $length > 3 && $character <= 0xFFFF + // Outside of range of ucschar codepoints + // Noncharacters + || ($character & 0xFFFE) === 0xFFFE + || $character >= 0xFDD0 && $character <= 0xFDEF + || ( + // Everything else not in ucschar + $character > 0xD7FF && $character < 0xF900 + || $character < 0xA0 + || $character > 0xEFFFD + ) + && ( + // Everything not in iprivate, if it applies + !$iprivate + || $character < 0xE000 + || $character > 0x10FFFD + ) + ) { + // If we were a character, pretend we weren't, but rather an error. + if ($valid) { + $position--; + } + + for ($j = $start; $j <= $position; $j++) { + $string = substr_replace($string, sprintf('%%%02X', ord($string[$j])), $j, 1); + $j += 2; + $position += 2; + $strlen += 2; + } + } + } + + return $string; + } + + /** + * Callback function for preg_replace_callback. + * + * Removes sequences of percent encoded bytes that represent UTF-8 + * encoded characters in iunreserved + * + * @param array $match PCRE match + * @return string Replacement + */ + protected function remove_iunreserved_percent_encoded($match) { + // As we just have valid percent encoded sequences we can just explode + // and ignore the first member of the returned array (an empty string). + $bytes = explode('%', $match[0]); + + // Initialize the new string (this is what will be returned) and that + // there are no bytes remaining in the current sequence (unsurprising + // at the first byte!). + $string = ''; + $remaining = 0; + + // Loop over each and every byte, and set $value to its value + for ($i = 1, $len = count($bytes); $i < $len; $i++) { + $value = hexdec($bytes[$i]); + + // If we're the first byte of sequence: + if (!$remaining) { + // Start position + $start = $i; + + // By default we are valid + $valid = true; + + // One byte sequence: + if ($value <= 0x7F) { + $character = $value; + $length = 1; + } + // Two byte sequence: + elseif (($value & 0xE0) === 0xC0) { + $character = ($value & 0x1F) << 6; + $length = 2; + $remaining = 1; + } + // Three byte sequence: + elseif (($value & 0xF0) === 0xE0) { + $character = ($value & 0x0F) << 12; + $length = 3; + $remaining = 2; + } + // Four byte sequence: + elseif (($value & 0xF8) === 0xF0) { + $character = ($value & 0x07) << 18; + $length = 4; + $remaining = 3; + } + // Invalid byte: + else { + $valid = false; + $remaining = 0; + } + } + // Continuation byte: + else { + // Check that the byte is valid, then add it to the character: + if (($value & 0xC0) === 0x80) { + $remaining--; + $character |= ($value & 0x3F) << ($remaining * 6); + } + // If it is invalid, count the sequence as invalid and reprocess the current byte as the start of a sequence: + else { + $valid = false; + $remaining = 0; + $i--; + } + } + + // If we've reached the end of the current byte sequence, append it to Unicode::$data + if (!$remaining) { + // Percent encode anything invalid or not in iunreserved + if ( + // Invalid sequences + !$valid + // Non-shortest form sequences are invalid + || $length > 1 && $character <= 0x7F + || $length > 2 && $character <= 0x7FF + || $length > 3 && $character <= 0xFFFF + // Outside of range of iunreserved codepoints + || $character < 0x2D + || $character > 0xEFFFD + // Noncharacters + || ($character & 0xFFFE) === 0xFFFE + || $character >= 0xFDD0 && $character <= 0xFDEF + // Everything else not in iunreserved (this is all BMP) + || $character === 0x2F + || $character > 0x39 && $character < 0x41 + || $character > 0x5A && $character < 0x61 + || $character > 0x7A && $character < 0x7E + || $character > 0x7E && $character < 0xA0 + || $character > 0xD7FF && $character < 0xF900 + ) { + for ($j = $start; $j <= $i; $j++) { + $string .= '%' . strtoupper($bytes[$j]); + } + } + else { + for ($j = $start; $j <= $i; $j++) { + $string .= chr(hexdec($bytes[$j])); + } + } + } + } + + // If we have any bytes left over they are invalid (i.e., we are + // mid-way through a multi-byte sequence) + if ($remaining) { + for ($j = $start; $j < $len; $j++) { + $string .= '%' . strtoupper($bytes[$j]); + } + } + + return $string; + } + + protected function scheme_normalization() { + if (isset($this->normalization[$this->scheme]['iuserinfo']) && $this->iuserinfo === $this->normalization[$this->scheme]['iuserinfo']) { + $this->iuserinfo = null; + } + if (isset($this->normalization[$this->scheme]['ihost']) && $this->ihost === $this->normalization[$this->scheme]['ihost']) { + $this->ihost = null; + } + if (isset($this->normalization[$this->scheme]['port']) && $this->port === $this->normalization[$this->scheme]['port']) { + $this->port = null; + } + if (isset($this->normalization[$this->scheme]['ipath']) && $this->ipath === $this->normalization[$this->scheme]['ipath']) { + $this->ipath = ''; + } + if (isset($this->ihost) && empty($this->ipath)) { + $this->ipath = '/'; + } + if (isset($this->normalization[$this->scheme]['iquery']) && $this->iquery === $this->normalization[$this->scheme]['iquery']) { + $this->iquery = null; + } + if (isset($this->normalization[$this->scheme]['ifragment']) && $this->ifragment === $this->normalization[$this->scheme]['ifragment']) { + $this->ifragment = null; + } + } + + /** + * Check if the object represents a valid IRI. This needs to be done on each + * call as some things change depending on another part of the IRI. + * + * @return bool + */ + public function is_valid() { + $isauthority = $this->iuserinfo !== null || $this->ihost !== null || $this->port !== null; + if ($this->ipath !== '' && + ( + $isauthority && ( + $this->ipath[0] !== '/' || + substr($this->ipath, 0, 2) === '//' + ) || + ( + $this->scheme === null && + !$isauthority && + strpos($this->ipath, ':') !== false && + (strpos($this->ipath, '/') === false ? true : strpos($this->ipath, ':') < strpos($this->ipath, '/')) + ) + ) + ) { + return false; + } + + return true; + } + + /** + * Set the entire IRI. Returns true on success, false on failure (if there + * are any invalid characters). + * + * @param string $iri + * @return bool + */ + protected function set_iri($iri) { + static $cache; + if (!$cache) { + $cache = array(); + } + + if ($iri === null) { + return true; + } + if (isset($cache[$iri])) { + list($this->scheme, + $this->iuserinfo, + $this->ihost, + $this->port, + $this->ipath, + $this->iquery, + $this->ifragment, + $return) = $cache[$iri]; + return $return; + } + + $parsed = $this->parse_iri((string) $iri); + + $return = $this->set_scheme($parsed['scheme']) + && $this->set_authority($parsed['authority']) + && $this->set_path($parsed['path']) + && $this->set_query($parsed['query']) + && $this->set_fragment($parsed['fragment']); + + $cache[$iri] = array($this->scheme, + $this->iuserinfo, + $this->ihost, + $this->port, + $this->ipath, + $this->iquery, + $this->ifragment, + $return); + return $return; + } + + /** + * Set the scheme. Returns true on success, false on failure (if there are + * any invalid characters). + * + * @param string $scheme + * @return bool + */ + protected function set_scheme($scheme) { + if ($scheme === null) { + $this->scheme = null; + } + elseif (!preg_match('/^[A-Za-z][0-9A-Za-z+\-.]*$/', $scheme)) { + $this->scheme = null; + return false; + } + else { + $this->scheme = strtolower($scheme); + } + return true; + } + + /** + * Set the authority. Returns true on success, false on failure (if there are + * any invalid characters). + * + * @param string $authority + * @return bool + */ + protected function set_authority($authority) { + static $cache; + if (!$cache) { + $cache = array(); + } + + if ($authority === null) { + $this->iuserinfo = null; + $this->ihost = null; + $this->port = null; + return true; + } + if (isset($cache[$authority])) { + list($this->iuserinfo, + $this->ihost, + $this->port, + $return) = $cache[$authority]; + + return $return; + } + + $remaining = $authority; + if (($iuserinfo_end = strrpos($remaining, '@')) !== false) { + $iuserinfo = substr($remaining, 0, $iuserinfo_end); + $remaining = substr($remaining, $iuserinfo_end + 1); + } + else { + $iuserinfo = null; + } + if (($port_start = strpos($remaining, ':', strpos($remaining, ']'))) !== false) { + $port = substr($remaining, $port_start + 1); + if ($port === false || $port === '') { + $port = null; + } + $remaining = substr($remaining, 0, $port_start); + } + else { + $port = null; + } + + $return = $this->set_userinfo($iuserinfo) && + $this->set_host($remaining) && + $this->set_port($port); + + $cache[$authority] = array($this->iuserinfo, + $this->ihost, + $this->port, + $return); + + return $return; + } + + /** + * Set the iuserinfo. + * + * @param string $iuserinfo + * @return bool + */ + protected function set_userinfo($iuserinfo) { + if ($iuserinfo === null) { + $this->iuserinfo = null; + } + else { + $this->iuserinfo = $this->replace_invalid_with_pct_encoding($iuserinfo, '!$&\'()*+,;=:'); + $this->scheme_normalization(); + } + + return true; + } + + /** + * Set the ihost. Returns true on success, false on failure (if there are + * any invalid characters). + * + * @param string $ihost + * @return bool + */ + protected function set_host($ihost) { + if ($ihost === null) { + $this->ihost = null; + return true; + } + if (substr($ihost, 0, 1) === '[' && substr($ihost, -1) === ']') { + if (Requests_IPv6::check_ipv6(substr($ihost, 1, -1))) { + $this->ihost = '[' . Requests_IPv6::compress(substr($ihost, 1, -1)) . ']'; + } + else { + $this->ihost = null; + return false; + } + } + else { + $ihost = $this->replace_invalid_with_pct_encoding($ihost, '!$&\'()*+,;='); + + // Lowercase, but ignore pct-encoded sections (as they should + // remain uppercase). This must be done after the previous step + // as that can add unescaped characters. + $position = 0; + $strlen = strlen($ihost); + while (($position += strcspn($ihost, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ%', $position)) < $strlen) { + if ($ihost[$position] === '%') { + $position += 3; + } + else { + $ihost[$position] = strtolower($ihost[$position]); + $position++; + } + } + + $this->ihost = $ihost; + } + + $this->scheme_normalization(); + + return true; + } + + /** + * Set the port. Returns true on success, false on failure (if there are + * any invalid characters). + * + * @param string $port + * @return bool + */ + protected function set_port($port) { + if ($port === null) { + $this->port = null; + return true; + } + + if (strspn($port, '0123456789') === strlen($port)) { + $this->port = (int) $port; + $this->scheme_normalization(); + return true; + } + + $this->port = null; + return false; + } + + /** + * Set the ipath. + * + * @param string $ipath + * @return bool + */ + protected function set_path($ipath) { + static $cache; + if (!$cache) { + $cache = array(); + } + + $ipath = (string) $ipath; + + if (isset($cache[$ipath])) { + $this->ipath = $cache[$ipath][(int) ($this->scheme !== null)]; + } + else { + $valid = $this->replace_invalid_with_pct_encoding($ipath, '!$&\'()*+,;=@:/'); + $removed = $this->remove_dot_segments($valid); + + $cache[$ipath] = array($valid, $removed); + $this->ipath = ($this->scheme !== null) ? $removed : $valid; + } + $this->scheme_normalization(); + return true; + } + + /** + * Set the iquery. + * + * @param string $iquery + * @return bool + */ + protected function set_query($iquery) { + if ($iquery === null) { + $this->iquery = null; + } + else { + $this->iquery = $this->replace_invalid_with_pct_encoding($iquery, '!$&\'()*+,;=:@/?', true); + $this->scheme_normalization(); + } + return true; + } + + /** + * Set the ifragment. + * + * @param string $ifragment + * @return bool + */ + protected function set_fragment($ifragment) { + if ($ifragment === null) { + $this->ifragment = null; + } + else { + $this->ifragment = $this->replace_invalid_with_pct_encoding($ifragment, '!$&\'()*+,;=:@/?'); + $this->scheme_normalization(); + } + return true; + } + + /** + * Convert an IRI to a URI (or parts thereof) + * + * @param string|bool IRI to convert (or false from {@see get_iri}) + * @return string|false URI if IRI is valid, false otherwise. + */ + protected function to_uri($string) { + if (!is_string($string)) { + return false; + } + + static $non_ascii; + if (!$non_ascii) { + $non_ascii = implode('', range("\x80", "\xFF")); + } + + $position = 0; + $strlen = strlen($string); + while (($position += strcspn($string, $non_ascii, $position)) < $strlen) { + $string = substr_replace($string, sprintf('%%%02X', ord($string[$position])), $position, 1); + $position += 3; + $strlen += 2; + } + + return $string; + } + + /** + * Get the complete IRI + * + * @return string + */ + protected function get_iri() { + if (!$this->is_valid()) { + return false; + } + + $iri = ''; + if ($this->scheme !== null) { + $iri .= $this->scheme . ':'; + } + if (($iauthority = $this->get_iauthority()) !== null) { + $iri .= '//' . $iauthority; + } + $iri .= $this->ipath; + if ($this->iquery !== null) { + $iri .= '?' . $this->iquery; + } + if ($this->ifragment !== null) { + $iri .= '#' . $this->ifragment; + } + + return $iri; + } + + /** + * Get the complete URI + * + * @return string + */ + protected function get_uri() { + return $this->to_uri($this->get_iri()); + } + + /** + * Get the complete iauthority + * + * @return string + */ + protected function get_iauthority() { + if ($this->iuserinfo === null && $this->ihost === null && $this->port === null) { + return null; + } + + $iauthority = ''; + if ($this->iuserinfo !== null) { + $iauthority .= $this->iuserinfo . '@'; + } + if ($this->ihost !== null) { + $iauthority .= $this->ihost; + } + if ($this->port !== null) { + $iauthority .= ':' . $this->port; + } + return $iauthority; + } + + /** + * Get the complete authority + * + * @return string + */ + protected function get_authority() { + $iauthority = $this->get_iauthority(); + if (is_string($iauthority)) { + return $this->to_uri($iauthority); + } + else { + return $iauthority; + } + } +} diff --git a/wp-includes/Requests/Proxy.php b/wp-includes/Requests/Proxy.php new file mode 100644 index 0000000000..ac7c1d6b08 --- /dev/null +++ b/wp-includes/Requests/Proxy.php @@ -0,0 +1,35 @@ +proxy = $args; + } + elseif (is_array($args)) { + if (count($args) == 1) { + list($this->proxy) = $args; + } + elseif (count($args) == 3) { + list($this->proxy, $this->user, $this->pass) = $args; + $this->use_authentication = true; + } + else { + throw new Requests_Exception('Invalid number of arguments', 'proxyhttpbadargs'); + } + } + } + + /** + * Register the necessary callbacks + * + * @since 1.6 + * @see curl_before_send + * @see fsockopen_remote_socket + * @see fsockopen_remote_host_path + * @see fsockopen_header + * @param Requests_Hooks $hooks Hook system + */ + public function register(Requests_Hooks &$hooks) { + $hooks->register('curl.before_send', array(&$this, 'curl_before_send')); + + $hooks->register('fsockopen.remote_socket', array(&$this, 'fsockopen_remote_socket')); + $hooks->register('fsockopen.remote_host_path', array(&$this, 'fsockopen_remote_host_path')); + if ($this->use_authentication) { + $hooks->register('fsockopen.after_headers', array(&$this, 'fsockopen_header')); + } + } + + /** + * Set cURL parameters before the data is sent + * + * @since 1.6 + * @param resource $handle cURL resource + */ + public function curl_before_send(&$handle) { + curl_setopt($handle, CURLOPT_PROXYTYPE, CURLPROXY_HTTP); + curl_setopt($handle, CURLOPT_PROXY, $this->proxy); + + if ($this->use_authentication) { + curl_setopt($handle, CURLOPT_PROXYAUTH, CURLAUTH_ANY); + curl_setopt($handle, CURLOPT_PROXYUSERPWD, $this->get_auth_string()); + } + } + + /** + * Alter remote socket information before opening socket connection + * + * @since 1.6 + * @param string $remote_socket Socket connection string + */ + public function fsockopen_remote_socket(&$remote_socket) { + $remote_socket = $this->proxy; + } + + /** + * Alter remote path before getting stream data + * + * @since 1.6 + * @param string $path Path to send in HTTP request string ("GET ...") + * @param string $url Full URL we're requesting + */ + public function fsockopen_remote_host_path(&$path, $url) { + $path = $url; + } + + /** + * Add extra headers to the request before sending + * + * @since 1.6 + * @param string $out HTTP header string + */ + public function fsockopen_header(&$out) { + $out .= sprintf("Proxy-Authorization: Basic %s\r\n", base64_encode($this->get_auth_string())); + } + + /** + * Get the authentication string (user:pass) + * + * @since 1.6 + * @return string + */ + public function get_auth_string() { + return $this->user . ':' . $this->pass; + } +} \ No newline at end of file diff --git a/wp-includes/Requests/Response.php b/wp-includes/Requests/Response.php new file mode 100644 index 0000000000..3152fb6dca --- /dev/null +++ b/wp-includes/Requests/Response.php @@ -0,0 +1,121 @@ +headers = new Requests_Response_Headers(); + $this->cookies = new Requests_Cookie_Jar(); + } + + /** + * Response body + * + * @var string + */ + public $body = ''; + + /** + * Raw HTTP data from the transport + * + * @var string + */ + public $raw = ''; + + /** + * Headers, as an associative array + * + * @var Requests_Response_Headers Array-like object representing headers + */ + public $headers = array(); + + /** + * Status code, false if non-blocking + * + * @var integer|boolean + */ + public $status_code = false; + + /** + * Protocol version, false if non-blocking + * @var float|boolean + */ + public $protocol_version = false; + + /** + * Whether the request succeeded or not + * + * @var boolean + */ + public $success = false; + + /** + * Number of redirects the request used + * + * @var integer + */ + public $redirects = 0; + + /** + * URL requested + * + * @var string + */ + public $url = ''; + + /** + * Previous requests (from redirects) + * + * @var array Array of Requests_Response objects + */ + public $history = array(); + + /** + * Cookies from the request + * + * @var Requests_Cookie_Jar Array-like object representing a cookie jar + */ + public $cookies = array(); + + /** + * Is the response a redirect? + * + * @return boolean True if redirect (3xx status), false if not. + */ + public function is_redirect() { + $code = $this->status_code; + return in_array($code, array(300, 301, 302, 303, 307)) || $code > 307 && $code < 400; + } + + /** + * Throws an exception if the request was not successful + * + * @throws Requests_Exception If `$allow_redirects` is false, and code is 3xx (`response.no_redirects`) + * @throws Requests_Exception_HTTP On non-successful status code. Exception class corresponds to code (e.g. {@see Requests_Exception_HTTP_404}) + * @param boolean $allow_redirects Set to false to throw on a 3xx as well + */ + public function throw_for_status($allow_redirects = true) { + if ($this->is_redirect()) { + if (!$allow_redirects) { + throw new Requests_Exception('Redirection not allowed', 'response.no_redirects', $this); + } + } + elseif (!$this->success) { + $exception = Requests_Exception_HTTP::get_class($this->status_code); + throw new $exception(null, $this); + } + } +} diff --git a/wp-includes/Requests/Response/Headers.php b/wp-includes/Requests/Response/Headers.php new file mode 100644 index 0000000000..cc6a20872e --- /dev/null +++ b/wp-includes/Requests/Response/Headers.php @@ -0,0 +1,98 @@ +data[$key])) { + return null; + } + + return $this->flatten($this->data[$key]); + } + + /** + * Set the given item + * + * @throws Requests_Exception On attempting to use dictionary as list (`invalidset`) + * + * @param string $key Item name + * @param string $value Item value + */ + public function offsetSet($key, $value) { + if ($key === null) { + throw new Requests_Exception('Object is a dictionary, not a list', 'invalidset'); + } + + $key = strtolower($key); + + if (!isset($this->data[$key])) { + $this->data[$key] = array(); + } + + $this->data[$key][] = $value; + } + + /** + * Get all values for a given header + * + * @param string $key + * @return array Header values + */ + public function getValues($key) { + $key = strtolower($key); + if (!isset($this->data[$key])) { + return null; + } + + return $this->data[$key]; + } + + /** + * Flattens a value into a string + * + * Converts an array into a string by imploding values with a comma, as per + * RFC2616's rules for folding headers. + * + * @param string|array $value Value to flatten + * @return string Flattened value + */ + public function flatten($value) { + if (is_array($value)) { + $value = implode(',', $value); + } + + return $value; + } + + /** + * Get an iterator for the data + * + * Converts the internal + * @return ArrayIterator + */ + public function getIterator() { + return new Requests_Utility_FilteredIterator($this->data, array($this, 'flatten')); + } +} diff --git a/wp-includes/Requests/SSL.php b/wp-includes/Requests/SSL.php new file mode 100644 index 0000000000..c227f7553f --- /dev/null +++ b/wp-includes/Requests/SSL.php @@ -0,0 +1,152 @@ +useragent = 'X';` + * + * @var array + */ + public $options = array(); + + /** + * Create a new session + * + * @param string|null $url Base URL for requests + * @param array $headers Default headers for requests + * @param array $data Default data for requests + * @param array $options Default options for requests + */ + public function __construct($url = null, $headers = array(), $data = array(), $options = array()) { + $this->url = $url; + $this->headers = $headers; + $this->data = $data; + $this->options = $options; + + if (empty($this->options['cookies'])) { + $this->options['cookies'] = new Requests_Cookie_Jar(); + } + } + + /** + * Get a property's value + * + * @param string $key Property key + * @return mixed|null Property value, null if none found + */ + public function __get($key) { + if (isset($this->options[$key])) { + return $this->options[$key]; + } + + return null; + } + + /** + * Set a property's value + * + * @param string $key Property key + * @param mixed $value Property value + */ + public function __set($key, $value) { + $this->options[$key] = $value; + } + + /** + * Remove a property's value + * + * @param string $key Property key + */ + public function __isset($key) { + return isset($this->options[$key]); + } + + /** + * Remove a property's value + * + * @param string $key Property key + */ + public function __unset($key) { + if (isset($this->options[$key])) { + unset($this->options[$key]); + } + } + + /**#@+ + * @see request() + * @param string $url + * @param array $headers + * @param array $options + * @return Requests_Response + */ + /** + * Send a GET request + */ + public function get($url, $headers = array(), $options = array()) { + return $this->request($url, $headers, null, Requests::GET, $options); + } + + /** + * Send a HEAD request + */ + public function head($url, $headers = array(), $options = array()) { + return $this->request($url, $headers, null, Requests::HEAD, $options); + } + + /** + * Send a DELETE request + */ + public function delete($url, $headers = array(), $options = array()) { + return $this->request($url, $headers, null, Requests::DELETE, $options); + } + /**#@-*/ + + /**#@+ + * @see request() + * @param string $url + * @param array $headers + * @param array $data + * @param array $options + * @return Requests_Response + */ + /** + * Send a POST request + */ + public function post($url, $headers = array(), $data = array(), $options = array()) { + return $this->request($url, $headers, $data, Requests::POST, $options); + } + + /** + * Send a PUT request + */ + public function put($url, $headers = array(), $data = array(), $options = array()) { + return $this->request($url, $headers, $data, Requests::PUT, $options); + } + + /** + * Send a PATCH request + * + * Note: Unlike {@see post} and {@see put}, `$headers` is required, as the + * specification recommends that should send an ETag + * + * @link http://tools.ietf.org/html/rfc5789 + */ + public function patch($url, $headers, $data = array(), $options = array()) { + return $this->request($url, $headers, $data, Requests::PATCH, $options); + } + /**#@-*/ + + /** + * Main interface for HTTP requests + * + * This method initiates a request and sends it via a transport before + * parsing. + * + * @see Requests::request() + * + * @throws Requests_Exception On invalid URLs (`nonhttp`) + * + * @param string $url URL to request + * @param array $headers Extra headers to send with the request + * @param array|null $data Data to send either as a query string for GET/HEAD requests, or in the body for POST requests + * @param string $type HTTP request type (use Requests constants) + * @param array $options Options for the request (see {@see Requests::request}) + * @return Requests_Response + */ + public function request($url, $headers = array(), $data = array(), $type = Requests::GET, $options = array()) { + $request = $this->merge_request(compact('url', 'headers', 'data', 'options')); + + return Requests::request($request['url'], $request['headers'], $request['data'], $type, $request['options']); + } + + /** + * Send multiple HTTP requests simultaneously + * + * @see Requests::request_multiple() + * + * @param array $requests Requests data (see {@see Requests::request_multiple}) + * @param array $options Global and default options (see {@see Requests::request}) + * @return array Responses (either Requests_Response or a Requests_Exception object) + */ + public function request_multiple($requests, $options = array()) { + foreach ($requests as $key => $request) { + $requests[$key] = $this->merge_request($request, false); + } + + $options = array_merge($this->options, $options); + + // Disallow forcing the type, as that's a per request setting + unset($options['type']); + + return Requests::request_multiple($requests, $options); + } + + /** + * Merge a request's data with the default data + * + * @param array $request Request data (same form as {@see request_multiple}) + * @param boolean $merge_options Should we merge options as well? + * @return array Request data + */ + protected function merge_request($request, $merge_options = true) { + if ($this->url !== null) { + $request['url'] = Requests_IRI::absolutize($this->url, $request['url']); + $request['url'] = $request['url']->uri; + } + + if (empty($request['headers'])) { + $request['headers'] = array(); + } + $request['headers'] = array_merge($this->headers, $request['headers']); + + if (empty($request['data'])) { + if (is_array($this->data)) { + $request['data'] = $this->data; + } + } + elseif (is_array($request['data']) && is_array($this->data)) { + $request['data'] = array_merge($this->data, $request['data']); + } + + if ($merge_options !== false) { + $request['options'] = array_merge($this->options, $request['options']); + + // Disallow forcing the type, as that's a per request setting + unset($request['options']['type']); + } + + return $request; + } +} diff --git a/wp-includes/Requests/Transport.php b/wp-includes/Requests/Transport.php new file mode 100644 index 0000000000..7e4a26293a --- /dev/null +++ b/wp-includes/Requests/Transport.php @@ -0,0 +1,41 @@ +version = $curl['version_number']; + $this->handle = curl_init(); + + curl_setopt($this->handle, CURLOPT_HEADER, false); + curl_setopt($this->handle, CURLOPT_RETURNTRANSFER, 1); + if ($this->version >= self::CURL_7_10_5) { + curl_setopt($this->handle, CURLOPT_ENCODING, ''); + } + if (defined('CURLOPT_PROTOCOLS')) { + curl_setopt($this->handle, CURLOPT_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS); + } + if (defined('CURLOPT_REDIR_PROTOCOLS')) { + curl_setopt($this->handle, CURLOPT_REDIR_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS); + } + } + + /** + * Destructor + */ + public function __destruct() { + if (is_resource($this->handle)) { + curl_close($this->handle); + } + } + + /** + * Perform a request + * + * @throws Requests_Exception On a cURL error (`curlerror`) + * + * @param string $url URL to request + * @param array $headers Associative array of request headers + * @param string|array $data Data to send either as the POST body, or as parameters in the URL for a GET/HEAD + * @param array $options Request options, see {@see Requests::response()} for documentation + * @return string Raw HTTP result + */ + public function request($url, $headers = array(), $data = array(), $options = array()) { + $this->hooks = $options['hooks']; + + $this->setup_handle($url, $headers, $data, $options); + + $options['hooks']->dispatch('curl.before_send', array(&$this->handle)); + + if ($options['filename'] !== false) { + $this->stream_handle = fopen($options['filename'], 'wb'); + } + + $this->response_data = ''; + $this->response_bytes = 0; + $this->response_byte_limit = false; + if ($options['max_bytes'] !== false) { + $this->response_byte_limit = $options['max_bytes']; + } + + if (isset($options['verify'])) { + if ($options['verify'] === false) { + curl_setopt($this->handle, CURLOPT_SSL_VERIFYHOST, 0); + curl_setopt($this->handle, CURLOPT_SSL_VERIFYPEER, 0); + } + elseif (is_string($options['verify'])) { + curl_setopt($this->handle, CURLOPT_CAINFO, $options['verify']); + } + } + + if (isset($options['verifyname']) && $options['verifyname'] === false) { + curl_setopt($this->handle, CURLOPT_SSL_VERIFYHOST, 0); + } + + curl_exec($this->handle); + $response = $this->response_data; + + $options['hooks']->dispatch('curl.after_send', array()); + + if (curl_errno($this->handle) === 23 || curl_errno($this->handle) === 61) { + // Reset encoding and try again + curl_setopt($this->handle, CURLOPT_ENCODING, 'none'); + + $this->response_data = ''; + $this->response_bytes = 0; + curl_exec($this->handle); + $response = $this->response_data; + } + + $this->process_response($response, $options); + + // Need to remove the $this reference from the curl handle. + // Otherwise Requests_Transport_cURL wont be garbage collected and the curl_close() will never be called. + curl_setopt($this->handle, CURLOPT_HEADERFUNCTION, null); + curl_setopt($this->handle, CURLOPT_WRITEFUNCTION, null); + + return $this->headers; + } + + /** + * Send multiple requests simultaneously + * + * @param array $requests Request data + * @param array $options Global options + * @return array Array of Requests_Response objects (may contain Requests_Exception or string responses as well) + */ + public function request_multiple($requests, $options) { + // If you're not requesting, we can't get any responses ¯\_(ツ)_/¯ + if (empty($requests)) { + return array(); + } + + $multihandle = curl_multi_init(); + $subrequests = array(); + $subhandles = array(); + + $class = get_class($this); + foreach ($requests as $id => $request) { + $subrequests[$id] = new $class(); + $subhandles[$id] = $subrequests[$id]->get_subrequest_handle($request['url'], $request['headers'], $request['data'], $request['options']); + $request['options']['hooks']->dispatch('curl.before_multi_add', array(&$subhandles[$id])); + curl_multi_add_handle($multihandle, $subhandles[$id]); + } + + $completed = 0; + $responses = array(); + + $request['options']['hooks']->dispatch('curl.before_multi_exec', array(&$multihandle)); + + do { + $active = false; + + do { + $status = curl_multi_exec($multihandle, $active); + } + while ($status === CURLM_CALL_MULTI_PERFORM); + + $to_process = array(); + + // Read the information as needed + while ($done = curl_multi_info_read($multihandle)) { + $key = array_search($done['handle'], $subhandles, true); + if (!isset($to_process[$key])) { + $to_process[$key] = $done; + } + } + + // Parse the finished requests before we start getting the new ones + foreach ($to_process as $key => $done) { + $options = $requests[$key]['options']; + if (CURLE_OK !== $done['result']) { + //get error string for handle. + $reason = curl_error($done['handle']); + $exception = new Requests_Exception_Transport_cURL( + $reason, + Requests_Exception_Transport_cURL::EASY, + $done['handle'], + $done['result'] + ); + $responses[$key] = $exception; + $options['hooks']->dispatch('transport.internal.parse_error', array(&$responses[$key], $requests[$key])); + } + else { + $responses[$key] = $subrequests[$key]->process_response($subrequests[$key]->response_data, $options); + + $options['hooks']->dispatch('transport.internal.parse_response', array(&$responses[$key], $requests[$key])); + } + + curl_multi_remove_handle($multihandle, $done['handle']); + curl_close($done['handle']); + + if (!is_string($responses[$key])) { + $options['hooks']->dispatch('multiple.request.complete', array(&$responses[$key], $key)); + } + $completed++; + } + } + while ($active || $completed < count($subrequests)); + + $request['options']['hooks']->dispatch('curl.after_multi_exec', array(&$multihandle)); + + curl_multi_close($multihandle); + + return $responses; + } + + /** + * Get the cURL handle for use in a multi-request + * + * @param string $url URL to request + * @param array $headers Associative array of request headers + * @param string|array $data Data to send either as the POST body, or as parameters in the URL for a GET/HEAD + * @param array $options Request options, see {@see Requests::response()} for documentation + * @return resource Subrequest's cURL handle + */ + public function &get_subrequest_handle($url, $headers, $data, $options) { + $this->setup_handle($url, $headers, $data, $options); + + if ($options['filename'] !== false) { + $this->stream_handle = fopen($options['filename'], 'wb'); + } + + $this->response_data = ''; + $this->response_bytes = 0; + $this->response_byte_limit = false; + if ($options['max_bytes'] !== false) { + $this->response_byte_limit = $options['max_bytes']; + } + $this->hooks = $options['hooks']; + + return $this->handle; + } + + /** + * Setup the cURL handle for the given data + * + * @param string $url URL to request + * @param array $headers Associative array of request headers + * @param string|array $data Data to send either as the POST body, or as parameters in the URL for a GET/HEAD + * @param array $options Request options, see {@see Requests::response()} for documentation + */ + protected function setup_handle($url, $headers, $data, $options) { + $options['hooks']->dispatch('curl.before_request', array(&$this->handle)); + + $headers = Requests::flatten($headers); + + if (!empty($data)) { + $data_format = $options['data_format']; + + if ($data_format === 'query') { + $url = self::format_get($url, $data); + $data = ''; + } + elseif (!is_string($data)) { + $data = http_build_query($data, null, '&'); + } + } + + switch ($options['type']) { + case Requests::POST: + curl_setopt($this->handle, CURLOPT_POST, true); + curl_setopt($this->handle, CURLOPT_POSTFIELDS, $data); + break; + case Requests::PATCH: + case Requests::PUT: + case Requests::DELETE: + case Requests::OPTIONS: + curl_setopt($this->handle, CURLOPT_CUSTOMREQUEST, $options['type']); + curl_setopt($this->handle, CURLOPT_POSTFIELDS, $data); + break; + case Requests::HEAD: + curl_setopt($this->handle, CURLOPT_CUSTOMREQUEST, $options['type']); + curl_setopt($this->handle, CURLOPT_NOBODY, true); + break; + case Requests::TRACE: + curl_setopt($this->handle, CURLOPT_CUSTOMREQUEST, $options['type']); + break; + } + + if (is_int($options['timeout']) || $this->version < self::CURL_7_16_2) { + curl_setopt($this->handle, CURLOPT_TIMEOUT, ceil($options['timeout'])); + } + else { + curl_setopt($this->handle, CURLOPT_TIMEOUT_MS, round($options['timeout'] * 1000)); + } + + if (is_int($options['connect_timeout']) || $this->version < self::CURL_7_16_2) { + curl_setopt($this->handle, CURLOPT_CONNECTTIMEOUT, ceil($options['connect_timeout'])); + } + else { + curl_setopt($this->handle, CURLOPT_CONNECTTIMEOUT_MS, round($options['connect_timeout'] * 1000)); + } + curl_setopt($this->handle, CURLOPT_URL, $url); + curl_setopt($this->handle, CURLOPT_REFERER, $url); + curl_setopt($this->handle, CURLOPT_USERAGENT, $options['useragent']); + curl_setopt($this->handle, CURLOPT_HTTPHEADER, $headers); + + if ($options['protocol_version'] === 1.1) { + curl_setopt($this->handle, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1); + } + else { + curl_setopt($this->handle, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0); + } + + if (true === $options['blocking']) { + curl_setopt($this->handle, CURLOPT_HEADERFUNCTION, array(&$this, 'stream_headers')); + curl_setopt($this->handle, CURLOPT_WRITEFUNCTION, array(&$this, 'stream_body')); + curl_setopt($this->handle, CURLOPT_BUFFERSIZE, Requests::BUFFER_SIZE); + } + } + + /** + * Process a response + * + * @param string $response Response data from the body + * @param array $options Request options + * @return string HTTP response data including headers + */ + public function process_response($response, $options) { + if ($options['blocking'] === false) { + $fake_headers = ''; + $options['hooks']->dispatch('curl.after_request', array(&$fake_headers)); + return false; + } + if ($options['filename'] !== false) { + fclose($this->stream_handle); + $this->headers = trim($this->headers); + } + else { + $this->headers .= $response; + } + + if (curl_errno($this->handle)) { + $error = sprintf( + 'cURL error %s: %s', + curl_errno($this->handle), + curl_error($this->handle) + ); + throw new Requests_Exception($error, 'curlerror', $this->handle); + } + $this->info = curl_getinfo($this->handle); + + $options['hooks']->dispatch('curl.after_request', array(&$this->headers, &$this->info)); + return $this->headers; + } + + /** + * Collect the headers as they are received + * + * @param resource $handle cURL resource + * @param string $headers Header string + * @return integer Length of provided header + */ + public function stream_headers($handle, $headers) { + // Why do we do this? cURL will send both the final response and any + // interim responses, such as a 100 Continue. We don't need that. + // (We may want to keep this somewhere just in case) + if ($this->done_headers) { + $this->headers = ''; + $this->done_headers = false; + } + $this->headers .= $headers; + + if ($headers === "\r\n") { + $this->done_headers = true; + } + return strlen($headers); + } + + /** + * Collect data as it's received + * + * @since 1.6.1 + * + * @param resource $handle cURL resource + * @param string $data Body data + * @return integer Length of provided data + */ + protected function stream_body($handle, $data) { + $this->hooks->dispatch('request.progress', array($data, $this->response_bytes, $this->response_byte_limit)); + $data_length = strlen($data); + + // Are we limiting the response size? + if ($this->response_byte_limit) { + if ($this->response_bytes === $this->response_byte_limit) { + // Already at maximum, move on + return $data_length; + } + + if (($this->response_bytes + $data_length) > $this->response_byte_limit) { + // Limit the length + $limited_length = ($this->response_byte_limit - $this->response_bytes); + $data = substr($data, 0, $limited_length); + } + } + + if ($this->stream_handle) { + fwrite($this->stream_handle, $data); + } + else { + $this->response_data .= $data; + } + + $this->response_bytes += strlen($data); + return $data_length; + } + + /** + * Format a URL given GET data + * + * @param string $url + * @param array|object $data Data to build query using, see {@see http://php.net/http_build_query} + * @return string URL with data + */ + protected static function format_get($url, $data) { + if (!empty($data)) { + $url_parts = parse_url($url); + if (empty($url_parts['query'])) { + $query = $url_parts['query'] = ''; + } + else { + $query = $url_parts['query']; + } + + $query .= '&' . http_build_query($data, null, '&'); + $query = trim($query, '&'); + + if (empty($url_parts['query'])) { + $url .= '?' . $query; + } + else { + $url = str_replace($url_parts['query'], $query, $url); + } + } + return $url; + } + + /** + * Whether this transport is valid + * + * @codeCoverageIgnore + * @return boolean True if the transport is valid, false otherwise. + */ + public static function test($capabilities = array()) { + if (!function_exists('curl_init') && !function_exists('curl_exec')) { + return false; + } + + // If needed, check that our installed curl version supports SSL + if (isset($capabilities['ssl']) && $capabilities['ssl']) { + $curl_version = curl_version(); + if (!(CURL_VERSION_SSL & $curl_version['features'])) { + return false; + } + } + + return true; + } +} diff --git a/wp-includes/Requests/Transport/fsockopen.php b/wp-includes/Requests/Transport/fsockopen.php new file mode 100644 index 0000000000..a8db94b502 --- /dev/null +++ b/wp-includes/Requests/Transport/fsockopen.php @@ -0,0 +1,441 @@ +dispatch('fsockopen.before_request'); + + $url_parts = parse_url($url); + if (empty($url_parts)) { + throw new Requests_Exception('Invalid URL.', 'invalidurl', $url); + } + $host = $url_parts['host']; + $context = stream_context_create(); + $verifyname = false; + $case_insensitive_headers = new Requests_Utility_CaseInsensitiveDictionary($headers); + + // HTTPS support + if (isset($url_parts['scheme']) && strtolower($url_parts['scheme']) === 'https') { + $remote_socket = 'ssl://' . $host; + $url_parts['port'] = 443; + + $context_options = array( + 'verify_peer' => true, + // 'CN_match' => $host, + 'capture_peer_cert' => true + ); + $verifyname = true; + + // SNI, if enabled (OpenSSL >=0.9.8j) + if (defined('OPENSSL_TLSEXT_SERVER_NAME') && OPENSSL_TLSEXT_SERVER_NAME) { + $context_options['SNI_enabled'] = true; + if (isset($options['verifyname']) && $options['verifyname'] === false) { + $context_options['SNI_enabled'] = false; + } + } + + if (isset($options['verify'])) { + if ($options['verify'] === false) { + $context_options['verify_peer'] = false; + } + elseif (is_string($options['verify'])) { + $context_options['cafile'] = $options['verify']; + } + } + + if (isset($options['verifyname']) && $options['verifyname'] === false) { + $verifyname = false; + } + + stream_context_set_option($context, array('ssl' => $context_options)); + } + else { + $remote_socket = 'tcp://' . $host; + } + + $this->max_bytes = $options['max_bytes']; + + if (!isset($url_parts['port'])) { + $url_parts['port'] = 80; + } + $remote_socket .= ':' . $url_parts['port']; + + set_error_handler(array($this, 'connect_error_handler'), E_WARNING | E_NOTICE); + + $options['hooks']->dispatch('fsockopen.remote_socket', array(&$remote_socket)); + + $socket = stream_socket_client($remote_socket, $errno, $errstr, ceil($options['connect_timeout']), STREAM_CLIENT_CONNECT, $context); + + restore_error_handler(); + + if ($verifyname && !$this->verify_certificate_from_context($host, $context)) { + throw new Requests_Exception('SSL certificate did not match the requested domain name', 'ssl.no_match'); + } + + if (!$socket) { + if ($errno === 0) { + // Connection issue + throw new Requests_Exception(rtrim($this->connect_error), 'fsockopen.connect_error'); + } + + throw new Requests_Exception($errstr, 'fsockopenerror', null, $errno); + } + + $data_format = $options['data_format']; + + if ($data_format === 'query') { + $path = self::format_get($url_parts, $data); + $data = ''; + } + else { + $path = self::format_get($url_parts, array()); + } + + $options['hooks']->dispatch('fsockopen.remote_host_path', array(&$path, $url)); + + $request_body = ''; + $out = sprintf("%s %s HTTP/%.1f\r\n", $options['type'], $path, $options['protocol_version']); + + if ($options['type'] !== Requests::TRACE) { + if (is_array($data)) { + $request_body = http_build_query($data, null, '&'); + } + else { + $request_body = $data; + } + + if (!empty($data)) { + if (!isset($case_insensitive_headers['Content-Length'])) { + $headers['Content-Length'] = strlen($request_body); + } + + if (!isset($case_insensitive_headers['Content-Type'])) { + $headers['Content-Type'] = 'application/x-www-form-urlencoded; charset=UTF-8'; + } + } + } + + if (!isset($case_insensitive_headers['Host'])) { + $out .= sprintf('Host: %s', $url_parts['host']); + + if ($url_parts['port'] !== 80) { + $out .= ':' . $url_parts['port']; + } + $out .= "\r\n"; + } + + if (!isset($case_insensitive_headers['User-Agent'])) { + $out .= sprintf("User-Agent: %s\r\n", $options['useragent']); + } + + $accept_encoding = $this->accept_encoding(); + if (!isset($case_insensitive_headers['Accept-Encoding']) && !empty($accept_encoding)) { + $out .= sprintf("Accept-Encoding: %s\r\n", $accept_encoding); + } + + $headers = Requests::flatten($headers); + + if (!empty($headers)) { + $out .= implode($headers, "\r\n") . "\r\n"; + } + + $options['hooks']->dispatch('fsockopen.after_headers', array(&$out)); + + if (substr($out, -2) !== "\r\n") { + $out .= "\r\n"; + } + + if (!isset($case_insensitive_headers['Connection'])) { + $out .= "Connection: Close\r\n"; + } + + $out .= "\r\n" . $request_body; + + $options['hooks']->dispatch('fsockopen.before_send', array(&$out)); + + fwrite($socket, $out); + $options['hooks']->dispatch('fsockopen.after_send', array($out)); + + if (!$options['blocking']) { + fclose($socket); + $fake_headers = ''; + $options['hooks']->dispatch('fsockopen.after_request', array(&$fake_headers)); + return ''; + } + + $timeout_sec = (int) floor($options['timeout']); + if ($timeout_sec == $options['timeout']) { + $timeout_msec = 0; + } + else { + $timeout_msec = self::SECOND_IN_MICROSECONDS * $options['timeout'] % self::SECOND_IN_MICROSECONDS; + } + stream_set_timeout($socket, $timeout_sec, $timeout_msec); + + $response = $body = $headers = ''; + $this->info = stream_get_meta_data($socket); + $size = 0; + $doingbody = false; + $download = false; + if ($options['filename']) { + $download = fopen($options['filename'], 'wb'); + } + + while (!feof($socket)) { + $this->info = stream_get_meta_data($socket); + if ($this->info['timed_out']) { + throw new Requests_Exception('fsocket timed out', 'timeout'); + } + + $block = fread($socket, Requests::BUFFER_SIZE); + if (!$doingbody) { + $response .= $block; + if (strpos($response, "\r\n\r\n")) { + list($headers, $block) = explode("\r\n\r\n", $response, 2); + $doingbody = true; + } + } + + // Are we in body mode now? + if ($doingbody) { + $options['hooks']->dispatch('request.progress', array($block, $size, $this->max_bytes)); + $data_length = strlen($block); + if ($this->max_bytes) { + // Have we already hit a limit? + if ($size === $this->max_bytes) { + continue; + } + if (($size + $data_length) > $this->max_bytes) { + // Limit the length + $limited_length = ($this->max_bytes - $size); + $block = substr($block, 0, $limited_length); + } + } + + $size += strlen($block); + if ($download) { + fwrite($download, $block); + } + else { + $body .= $block; + } + } + } + $this->headers = $headers; + + if ($download) { + fclose($download); + } + else { + $this->headers .= "\r\n\r\n" . $body; + } + fclose($socket); + + $options['hooks']->dispatch('fsockopen.after_request', array(&$this->headers, &$this->info)); + return $this->headers; + } + + /** + * Send multiple requests simultaneously + * + * @param array $requests Request data (array of 'url', 'headers', 'data', 'options') as per {@see Requests_Transport::request} + * @param array $options Global options, see {@see Requests::response()} for documentation + * @return array Array of Requests_Response objects (may contain Requests_Exception or string responses as well) + */ + public function request_multiple($requests, $options) { + $responses = array(); + $class = get_class($this); + foreach ($requests as $id => $request) { + try { + $handler = new $class(); + $responses[$id] = $handler->request($request['url'], $request['headers'], $request['data'], $request['options']); + + $request['options']['hooks']->dispatch('transport.internal.parse_response', array(&$responses[$id], $request)); + } + catch (Requests_Exception $e) { + $responses[$id] = $e; + } + + if (!is_string($responses[$id])) { + $request['options']['hooks']->dispatch('multiple.request.complete', array(&$responses[$id], $id)); + } + } + + return $responses; + } + + /** + * Retrieve the encodings we can accept + * + * @return string Accept-Encoding header value + */ + protected static function accept_encoding() { + $type = array(); + if (function_exists('gzinflate')) { + $type[] = 'deflate;q=1.0'; + } + + if (function_exists('gzuncompress')) { + $type[] = 'compress;q=0.5'; + } + + $type[] = 'gzip;q=0.5'; + + return implode(', ', $type); + } + + /** + * Format a URL given GET data + * + * @param array $url_parts + * @param array|object $data Data to build query using, see {@see http://php.net/http_build_query} + * @return string URL with data + */ + protected static function format_get($url_parts, $data) { + if (!empty($data)) { + if (empty($url_parts['query'])) { + $url_parts['query'] = ''; + } + + $url_parts['query'] .= '&' . http_build_query($data, null, '&'); + $url_parts['query'] = trim($url_parts['query'], '&'); + } + if (isset($url_parts['path'])) { + if (isset($url_parts['query'])) { + $get = $url_parts['path'] . '?' . $url_parts['query']; + } + else { + $get = $url_parts['path']; + } + } + else { + $get = '/'; + } + return $get; + } + + /** + * Error handler for stream_socket_client() + * + * @param int $errno Error number (e.g. E_WARNING) + * @param string $errstr Error message + */ + public function connect_error_handler($errno, $errstr) { + // Double-check we can handle it + if (($errno & E_WARNING) === 0 && ($errno & E_NOTICE) === 0) { + // Return false to indicate the default error handler should engage + return false; + } + + $this->connect_error .= $errstr . "\n"; + return true; + } + + /** + * Verify the certificate against common name and subject alternative names + * + * Unfortunately, PHP doesn't check the certificate against the alternative + * names, leading things like 'https://www.github.com/' to be invalid. + * Instead + * + * @see http://tools.ietf.org/html/rfc2818#section-3.1 RFC2818, Section 3.1 + * + * @throws Requests_Exception On failure to connect via TLS (`fsockopen.ssl.connect_error`) + * @throws Requests_Exception On not obtaining a match for the host (`fsockopen.ssl.no_match`) + * @param string $host Host name to verify against + * @param resource $context Stream context + * @return bool + */ + public function verify_certificate_from_context($host, $context) { + $meta = stream_context_get_options($context); + + // If we don't have SSL options, then we couldn't make the connection at + // all + if (empty($meta) || empty($meta['ssl']) || empty($meta['ssl']['peer_certificate'])) { + throw new Requests_Exception(rtrim($this->connect_error), 'ssl.connect_error'); + } + + $cert = openssl_x509_parse($meta['ssl']['peer_certificate']); + + return Requests_SSL::verify_certificate($host, $cert); + } + + /** + * Whether this transport is valid + * + * @codeCoverageIgnore + * @return boolean True if the transport is valid, false otherwise. + */ + public static function test($capabilities = array()) { + if (!function_exists('fsockopen')) { + return false; + } + + // If needed, check that streams support SSL + if (isset($capabilities['ssl']) && $capabilities['ssl']) { + if (!extension_loaded('openssl') || !function_exists('openssl_x509_parse')) { + return false; + } + + // Currently broken, thanks to https://github.com/facebook/hhvm/issues/2156 + if (defined('HHVM_VERSION')) { + return false; + } + } + + return true; + } +} diff --git a/wp-includes/Requests/Utility/CaseInsensitiveDictionary.php b/wp-includes/Requests/Utility/CaseInsensitiveDictionary.php new file mode 100644 index 0000000000..2c97893a17 --- /dev/null +++ b/wp-includes/Requests/Utility/CaseInsensitiveDictionary.php @@ -0,0 +1,103 @@ + $value) { + $this->offsetSet($key, $value); + } + } + + /** + * Check if the given item exists + * + * @param string $key Item key + * @return boolean Does the item exist? + */ + public function offsetExists($key) { + $key = strtolower($key); + return isset($this->data[$key]); + } + + /** + * Get the value for the item + * + * @param string $key Item key + * @return string Item value + */ + public function offsetGet($key) { + $key = strtolower($key); + if (!isset($this->data[$key])) { + return null; + } + + return $this->data[$key]; + } + + /** + * Set the given item + * + * @throws Requests_Exception On attempting to use dictionary as list (`invalidset`) + * + * @param string $key Item name + * @param string $value Item value + */ + public function offsetSet($key, $value) { + if ($key === null) { + throw new Requests_Exception('Object is a dictionary, not a list', 'invalidset'); + } + + $key = strtolower($key); + $this->data[$key] = $value; + } + + /** + * Unset the given header + * + * @param string $key + */ + public function offsetUnset($key) { + unset($this->data[strtolower($key)]); + } + + /** + * Get an iterator for the data + * + * @return ArrayIterator + */ + public function getIterator() { + return new ArrayIterator($this->data); + } + + /** + * Get the headers as an array + * + * @return array Header data + */ + public function getAll() { + return $this->data; + } +} diff --git a/wp-includes/Requests/Utility/FilteredIterator.php b/wp-includes/Requests/Utility/FilteredIterator.php new file mode 100644 index 0000000000..76a29e7228 --- /dev/null +++ b/wp-includes/Requests/Utility/FilteredIterator.php @@ -0,0 +1,45 @@ +callback = $callback; + } + + /** + * Get the current item's value after filtering + * + * @return string + */ + public function current() { + $value = parent::current(); + $value = call_user_func($this->callback, $value); + return $value; + } +} diff --git a/wp-includes/class-http.php b/wp-includes/class-http.php index b0ac01ef1a..30c3dc9ca1 100644 --- a/wp-includes/class-http.php +++ b/wp-includes/class-http.php @@ -7,6 +7,13 @@ * @since 2.7.0 */ +if ( ! class_exists( 'Requests' ) ) { + require( ABSPATH . WPINC . '/class-requests.php' ); + + Requests::register_autoloader(); + Requests::set_certificate_path( ABSPATH . WPINC . '/certificates/ca-bundle.crt' ); +} + /** * Core class used for managing HTTP transports and making HTTP requests. * @@ -247,8 +254,9 @@ class WP_Http { return $pre; if ( function_exists( 'wp_kses_bad_protocol' ) ) { - if ( $r['reject_unsafe_urls'] ) + if ( $r['reject_unsafe_urls'] ) { $url = wp_http_validate_url( $url ); + } if ( $url ) { $url = wp_kses_bad_protocol( $url, array( 'http', 'https', 'ssl' ) ); } @@ -256,107 +264,152 @@ class WP_Http { $arrURL = @parse_url( $url ); - if ( empty( $url ) || empty( $arrURL['scheme'] ) ) + if ( empty( $url ) || empty( $arrURL['scheme'] ) ) { return new WP_Error('http_request_failed', __('A valid URL was not provided.')); + } - if ( $this->block_request( $url ) ) + if ( $this->block_request( $url ) ) { return new WP_Error( 'http_request_failed', __( 'User has blocked requests through HTTP.' ) ); - - /* - * Determine if this is a https call and pass that on to the transport functions - * so that we can blacklist the transports that do not support ssl verification - */ - $r['ssl'] = $arrURL['scheme'] == 'https' || $arrURL['scheme'] == 'ssl'; - - // Determine if this request is to OUR install of WordPress. - $homeURL = parse_url( get_bloginfo( 'url' ) ); - $r['local'] = 'localhost' == $arrURL['host'] || ( isset( $homeURL['host'] ) && $homeURL['host'] == $arrURL['host'] ); - unset( $homeURL ); - - /* - * If we are streaming to a file but no filename was given drop it in the WP temp dir - * and pick its name using the basename of the $url. - */ - if ( $r['stream'] && empty( $r['filename'] ) ) { - $r['filename'] = get_temp_dir() . wp_unique_filename( get_temp_dir(), basename( $url ) ); } - /* - * Force some settings if we are streaming to a file and check for existence and perms - * of destination directory. - */ + // If we are streaming to a file but no filename was given drop it in the WP temp dir + // and pick its name using the basename of the $url if ( $r['stream'] ) { + if ( empty( $r['filename'] ) ) { + $r['filename'] = get_temp_dir() . basename( $url ); + } + + // Force some settings if we are streaming to a file and check for existence and perms of destination directory $r['blocking'] = true; - if ( ! wp_is_writable( dirname( $r['filename'] ) ) ) + if ( ! wp_is_writable( dirname( $r['filename'] ) ) ) { return new WP_Error( 'http_request_failed', __( 'Destination directory for file streaming does not exist or is not writable.' ) ); + } } - if ( is_null( $r['headers'] ) ) + if ( is_null( $r['headers'] ) ) { $r['headers'] = array(); + } + // WP allows passing in headers as a string, weirdly. if ( ! is_array( $r['headers'] ) ) { - $processedHeaders = self::processHeaders( $r['headers'], $url ); + $processedHeaders = WP_Http::processHeaders( $r['headers'] ); $r['headers'] = $processedHeaders['headers']; } - if ( isset( $r['headers']['User-Agent'] ) ) { - $r['user-agent'] = $r['headers']['User-Agent']; - unset( $r['headers']['User-Agent'] ); + // Setup arguments + $headers = $r['headers']; + $data = $r['body']; + $type = $r['method']; + $options = array( + 'timeout' => $r['timeout'], + 'useragent' => $r['user-agent'], + 'blocking' => $r['blocking'], + ); + + if ( $r['stream'] ) { + $options['filename'] = $r['filename']; + } + if ( empty( $r['redirection'] ) ) { + $options['follow_redirects'] = false; + } + else { + $options['redirects'] = $r['redirection']; } - if ( isset( $r['headers']['user-agent'] ) ) { - $r['user-agent'] = $r['headers']['user-agent']; - unset( $r['headers']['user-agent'] ); + // Use byte limit, if we can + if ( isset( $r['limit_response_size'] ) ) { + $options['max_bytes'] = $r['limit_response_size']; } - if ( '1.1' == $r['httpversion'] && !isset( $r['headers']['connection'] ) ) { - $r['headers']['connection'] = 'close'; - } - - // Construct Cookie: header if any cookies are set. - self::buildCookieHeader( $r ); - - // Avoid issues where mbstring.func_overload is enabled. - mbstring_binary_safe_encoding(); - - if ( ! isset( $r['headers']['Accept-Encoding'] ) ) { - if ( $encoding = WP_Http_Encoding::accept_encoding( $url, $r ) ) - $r['headers']['Accept-Encoding'] = $encoding; - } - - if ( ( ! is_null( $r['body'] ) && '' != $r['body'] ) || 'POST' == $r['method'] || 'PUT' == $r['method'] ) { - if ( is_array( $r['body'] ) || is_object( $r['body'] ) ) { - $r['body'] = http_build_query( $r['body'], null, '&' ); - - if ( ! isset( $r['headers']['Content-Type'] ) ) - $r['headers']['Content-Type'] = 'application/x-www-form-urlencoded; charset=' . get_option( 'blog_charset' ); - } - - if ( '' === $r['body'] ) - $r['body'] = null; - - if ( ! isset( $r['headers']['Content-Length'] ) && ! isset( $r['headers']['content-length'] ) ) - $r['headers']['Content-Length'] = strlen( $r['body'] ); - } - - $response = $this->_dispatch_request( $url, $r ); - - reset_mbstring_encoding(); - - if ( is_wp_error( $response ) ) - return $response; - - // Append cookies that were used in this request to the response + // If we've got cookies, use them if ( ! empty( $r['cookies'] ) ) { - $cookies_set = wp_list_pluck( $response['cookies'], 'name' ); - foreach ( $r['cookies'] as $cookie ) { - if ( ! in_array( $cookie->name, $cookies_set ) && $cookie->test( $url ) ) { - $response['cookies'][] = $cookie; - } - } + $options['cookies'] = $r['cookies']; } - return $response; + // SSL certificate handling + if ( ! $r['sslverify'] ) { + $options['verify'] = false; + } + else { + $options['verify'] = $r['sslcertificates']; + } + + /** + * Filter whether SSL should be verified for non-local requests. + * + * @since 2.8.0 + * + * @param bool $ssl_verify Whether to verify the SSL connection. Default true. + */ + $options['verify'] = apply_filters( 'https_ssl_verify', $options['verify'] ); + + try { + $response = Requests::request( $url, $headers, $data, $type, $options ); + } + catch ( Requests_Exception $e ) { + $response = new WP_Error( 'http_request_failed', $e->getMessage() ); + } + + /** + * Fires after an HTTP API response is received and before the response is returned. + * + * @since 2.8.0 + * + * @param array|WP_Error $response HTTP response or WP_Error object. + * @param string $context Context under which the hook is fired. + * @param string $class HTTP transport used. + * @param array $args HTTP request arguments. + * @param string $url The request URL. + */ + do_action( 'http_api_debug', $response, 'response', 'Requests', $r, $url ); + if ( is_wp_error( $response ) ) { + return $response; + } + + if ( ! $r['blocking'] ) { + return array( + 'headers' => array(), + 'body' => '', + 'response' => array( + 'code' => false, + 'message' => false, + ), + 'cookies' => array(), + ); + } + + // Convert the response into an array + $data = new WP_HTTP_Requests_Response( $response, $r['filename'] ); + + /** + * Filter the HTTP API response immediately before the response is returned. + * + * @since 2.9.0 + * + * @param array $data HTTP response. + * @param array $r HTTP request arguments. + * @param string $url The request URL. + */ + return apply_filters( 'http_response', $data, $r, $url ); + } + + /** + * Match redirect behaviour to browser handling. + * + * Changes 302 redirects from POST to GET to match browser handling. Per + * RFC 7231, user agents can deviate from the strict reading of the + * specification for compatibility purposes. + * + * @param string $location URL to redirect to. + * @param array $headers Headers for the redirect. + * @param array $options Redirect request options. + * @param Requests_Response $original Response object. + */ + public static function browser_redirect_compatibility( $location, $headers, $data, &$options, $original ) { + // Browser compat + if ( $original->status_code === 302 ) { + $options['type'] = Requests::GET; + } } /** diff --git a/wp-includes/class-requests.php b/wp-includes/class-requests.php new file mode 100644 index 0000000000..6a8eef375d --- /dev/null +++ b/wp-includes/class-requests.php @@ -0,0 +1,976 @@ +dispatch('requests.before_request', array(&$url, &$headers, &$data, &$type, &$options)); + + if (!empty($options['transport'])) { + $transport = $options['transport']; + + if (is_string($options['transport'])) { + $transport = new $transport(); + } + } + else { + $need_ssl = (0 === stripos($url, 'https://')); + $capabilities = array('ssl' => $need_ssl); + $transport = self::get_transport($capabilities); + } + $response = $transport->request($url, $headers, $data, $options); + + $options['hooks']->dispatch('requests.before_parse', array(&$response, $url, $headers, $data, $type, $options)); + + return self::parse_response($response, $url, $headers, $data, $options); + } + + /** + * Send multiple HTTP requests simultaneously + * + * The `$requests` parameter takes an associative or indexed array of + * request fields. The key of each request can be used to match up the + * request with the returned data, or with the request passed into your + * `multiple.request.complete` callback. + * + * The request fields value is an associative array with the following keys: + * + * - `url`: Request URL Same as the `$url` parameter to + * {@see Requests::request} + * (string, required) + * - `headers`: Associative array of header fields. Same as the `$headers` + * parameter to {@see Requests::request} + * (array, default: `array()`) + * - `data`: Associative array of data fields or a string. Same as the + * `$data` parameter to {@see Requests::request} + * (array|string, default: `array()`) + * - `type`: HTTP request type (use Requests constants). Same as the `$type` + * parameter to {@see Requests::request} + * (string, default: `Requests::GET`) + * - `cookies`: Associative array of cookie name to value, or cookie jar. + * (array|Requests_Cookie_Jar) + * + * If the `$options` parameter is specified, individual requests will + * inherit options from it. This can be used to use a single hooking system, + * or set all the types to `Requests::POST`, for example. + * + * In addition, the `$options` parameter takes the following global options: + * + * - `complete`: A callback for when a request is complete. Takes two + * parameters, a Requests_Response/Requests_Exception reference, and the + * ID from the request array (Note: this can also be overridden on a + * per-request basis, although that's a little silly) + * (callback) + * + * @param array $requests Requests data (see description for more information) + * @param array $options Global and default options (see {@see Requests::request}) + * @return array Responses (either Requests_Response or a Requests_Exception object) + */ + public static function request_multiple($requests, $options = array()) { + $options = array_merge(self::get_default_options(true), $options); + + if (!empty($options['hooks'])) { + $options['hooks']->register('transport.internal.parse_response', array('Requests', 'parse_multiple')); + if (!empty($options['complete'])) { + $options['hooks']->register('multiple.request.complete', $options['complete']); + } + } + + foreach ($requests as $id => &$request) { + if (!isset($request['headers'])) { + $request['headers'] = array(); + } + if (!isset($request['data'])) { + $request['data'] = array(); + } + if (!isset($request['type'])) { + $request['type'] = self::GET; + } + if (!isset($request['options'])) { + $request['options'] = $options; + $request['options']['type'] = $request['type']; + } + else { + if (empty($request['options']['type'])) { + $request['options']['type'] = $request['type']; + } + $request['options'] = array_merge($options, $request['options']); + } + + self::set_defaults($request['url'], $request['headers'], $request['data'], $request['type'], $request['options']); + + // Ensure we only hook in once + if ($request['options']['hooks'] !== $options['hooks']) { + $request['options']['hooks']->register('transport.internal.parse_response', array('Requests', 'parse_multiple')); + if (!empty($request['options']['complete'])) { + $request['options']['hooks']->register('multiple.request.complete', $request['options']['complete']); + } + } + } + unset($request); + + if (!empty($options['transport'])) { + $transport = $options['transport']; + + if (is_string($options['transport'])) { + $transport = new $transport(); + } + } + else { + $transport = self::get_transport(); + } + $responses = $transport->request_multiple($requests, $options); + + foreach ($responses as $id => &$response) { + // If our hook got messed with somehow, ensure we end up with the + // correct response + if (is_string($response)) { + $request = $requests[$id]; + self::parse_multiple($response, $request); + $request['options']['hooks']->dispatch('multiple.request.complete', array(&$response, $id)); + } + } + + return $responses; + } + + /** + * Get the default options + * + * @see Requests::request() for values returned by this method + * @param boolean $multirequest Is this a multirequest? + * @return array Default option values + */ + protected static function get_default_options($multirequest = false) { + $defaults = array( + 'timeout' => 10, + 'connect_timeout' => 10, + 'useragent' => 'php-requests/' . self::VERSION, + 'protocol_version' => 1.1, + 'redirected' => 0, + 'redirects' => 10, + 'follow_redirects' => true, + 'blocking' => true, + 'type' => self::GET, + 'filename' => false, + 'auth' => false, + 'proxy' => false, + 'cookies' => false, + 'max_bytes' => false, + 'idn' => true, + 'hooks' => null, + 'transport' => null, + 'verify' => Requests::get_certificate_path(), + 'verifyname' => true, + ); + if ($multirequest !== false) { + $defaults['complete'] = null; + } + return $defaults; + } + + /** + * Get default certificate path. + * + * @return string Default certificate path. + */ + public static function get_certificate_path() { + if ( ! empty( Requests::$certificate_path ) ) { + return Requests::$certificate_path; + } + + return dirname(__FILE__) . '/Requests/Transport/cacert.pem'; + } + + /** + * Set default certificate path. + * + * @param string $path Certificate path, pointing to a PEM file. + */ + public static function set_certificate_path( $path ) { + Requests::$certificate_path = $path; + } + + /** + * Set the default values + * + * @param string $url URL to request + * @param array $headers Extra headers to send with the request + * @param array|null $data Data to send either as a query string for GET/HEAD requests, or in the body for POST requests + * @param string $type HTTP request type + * @param array $options Options for the request + * @return array $options + */ + protected static function set_defaults(&$url, &$headers, &$data, &$type, &$options) { + if (!preg_match('/^http(s)?:\/\//i', $url, $matches)) { + throw new Requests_Exception('Only HTTP(S) requests are handled.', 'nonhttp', $url); + } + + if (empty($options['hooks'])) { + $options['hooks'] = new Requests_Hooks(); + } + + if (is_array($options['auth'])) { + $options['auth'] = new Requests_Auth_Basic($options['auth']); + } + if ($options['auth'] !== false) { + $options['auth']->register($options['hooks']); + } + + if (!empty($options['proxy'])) { + $options['proxy'] = new Requests_Proxy_HTTP($options['proxy']); + } + if ($options['proxy'] !== false) { + $options['proxy']->register($options['hooks']); + } + + if (is_array($options['cookies'])) { + $options['cookies'] = new Requests_Cookie_Jar($options['cookies']); + } + elseif (empty($options['cookies'])) { + $options['cookies'] = new Requests_Cookie_Jar(); + } + if ($options['cookies'] !== false) { + $options['cookies']->register($options['hooks']); + } + + if ($options['idn'] !== false) { + $iri = new Requests_IRI($url); + $iri->host = Requests_IDNAEncoder::encode($iri->ihost); + $url = $iri->uri; + } + + // Massage the type to ensure we support it. + $type = strtoupper($type); + + if (!isset($options['data_format'])) { + if (in_array($type, array(self::HEAD, self::GET, self::DELETE))) { + $options['data_format'] = 'query'; + } + else { + $options['data_format'] = 'body'; + } + } + } + + /** + * HTTP response parser + * + * @throws Requests_Exception On missing head/body separator (`requests.no_crlf_separator`) + * @throws Requests_Exception On missing head/body separator (`noversion`) + * @throws Requests_Exception On missing head/body separator (`toomanyredirects`) + * + * @param string $headers Full response text including headers and body + * @param string $url Original request URL + * @param array $req_headers Original $headers array passed to {@link request()}, in case we need to follow redirects + * @param array $req_data Original $data array passed to {@link request()}, in case we need to follow redirects + * @param array $options Original $options array passed to {@link request()}, in case we need to follow redirects + * @return Requests_Response + */ + protected static function parse_response($headers, $url, $req_headers, $req_data, $options) { + $return = new Requests_Response(); + if (!$options['blocking']) { + return $return; + } + + $return->raw = $headers; + $return->url = $url; + + if (!$options['filename']) { + if (($pos = strpos($headers, "\r\n\r\n")) === false) { + // Crap! + throw new Requests_Exception('Missing header/body separator', 'requests.no_crlf_separator'); + } + + $headers = substr($return->raw, 0, $pos); + $return->body = substr($return->raw, $pos + strlen("\n\r\n\r")); + } + else { + $return->body = ''; + } + // Pretend CRLF = LF for compatibility (RFC 2616, section 19.3) + $headers = str_replace("\r\n", "\n", $headers); + // Unfold headers (replace [CRLF] 1*( SP | HT ) with SP) as per RFC 2616 (section 2.2) + $headers = preg_replace('/\n[ \t]/', ' ', $headers); + $headers = explode("\n", $headers); + preg_match('#^HTTP/(1\.\d)[ \t]+(\d+)#i', array_shift($headers), $matches); + if (empty($matches)) { + throw new Requests_Exception('Response could not be parsed', 'noversion', $headers); + } + $return->protocol_version = (float) $matches[1]; + $return->status_code = (int) $matches[2]; + if ($return->status_code >= 200 && $return->status_code < 300) { + $return->success = true; + } + + foreach ($headers as $header) { + list($key, $value) = explode(':', $header, 2); + $value = trim($value); + preg_replace('#(\s+)#i', ' ', $value); + $return->headers[$key] = $value; + } + if (isset($return->headers['transfer-encoding'])) { + $return->body = self::decode_chunked($return->body); + unset($return->headers['transfer-encoding']); + } + if (isset($return->headers['content-encoding'])) { + $return->body = self::decompress($return->body); + } + + //fsockopen and cURL compatibility + if (isset($return->headers['connection'])) { + unset($return->headers['connection']); + } + + $options['hooks']->dispatch('requests.before_redirect_check', array(&$return, $req_headers, $req_data, $options)); + + if ($return->is_redirect() && $options['follow_redirects'] === true) { + if (isset($return->headers['location']) && $options['redirected'] < $options['redirects']) { + if ($return->status_code === 303) { + $options['type'] = self::GET; + } + $options['redirected']++; + $location = $return->headers['location']; + if (strpos($location, 'http://') !== 0 && strpos($location, 'https://') !== 0) { + // relative redirect, for compatibility make it absolute + $location = Requests_IRI::absolutize($url, $location); + $location = $location->uri; + } + + $hook_args = array( + &$location, + &$req_headers, + &$req_data, + &$options, + $return + ); + $options['hooks']->dispatch('requests.before_redirect', $hook_args); + $redirected = self::request($location, $req_headers, $req_data, $options['type'], $options); + $redirected->history[] = $return; + return $redirected; + } + elseif ($options['redirected'] >= $options['redirects']) { + throw new Requests_Exception('Too many redirects', 'toomanyredirects', $return); + } + } + + $return->redirects = $options['redirected']; + + $options['hooks']->dispatch('requests.after_request', array(&$return, $req_headers, $req_data, $options)); + return $return; + } + + /** + * Callback for `transport.internal.parse_response` + * + * Internal use only. Converts a raw HTTP response to a Requests_Response + * while still executing a multiple request. + * + * @param string $response Full response text including headers and body (will be overwritten with Response instance) + * @param array $request Request data as passed into {@see Requests::request_multiple()} + * @return null `$response` is either set to a Requests_Response instance, or a Requests_Exception object + */ + public static function parse_multiple(&$response, $request) { + try { + $url = $request['url']; + $headers = $request['headers']; + $data = $request['data']; + $options = $request['options']; + $response = self::parse_response($response, $url, $headers, $data, $options); + } + catch (Requests_Exception $e) { + $response = $e; + } + } + + /** + * Decoded a chunked body as per RFC 2616 + * + * @see http://tools.ietf.org/html/rfc2616#section-3.6.1 + * @param string $data Chunked body + * @return string Decoded body + */ + protected static function decode_chunked($data) { + if (!preg_match('/^([0-9a-f]+)[^\r\n]*\r\n/i', trim($data))) { + return $data; + } + + $decoded = ''; + $encoded = $data; + + while (true) { + $is_chunked = (bool) preg_match('/^([0-9a-f]+)[^\r\n]*\r\n/i', $encoded, $matches); + if (!$is_chunked) { + // Looks like it's not chunked after all + return $data; + } + + $length = hexdec(trim($matches[1])); + if ($length === 0) { + // Ignore trailer headers + return $decoded; + } + + $chunk_length = strlen($matches[0]); + $decoded .= substr($encoded, $chunk_length, $length); + $encoded = substr($encoded, $chunk_length + $length + 2); + + if (trim($encoded) === '0' || empty($encoded)) { + return $decoded; + } + } + + // We'll never actually get down here + // @codeCoverageIgnoreStart + } + // @codeCoverageIgnoreEnd + + /** + * Convert a key => value array to a 'key: value' array for headers + * + * @param array $array Dictionary of header values + * @return array List of headers + */ + public static function flatten($array) { + $return = array(); + foreach ($array as $key => $value) { + $return[] = sprintf('%s: %s', $key, $value); + } + return $return; + } + + /** + * Convert a key => value array to a 'key: value' array for headers + * + * @codeCoverageIgnore + * @deprecated Misspelling of {@see Requests::flatten} + * @param array $array Dictionary of header values + * @return array List of headers + */ + public static function flattern($array) { + return self::flatten($array); + } + + /** + * Decompress an encoded body + * + * Implements gzip, compress and deflate. Guesses which it is by attempting + * to decode. + * + * @param string $data Compressed data in one of the above formats + * @return string Decompressed string + */ + public static function decompress($data) { + if (substr($data, 0, 2) !== "\x1f\x8b" && substr($data, 0, 2) !== "\x78\x9c") { + // Not actually compressed. Probably cURL ruining this for us. + return $data; + } + + if (function_exists('gzdecode') && ($decoded = @gzdecode($data)) !== false) { + return $decoded; + } + elseif (function_exists('gzinflate') && ($decoded = @gzinflate($data)) !== false) { + return $decoded; + } + elseif (($decoded = self::compatible_gzinflate($data)) !== false) { + return $decoded; + } + elseif (function_exists('gzuncompress') && ($decoded = @gzuncompress($data)) !== false) { + return $decoded; + } + + return $data; + } + + /** + * Decompression of deflated string while staying compatible with the majority of servers. + * + * Certain Servers will return deflated data with headers which PHP's gzinflate() + * function cannot handle out of the box. The following function has been created from + * various snippets on the gzinflate() PHP documentation. + * + * Warning: Magic numbers within. Due to the potential different formats that the compressed + * data may be returned in, some "magic offsets" are needed to ensure proper decompression + * takes place. For a simple progmatic way to determine the magic offset in use, see: + * http://core.trac.wordpress.org/ticket/18273 + * + * @since 2.8.1 + * @link http://core.trac.wordpress.org/ticket/18273 + * @link http://au2.php.net/manual/en/function.gzinflate.php#70875 + * @link http://au2.php.net/manual/en/function.gzinflate.php#77336 + * + * @param string $gzData String to decompress. + * @return string|bool False on failure. + */ + public static function compatible_gzinflate($gzData) { + // Compressed data might contain a full zlib header, if so strip it for + // gzinflate() + if (substr($gzData, 0, 3) == "\x1f\x8b\x08") { + $i = 10; + $flg = ord(substr($gzData, 3, 1)); + if ($flg > 0) { + if ($flg & 4) { + list($xlen) = unpack('v', substr($gzData, $i, 2)); + $i = $i + 2 + $xlen; + } + if ($flg & 8) { + $i = strpos($gzData, "\0", $i) + 1; + } + if ($flg & 16) { + $i = strpos($gzData, "\0", $i) + 1; + } + if ($flg & 2) { + $i = $i + 2; + } + } + $decompressed = self::compatible_gzinflate(substr($gzData, $i)); + if (false !== $decompressed) { + return $decompressed; + } + } + + // If the data is Huffman Encoded, we must first strip the leading 2 + // byte Huffman marker for gzinflate() + // The response is Huffman coded by many compressors such as + // java.util.zip.Deflater, Ruby’s Zlib::Deflate, and .NET's + // System.IO.Compression.DeflateStream. + // + // See http://decompres.blogspot.com/ for a quick explanation of this + // data type + $huffman_encoded = false; + + // low nibble of first byte should be 0x08 + list(, $first_nibble) = unpack('h', $gzData); + + // First 2 bytes should be divisible by 0x1F + list(, $first_two_bytes) = unpack('n', $gzData); + + if (0x08 == $first_nibble && 0 == ($first_two_bytes % 0x1F)) { + $huffman_encoded = true; + } + + if ($huffman_encoded) { + if (false !== ($decompressed = @gzinflate(substr($gzData, 2)))) { + return $decompressed; + } + } + + if ("\x50\x4b\x03\x04" == substr($gzData, 0, 4)) { + // ZIP file format header + // Offset 6: 2 bytes, General-purpose field + // Offset 26: 2 bytes, filename length + // Offset 28: 2 bytes, optional field length + // Offset 30: Filename field, followed by optional field, followed + // immediately by data + list(, $general_purpose_flag) = unpack('v', substr($gzData, 6, 2)); + + // If the file has been compressed on the fly, 0x08 bit is set of + // the general purpose field. We can use this to differentiate + // between a compressed document, and a ZIP file + $zip_compressed_on_the_fly = (0x08 == (0x08 & $general_purpose_flag)); + + if (!$zip_compressed_on_the_fly) { + // Don't attempt to decode a compressed zip file + return $gzData; + } + + // Determine the first byte of data, based on the above ZIP header + // offsets: + $first_file_start = array_sum(unpack('v2', substr($gzData, 26, 4))); + if (false !== ($decompressed = @gzinflate(substr($gzData, 30 + $first_file_start)))) { + return $decompressed; + } + return false; + } + + // Finally fall back to straight gzinflate + if (false !== ($decompressed = @gzinflate($gzData))) { + return $decompressed; + } + + // Fallback for all above failing, not expected, but included for + // debugging and preventing regressions and to track stats + if (false !== ($decompressed = @gzinflate(substr($gzData, 2)))) { + return $decompressed; + } + + return false; + } + + public static function match_domain($host, $reference) { + // Check for a direct match + if ($host === $reference) { + return true; + } + + // Calculate the valid wildcard match if the host is not an IP address + // Also validates that the host has 3 parts or more, as per Firefox's + // ruleset. + $parts = explode('.', $host); + if (ip2long($host) === false && count($parts) >= 3) { + $parts[0] = '*'; + $wildcard = implode('.', $parts); + if ($wildcard === $reference) { + return true; + } + } + + return false; + } +} diff --git a/wp-includes/class-wp-http-requests-response.php b/wp-includes/class-wp-http-requests-response.php new file mode 100644 index 0000000000..981756af01 --- /dev/null +++ b/wp-includes/class-wp-http-requests-response.php @@ -0,0 +1,229 @@ +response = $response; + $this->filename = $filename; + } + + /** + * Get the response object for the request. + * + * @return Requests_Response + */ + public function get_response_object() { + return $this->response; + } + + /** + * Retrieves headers associated with the response. + * + * @return array Map of header name to header value. + */ + public function get_headers() { + // Ensure headers remain case-insensitive + $converted = new Requests_Utility_CaseInsensitiveDictionary(); + + foreach ( $this->response->headers->getAll() as $key => $value ) { + if ( count( $value ) === 1 ) { + $converted[ $key ] = $value[0]; + } + else { + $converted[ $key ] = $value; + } + } + + return $converted; + } + + /** + * Sets all header values. + * + * @param array $headers Map of header name to header value. + */ + public function set_headers( $headers ) { + $this->response->headers = new Requests_Response_Headers( $headers ); + } + + /** + * Sets a single HTTP header. + * + * @param string $key Header name. + * @param string $value Header value. + * @param bool $replace Optional. Whether to replace an existing header of the same name. + * Default true. + */ + public function header( $key, $value, $replace = true ) { + if ( $replace ) { + unset( $this->response->headers[ $key ] ); + } + + $this->response->headers[ $key ] = $value; + } + + /** + * Retrieves the HTTP return code for the response. + * + * @return int The 3-digit HTTP status code. + */ + public function get_status() { + return $this->response->status_code; + } + + /** + * Sets the 3-digit HTTP status code. + * + * @param int $code HTTP status. + */ + public function set_status( $code ) { + $this->response->status_code = absint( $code ); + } + + /** + * Retrieves the response data. + * + * @return mixed Response data. + */ + public function get_data() { + return $this->response->body; + } + + /** + * Sets the response data. + * + * @param mixed $data Response data. + */ + public function set_data( $data ) { + $this->response->body = $data; + } + + /** + * Get cookies from the response. + * + * @return WP_HTTP_Cookie[] List of cookie objects. + */ + public function get_cookies() { + $cookies = array(); + foreach ( $this->response->cookies as $cookie ) { + $cookies[] = new WP_Http_Cookie( array( + 'name' => $cookie->name, + 'value' => urldecode( $cookie->value ), + 'expires' => $cookie->attributes['expires'], + 'path' => $cookie->attributes['path'], + 'domain' => $cookie->attributes['domain'], + )); + } + + return $cookies; + } + + /** + * Check if an ArrayAccess offset exists. + * + * This is for backwards compatibility for array access. + * + * @param string|int $key Array offset. + * @return bool True if the offset exists, false otherwise. + */ + public function offsetExists( $key ) { + $allowed = array( 'headers', 'body', 'response', 'cookies', 'filename' ); + return in_array( $key, $allowed ); + } + + /** + * Get an ArrayAccess value. + * + * This is for backwards compatibility for array access. + * + * @param string|int $key Array offset to get. + * @return mixed Value if the key is a valid offset, null if invalid. + */ + public function offsetGet( $key ) { + switch ( $key ) { + case 'headers': + return $this->get_headers(); + + case 'body': + return $this->get_data(); + + case 'response': + return array( + 'code' => $this->get_status(), + 'message' => get_status_header_desc( $this->get_status() ), + ); + + case 'cookies': + return $this->get_cookies(); + + case 'filename': + return $this->filename; + } + + return null; + } + + /** + * Set an ArrayAccess value. + * + * This is for backwards compatibility for array access. + * + * @param string|int $key Array offset to set. + * @param mixed $value Value to set. + */ + public function offsetSet( $key, $value ) { + switch ( $key ) { + case 'headers': + $this->set_headers( $value ); + break; + + case 'body': + $this->set_data( $value ); + break; + + case 'response': + if ( isset( $value['code'] ) ) { + $this->set_status( $value['code'] ); + } + break; + + case 'filename': + $this->filename = $value; + break; + } + } + + /** + * Unset an ArrayAccess value. + * + * This is for backwards compatibility for array access. + * + * @param string|int $key Array offset to remove. + */ + public function offsetUnset( $key ) { + $this->offsetSet( $key, null ); + } +} diff --git a/wp-includes/default-filters.php b/wp-includes/default-filters.php index 5f5464e03f..c866c3732d 100644 --- a/wp-includes/default-filters.php +++ b/wp-includes/default-filters.php @@ -206,7 +206,8 @@ add_filter( 'pingback_ping_source_uri', 'pingback_ping_source_uri' ); add_filter( 'xmlrpc_pingback_error', 'xmlrpc_pingback_error' ); add_filter( 'title_save_pre', 'trim' ); -add_filter( 'http_request_host_is_external', 'allowed_http_request_hosts', 10, 2 ); +add_filter( 'http_request_host_is_external', 'allowed_http_request_hosts', 10, 2 ); +add_action( 'requests-requests.before_redirect', array( 'WP_Http', 'browser_redirect_compatibility' ), 10, 5 ); // REST API filters. add_action( 'xmlrpc_rsd_apis', 'rest_output_rsd' ); diff --git a/wp-includes/http.php b/wp-includes/http.php index dc750371ac..6a43aeeac2 100644 --- a/wp-includes/http.php +++ b/wp-includes/http.php @@ -213,8 +213,9 @@ function wp_remote_head($url, $args = array()) { * @return array The headers of the response. Empty array if incorrect parameter given. */ function wp_remote_retrieve_headers( $response ) { - if ( is_wp_error($response) || ! isset($response['headers']) || ! is_array($response['headers'])) + if ( is_wp_error( $response ) || ! isset( $response['headers'] ) ) { return array(); + } return $response['headers']; } @@ -229,11 +230,13 @@ function wp_remote_retrieve_headers( $response ) { * @return string The header value. Empty string on if incorrect parameter given, or if the header doesn't exist. */ function wp_remote_retrieve_header( $response, $header ) { - if ( is_wp_error($response) || ! isset($response['headers']) || ! is_array($response['headers'])) + if ( is_wp_error( $response ) || ! isset( $response['headers'] ) ) { return ''; + } - if ( array_key_exists($header, $response['headers']) ) + if ( isset( $response['headers'][ $header ] ) ) { return $response['headers'][$header]; + } return ''; } diff --git a/wp-includes/version.php b/wp-includes/version.php index ea9809a6db..5498dded3b 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -4,7 +4,7 @@ * * @global string $wp_version */ -$wp_version = '4.6-alpha-37427'; +$wp_version = '4.6-alpha-37428'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema. diff --git a/wp-settings.php b/wp-settings.php index a4bb3708dd..9be6b9dfcd 100644 --- a/wp-settings.php +++ b/wp-settings.php @@ -183,6 +183,7 @@ require( ABSPATH . WPINC . '/class-wp-http-proxy.php' ); require( ABSPATH . WPINC . '/class-wp-http-cookie.php' ); require( ABSPATH . WPINC . '/class-wp-http-encoding.php' ); require( ABSPATH . WPINC . '/class-wp-http-response.php' ); +require( ABSPATH . WPINC . '/class-wp-http-requests-response.php' ); require( ABSPATH . WPINC . '/widgets.php' ); require( ABSPATH . WPINC . '/class-wp-widget.php' ); require( ABSPATH . WPINC . '/class-wp-widget-factory.php' );