Upstream
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
34,975 Commits 48 Branches 719 Tags 907 MiB
Commit Graph

143 Commits

Author SHA1 Message Date
whyisjake 51d665a4a5 Backporting several bug fixes. 
- Query: Remove the static query property.
- HTTP API: Protect against hex interpretation.
- Filesystem API: Prevent directory travelersals when creating new folders.
- Administration: Ensure that admin referer nonce is valid.
- REST API: Send a Vary: Origin header on GET requests.

Backports [46474], [46475], [46476], [46477], [46478], [46483], [46485] to the 4.6 branch.

Built from https://develop.svn.wordpress.org/branches/4.6@46496


git-svn-id: http://core.svn.wordpress.org/branches/4.6@46293 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2019-10-14 19:02:25 +00:00
Dominik Schilling 5a4e8a9b94 HTTP: Don't treat `localhost` as same host by default. 
Merge of [42894] to the 4.6 branch.

Built from https://develop.svn.wordpress.org/branches/4.6@42911


git-svn-id: http://core.svn.wordpress.org/branches/4.6@42741 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2018-04-03 15:37:22 +00:00
Drew Jaynes d28f1a08ef Docs: Apply inline `@see` tags to hooks referenced in DocBlocks in a variety of wp-includes/* files. 
Applying these specially-crafted `@see` tags allows the Code Reference parser to recognize and link these elements as actions and filters.

See #36921.

Built from https://develop.svn.wordpress.org/trunk@37543


git-svn-id: http://core.svn.wordpress.org/trunk@37511 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-05-23 19:01:27 +00:00
Ryan McCue 37f6e6813a HTTP API: Replace internals with Requests library. 
Requests is a library very similar to WP_HTTP, with a high level of unit test coverage, and has a common lineage and development team. It also supports parallel requests.

See #33055.

Built from https://develop.svn.wordpress.org/trunk@37428


git-svn-id: http://core.svn.wordpress.org/trunk@37394 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-05-13 04:42:28 +00:00
Dominik Schilling af9f052087 HTTP: Improve detection of valid IP addresses. 
Built from https://develop.svn.wordpress.org/trunk@37115


git-svn-id: http://core.svn.wordpress.org/trunk@37082 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-03-30 15:38:26 +00:00
Pascal Birchler c73a812109 HTTP: Avoid an undefined index notice in `wp_http_validate_url()`. 
Props perezlabs.
Fixes #34164.
Built from https://develop.svn.wordpress.org/trunk@36870


git-svn-id: http://core.svn.wordpress.org/trunk@36837 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-03-06 15:55:26 +00:00
Dominik Schilling f65de8ec9f HTTP: `0.1.2.3` is not a valid IP. 
Built from https://develop.svn.wordpress.org/trunk@36435


git-svn-id: http://core.svn.wordpress.org/trunk@36402 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-02-02 12:55:29 +00:00
Sergey Biryukov f6cde8e3c5 Docs: Correct return value for `is_allowed_http_origin()`. 
Props kraftbj.
Fixes #35607.
Built from https://develop.svn.wordpress.org/trunk@36398


git-svn-id: http://core.svn.wordpress.org/trunk@36365 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-01-26 00:39:26 +00:00
Sergey Biryukov 3f35196e48 Docs: Fix copy/paste error in `wp_remote_retrieve_cookies()` description. 
Props mark8barnes.
Fixes #35157.
Built from https://develop.svn.wordpress.org/trunk@36002


git-svn-id: http://core.svn.wordpress.org/trunk@35967 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-12-18 17:23:29 +00:00
Andrew Nacin 1579e45d41 Simplify the include graph after work to split out classes. 
see #33413. More details there.

Built from https://develop.svn.wordpress.org/trunk@35718


git-svn-id: http://core.svn.wordpress.org/trunk@35682 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-11-20 07:24:30 +00:00
Scott Taylor dae5923c1d After [34953], unbreak WordPress. 
See [34930], #33982.

Built from https://develop.svn.wordpress.org/trunk@34954


git-svn-id: http://core.svn.wordpress.org/trunk@34919 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-10-08 19:29:25 +00:00
Drew Jaynes e2038f9150 Docs: Add inline DocBlocks for the `require_once()` calls that now bring in top-level HTTP API functionality and HTTP API classes. 
Classes brought in from separate files now include:
* `WP_Http`
* `WP_Http_Streams`
* `WP_Http_Curl`
* `WP_HTTP_Proxy`
* `WP_Http_Cookie`
* `WP_Http_Encoding`

See #33413. See #32246.

Built from https://develop.svn.wordpress.org/trunk@33882


git-svn-id: http://core.svn.wordpress.org/trunk@33851 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-09-03 04:36:30 +00:00
Drew Jaynes 69375b243a Docs: Clarify the file header summary for wp-includes/http.php, the top-level file for the HTTP Request API. 
See #33413. See #33701.

Built from https://develop.svn.wordpress.org/trunk@33881


git-svn-id: http://core.svn.wordpress.org/trunk@33850 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-09-03 04:36:08 +00:00
Scott Taylor 7c8c216bec HTTP: move classes into their own files, `http.php` loads the new files, so this is 100% BC if someone is loading `http.php` directly. New files created using `svn cp`. 
`class-http.php` requires functions from `http.php`, so loading it by itself wouldn't have worked.

Creates: 
`class-wp-http-cookie.php` 
`class-wp-http-curl.php` 
`class-wp-http-encoding.php` 
`class-wp-http-proxy.php` 
`class-wp-http-streams.php` 
`http-functions.php` 

`WP_Http` remains in `class-http.php`.

`http.php` contains only top-level code. Class files only contain classes. Functions file only contains functions.

See #33413.

Built from https://develop.svn.wordpress.org/trunk@33748


git-svn-id: http://core.svn.wordpress.org/trunk@33716 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-08-26 03:55:21 +00:00
Scott Taylor 19a3aacc94 Add `@static*` annotations where they are missing. 
Initialize all static vars that are not, most to `null`.

See #32444.

Built from https://develop.svn.wordpress.org/trunk@32650


git-svn-id: http://core.svn.wordpress.org/trunk@32620 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-05-29 15:43:29 +00:00
Scott Taylor 053790537f Cleanup doc blocks in `http.php`. 
In the few functions that used `$objFetchSite` instead of `$http`: use the `$http` naming, which is more civilized.

See #32444.

Built from https://develop.svn.wordpress.org/trunk@32599


git-svn-id: http://core.svn.wordpress.org/trunk@32569 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-05-25 17:32:27 +00:00
Scott Taylor a0df295f5c Improve various `@param` docs. 
See #30224.

Built from https://develop.svn.wordpress.org/trunk@30674


git-svn-id: http://core.svn.wordpress.org/trunk@30664 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-11-30 23:24:25 +00:00
Andrew Nacin a6103b30f5 Better validation of the URL used in core HTTP requests. 
Built from https://develop.svn.wordpress.org/trunk@30443


git-svn-id: http://core.svn.wordpress.org/trunk@30438 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-11-20 14:01:23 +00:00
John Blackbourn e2ff1da654 Update the docs for `wp_remote_retrieve_response_code()`. See #28887. 
Built from https://develop.svn.wordpress.org/trunk@29985


git-svn-id: http://core.svn.wordpress.org/trunk@29727 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-10-21 21:13:18 +00:00
Mark Jaquith e1f2b3b9e2 Use HTTPS URLs for trac.wordpress.org (and use core.trac.wordpress.org) 
see #27115
Built from https://develop.svn.wordpress.org/trunk@29789


git-svn-id: http://core.svn.wordpress.org/trunk@29561 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-09-29 13:37:16 +00:00
Drew Jaynes 61b8ba8461 Convert documentation for default arguments in `WP_Http::request()` to a hash notation. 
Also update corresponding docs for functions that leverage its arguments.

See #28298.

Built from https://develop.svn.wordpress.org/trunk@29230


git-svn-id: http://core.svn.wordpress.org/trunk@29014 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-07-18 22:01:15 +00:00
Scott Taylor 5e7ac8de94 Remove by-reference modifiers from arguments in `wp_remote_retrieve_*` functions. 
Props jesin.
Fixes #27687.


Built from https://develop.svn.wordpress.org/trunk@28257


git-svn-id: http://core.svn.wordpress.org/trunk@28085 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-05-05 18:46:15 +00:00
Sergey Biryukov e85c40a3f7 Avoid an undefined index notice in wp_http_validate_url(). 
props jesin.
fixes #27684.
Built from https://develop.svn.wordpress.org/trunk@27953


git-svn-id: http://core.svn.wordpress.org/trunk@27783 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2014-04-05 12:45:15 +00:00
Sergey Biryukov 74f77b85a6 Use get_current_site() instead of the $current_site global when possible. 
props jeremyfelt.
fixes #25158.
Built from https://develop.svn.wordpress.org/trunk@26120


git-svn-id: http://core.svn.wordpress.org/trunk@26032 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-11-13 03:23:10 +00:00
Sergey Biryukov b85814e48c Inline documentation for hooks in http.php. 
props tw2113.
see #25229.
Built from https://develop.svn.wordpress.org/trunk@25302


git-svn-id: http://core.svn.wordpress.org/trunk@25264 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-09-08 22:04:09 +00:00
Andrew Nacin 1ec392175c Additional checks when evaluating the safety of an HTTP request, to avoid false negatives. 
* Check if the host is considered a safe redirect host.
 * Check if the host is another domain in a multisite installation.
 * Add a filter to control this.

This only occurs when the DNS resolution of a domain points elsewhere in an internal network, but only internally (and has its own public IP outside the network). This could be considered a bad configuration.

fixes #24646.



git-svn-id: http://core.svn.wordpress.org/trunk@24915 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-07-31 06:44:57 +00:00
Andrew Nacin 3fc038fd6f Add missing documentation from [24894]. see #24646. 
git-svn-id: http://core.svn.wordpress.org/trunk@24895 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-07-30 18:39:57 +00:00
Andrew Nacin 8c7adaa7bd Introduce wp_safe_remote_request(). Also wp_safe_remote_head(), wp_safe_remote_get(), wp_safe_remote_post(). 
Reverts [24482].

see #24646.



git-svn-id: http://core.svn.wordpress.org/trunk@24894 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-07-30 15:37:01 +00:00
Andrew Nacin ca64e771da In wp_http_validate_url(), only validate the protocol in lieu of esc_url_raw(). Ensure there is a host component to the URL. fixes #24663. 
git-svn-id: http://core.svn.wordpress.org/trunk@24641 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-07-10 13:35:30 +00:00
Andrew Nacin 96ee267343 Better validation of the URL used in core HTTP requests. 
git-svn-id: http://core.svn.wordpress.org/trunk@24480 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-06-21 06:07:47 +00:00
Ryan Boren 4385abe40f Add default args list to wp_remote_request|get|post|head docblocks 
Props DrewAPicture
fixes #23838


git-svn-id: http://core.svn.wordpress.org/trunk@24250 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-05-14 14:00:19 +00:00
Ryan Boren ff07308717 Handle pre-flighted OPTIONS requests in send_origin_headers(). Props nacin. fixes #21024 
git-svn-id: http://core.svn.wordpress.org/trunk@21988 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2012-09-24 21:39:04 +00:00
Ryan Boren f483a85676 Remove unnecessary return by refs. Props wonderboymusic. fixes #21839 
git-svn-id: http://core.svn.wordpress.org/trunk@21792 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2012-09-10 17:00:11 +00:00
ryan 9c3ce86280 API for allowing cross origin resource sharing. 
* Allowed origin whitelist that can be altered by plugins
* Validation of the request origin against the whitelist
* Send Access-Control-Allow-Origin if origin allowed
* get_http_origin(), get_allowed_http_origins(), is_allowed_http_origin(), send_origin_headers()

See #20681



git-svn-id: http://core.svn.wordpress.org/trunk@20794 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2012-05-15 18:46:03 +00:00
ryan 07ff8b216b Use one space, not two, after trailing punctuation. fixes #19537 
git-svn-id: http://svn.automattic.com/wordpress/trunk@19593 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2011-12-13 23:45:31 +00:00
duck_ e4ed63fc6f Fix typos in documentation (wp-includes/[a-h]). See #18560. 
git-svn-id: http://svn.automattic.com/wordpress/trunk@18633 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2011-09-03 16:02:41 +00:00
westi a851aaa167 Typo fix props duck_ 
git-svn-id: http://svn.automattic.com/wordpress/trunk@17915 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2011-05-13 10:00:40 +00:00
westi 81cd0218ec Introduce wp_http_supports as a much less hacky replacement for the http_transport_(get|post)_debug hooks that plugins could have 
been using to detect if things like ssl requests were working.
See #17251 props mdawaffe


git-svn-id: http://svn.automattic.com/wordpress/trunk@17914 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2011-05-13 09:56:59 +00:00
ryan 1f93931d55 Always include class-http.php. see #12990 
git-svn-id: http://svn.automattic.com/wordpress/trunk@14079 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2010-04-13 21:45:57 +00:00
ryan 9ab7306993 Remove author tags. fixes #12366 
git-svn-id: http://svn.automattic.com/wordpress/trunk@13377 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2010-02-24 19:07:21 +00:00
dd32 d271b1357b Split WP_Http classes into separate file. Fixes #11559 
git-svn-id: http://svn.automattic.com/wordpress/trunk@13274 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2010-02-21 02:06:24 +00:00
ryan dbfb51c6e0 Trim trailing whites 
git-svn-id: http://svn.automattic.com/wordpress/trunk@13268 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2010-02-21 00:03:42 +00:00
dd32 0c3a3e9be5 Disable Redirection on HEAD requests. See #10624 
git-svn-id: http://svn.automattic.com/wordpress/trunk@13149 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2010-02-14 10:41:07 +00:00
markjaquith b42ea9c4ea Update the inline documentation for HTTP to reflect the true order of HTTP transports 
git-svn-id: http://svn.automattic.com/wordpress/trunk@12785 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2010-01-21 12:02:55 +00:00
dd32 45b2389358 Fix Typo in r12747, Move cURL Redirection check higher. See #11305 
git-svn-id: http://svn.automattic.com/wordpress/trunk@12749 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2010-01-17 09:31:37 +00:00
dd32 5c739a4b9c Allow WP_HTTP_Fopen to send extra headers and custom user-agents. See #11888 
git-svn-id: http://svn.automattic.com/wordpress/trunk@12748 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2010-01-17 09:03:56 +00:00
dd32 b34906e9ec Allow cURL to follow redirects when running under safe_mode or open_basedir. See #11305 
git-svn-id: http://svn.automattic.com/wordpress/trunk@12747 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2010-01-17 08:15:52 +00:00
dd32 8c109d738b Fix WP_Http_Streams to return a single set of headers in the event of redirections. Fixes #11555 
git-svn-id: http://svn.automattic.com/wordpress/trunk@12746 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2010-01-17 08:05:58 +00:00
dd32 651925fe74 Bring WP_Http_Streams maximum redirection into line with the rest of the transports. Fixes #11557 
git-svn-id: http://svn.automattic.com/wordpress/trunk@12745 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2010-01-17 08:00:41 +00:00
dd32 e85a09e8e9 Correctly set the body on Curl requests with an empty body. Add a defensive check to WP_Http_Encoding::decompress to prevent the decompression functions running on empty strings. Fixes #11912 
git-svn-id: http://svn.automattic.com/wordpress/trunk@12739 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2010-01-16 23:11:28 +00:00