whyisjake
20821b59c0
Backporting several bug fixes.
...
- Query: Remove the static query property.
- HTTP API: Protect against hex interpretation.
- Filesystem API: Prevent directory travelersals when creating new folders.
- Administration: Ensure that admin referer nonce is valid.
- REST API: Send a Vary: Origin header on GET requests.
Backports [46474], [46475], [46476], [46477], [46478], [46483], [46485] to the 4.8 branch.
Built from https://develop.svn.wordpress.org/branches/4.8@46494
git-svn-id: http://core.svn.wordpress.org/branches/4.8@46291 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-14 18:45:23 +00:00
Dominik Schilling
54e04cd70e
HTTP: Don't treat localhost
as same host by default.
...
Merge of [42894] to the 4.8 branch.
Built from https://develop.svn.wordpress.org/branches/4.8@42909
git-svn-id: http://core.svn.wordpress.org/branches/4.8@42739 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-03 15:36:15 +00:00
Sergey Biryukov
9f4bbcdb78
Docs: Fix typo in wp_parse_url()
and _get_component_from_parsed_url_array()
docblocks.
...
Props naomicbush.
Fixes #40190 .
Built from https://develop.svn.wordpress.org/trunk@40299
git-svn-id: http://core.svn.wordpress.org/trunk@40206 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-17 19:02:40 +00:00
Jeremy Felt
1560fbcbc5
Multisite: Use get_network()
and get_current_network_id()
for current network data.
...
`get_network()` falls back to the current network when called without any arguments. Between this and `get_current_network_id()`, we can replace almost all instances of the global `$current_site` and all instances of `get_current_site()`.
This effectively deprecates `get_current_site()`, something that we'll do in a future ticket.
Props flixos90.
Fixes #37414 .
Built from https://develop.svn.wordpress.org/trunk@38814
git-svn-id: http://core.svn.wordpress.org/trunk@38757 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-19 04:47:30 +00:00
Dion Hulse
93f7f904ec
HTTP: Document that the return value of wp_remote_retrieve_headers()
changed from a simple array to an object which implements ArrayAccess.
...
Props mrahmadawais, sudar, swissspidy.
Fixes #37722
Built from https://develop.svn.wordpress.org/trunk@38730
git-svn-id: http://core.svn.wordpress.org/trunk@38673 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-05 03:51:28 +00:00
Peter Wilson
7a52a3aac7
HTTP API: Simplify wp_parse_url()
to ensure consistent results.
...
[38694] revealed some URL formats were been parsed incorrectly, including those used by Google Fonts. This change simplifies the function to use placeholder values which cause PHP's parsing to behave consistently.
Props jrf, peterwilsoncc.
Fixes #36356 .
Built from https://develop.svn.wordpress.org/trunk@38726
git-svn-id: http://core.svn.wordpress.org/trunk@38669 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-04 20:33:29 +00:00
John Blackbourn
a51267269b
HTTP API: Add a $component
parameter to wp_parse_url()
to give it parity with PHP's parse_url()
function.
...
Fixes #36356
Props jrf
Built from https://develop.svn.wordpress.org/trunk@38694
git-svn-id: http://core.svn.wordpress.org/trunk@38637 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-30 21:47:28 +00:00
John Blackbourn
049c36d11f
HTTP API: Revert changes to wp_parse_url()
while PHP 5.2 errors are investigated.
...
See #36356
Built from https://develop.svn.wordpress.org/trunk@38456
git-svn-id: http://core.svn.wordpress.org/trunk@38397 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-31 00:24:31 +00:00
John Blackbourn
ebe159a4bc
HTTP API: Prevent a fatal error on PHP < 5.4.7 due to changes introduced in [38449].
...
Fixes #36356
Built from https://develop.svn.wordpress.org/trunk@38450
git-svn-id: http://core.svn.wordpress.org/trunk@38391 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-30 17:16:30 +00:00
John Blackbourn
4fd9ad1ce2
HTTP API: Add a $component
parameter to wp_parse_url()
to give it parity with PHP's parse_url()
function.
...
Fixes #36356
Props jrf
Built from https://develop.svn.wordpress.org/trunk@38449
git-svn-id: http://core.svn.wordpress.org/trunk@38390 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-30 16:36:28 +00:00
Drew Jaynes
d28f1a08ef
Docs: Apply inline @see
tags to hooks referenced in DocBlocks in a variety of wp-includes/* files.
...
Applying these specially-crafted `@see` tags allows the Code Reference parser to recognize and link these elements as actions and filters.
See #36921 .
Built from https://develop.svn.wordpress.org/trunk@37543
git-svn-id: http://core.svn.wordpress.org/trunk@37511 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-23 19:01:27 +00:00
Ryan McCue
37f6e6813a
HTTP API: Replace internals with Requests library.
...
Requests is a library very similar to WP_HTTP, with a high level of unit test coverage, and has a common lineage and development team. It also supports parallel requests.
See #33055 .
Built from https://develop.svn.wordpress.org/trunk@37428
git-svn-id: http://core.svn.wordpress.org/trunk@37394 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-13 04:42:28 +00:00
Dominik Schilling
af9f052087
HTTP: Improve detection of valid IP addresses.
...
Built from https://develop.svn.wordpress.org/trunk@37115
git-svn-id: http://core.svn.wordpress.org/trunk@37082 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-30 15:38:26 +00:00
Pascal Birchler
c73a812109
HTTP: Avoid an undefined index notice in wp_http_validate_url()
.
...
Props perezlabs.
Fixes #34164 .
Built from https://develop.svn.wordpress.org/trunk@36870
git-svn-id: http://core.svn.wordpress.org/trunk@36837 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-06 15:55:26 +00:00
Dominik Schilling
f65de8ec9f
HTTP: 0.1.2.3
is not a valid IP.
...
Built from https://develop.svn.wordpress.org/trunk@36435
git-svn-id: http://core.svn.wordpress.org/trunk@36402 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-02 12:55:29 +00:00
Sergey Biryukov
f6cde8e3c5
Docs: Correct return value for is_allowed_http_origin()
.
...
Props kraftbj.
Fixes #35607 .
Built from https://develop.svn.wordpress.org/trunk@36398
git-svn-id: http://core.svn.wordpress.org/trunk@36365 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-26 00:39:26 +00:00
Sergey Biryukov
3f35196e48
Docs: Fix copy/paste error in wp_remote_retrieve_cookies()
description.
...
Props mark8barnes.
Fixes #35157 .
Built from https://develop.svn.wordpress.org/trunk@36002
git-svn-id: http://core.svn.wordpress.org/trunk@35967 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-18 17:23:29 +00:00
Andrew Nacin
1579e45d41
Simplify the include graph after work to split out classes.
...
see #33413 . More details there.
Built from https://develop.svn.wordpress.org/trunk@35718
git-svn-id: http://core.svn.wordpress.org/trunk@35682 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-20 07:24:30 +00:00
Scott Taylor
dae5923c1d
After [34953], unbreak WordPress.
...
See [34930], #33982 .
Built from https://develop.svn.wordpress.org/trunk@34954
git-svn-id: http://core.svn.wordpress.org/trunk@34919 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-08 19:29:25 +00:00
Drew Jaynes
e2038f9150
Docs: Add inline DocBlocks for the require_once()
calls that now bring in top-level HTTP API functionality and HTTP API classes.
...
Classes brought in from separate files now include:
* `WP_Http`
* `WP_Http_Streams`
* `WP_Http_Curl`
* `WP_HTTP_Proxy`
* `WP_Http_Cookie`
* `WP_Http_Encoding`
See #33413 . See #32246 .
Built from https://develop.svn.wordpress.org/trunk@33882
git-svn-id: http://core.svn.wordpress.org/trunk@33851 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-03 04:36:30 +00:00
Drew Jaynes
69375b243a
Docs: Clarify the file header summary for wp-includes/http.php, the top-level file for the HTTP Request API.
...
See #33413 . See #33701 .
Built from https://develop.svn.wordpress.org/trunk@33881
git-svn-id: http://core.svn.wordpress.org/trunk@33850 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-03 04:36:08 +00:00
Scott Taylor
7c8c216bec
HTTP: move classes into their own files, http.php
loads the new files, so this is 100% BC if someone is loading http.php
directly. New files created using svn cp
.
...
`class-http.php` requires functions from `http.php`, so loading it by itself wouldn't have worked.
Creates:
`class-wp-http-cookie.php`
`class-wp-http-curl.php`
`class-wp-http-encoding.php`
`class-wp-http-proxy.php`
`class-wp-http-streams.php`
`http-functions.php`
`WP_Http` remains in `class-http.php`.
`http.php` contains only top-level code. Class files only contain classes. Functions file only contains functions.
See #33413 .
Built from https://develop.svn.wordpress.org/trunk@33748
git-svn-id: http://core.svn.wordpress.org/trunk@33716 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-26 03:55:21 +00:00
Scott Taylor
19a3aacc94
Add @static*
annotations where they are missing.
...
Initialize all static vars that are not, most to `null`.
See #32444 .
Built from https://develop.svn.wordpress.org/trunk@32650
git-svn-id: http://core.svn.wordpress.org/trunk@32620 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-29 15:43:29 +00:00
Scott Taylor
053790537f
Cleanup doc blocks in http.php
.
...
In the few functions that used `$objFetchSite` instead of `$http`: use the `$http` naming, which is more civilized.
See #32444 .
Built from https://develop.svn.wordpress.org/trunk@32599
git-svn-id: http://core.svn.wordpress.org/trunk@32569 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-25 17:32:27 +00:00
Scott Taylor
a0df295f5c
Improve various @param
docs.
...
See #30224 .
Built from https://develop.svn.wordpress.org/trunk@30674
git-svn-id: http://core.svn.wordpress.org/trunk@30664 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-30 23:24:25 +00:00
Andrew Nacin
a6103b30f5
Better validation of the URL used in core HTTP requests.
...
Built from https://develop.svn.wordpress.org/trunk@30443
git-svn-id: http://core.svn.wordpress.org/trunk@30438 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-20 14:01:23 +00:00
John Blackbourn
e2ff1da654
Update the docs for wp_remote_retrieve_response_code()
. See #28887 .
...
Built from https://develop.svn.wordpress.org/trunk@29985
git-svn-id: http://core.svn.wordpress.org/trunk@29727 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-21 21:13:18 +00:00
Mark Jaquith
e1f2b3b9e2
Use HTTPS URLs for trac.wordpress.org (and use core.trac.wordpress.org)
...
see #27115
Built from https://develop.svn.wordpress.org/trunk@29789
git-svn-id: http://core.svn.wordpress.org/trunk@29561 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-09-29 13:37:16 +00:00
Drew Jaynes
61b8ba8461
Convert documentation for default arguments in WP_Http::request()
to a hash notation.
...
Also update corresponding docs for functions that leverage its arguments.
See #28298 .
Built from https://develop.svn.wordpress.org/trunk@29230
git-svn-id: http://core.svn.wordpress.org/trunk@29014 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-18 22:01:15 +00:00
Scott Taylor
5e7ac8de94
Remove by-reference modifiers from arguments in wp_remote_retrieve_*
functions.
...
Props jesin.
Fixes #27687 .
Built from https://develop.svn.wordpress.org/trunk@28257
git-svn-id: http://core.svn.wordpress.org/trunk@28085 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-05 18:46:15 +00:00
Sergey Biryukov
e85c40a3f7
Avoid an undefined index notice in wp_http_validate_url().
...
props jesin.
fixes #27684 .
Built from https://develop.svn.wordpress.org/trunk@27953
git-svn-id: http://core.svn.wordpress.org/trunk@27783 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-04-05 12:45:15 +00:00
Sergey Biryukov
74f77b85a6
Use get_current_site() instead of the $current_site global when possible.
...
props jeremyfelt.
fixes #25158 .
Built from https://develop.svn.wordpress.org/trunk@26120
git-svn-id: http://core.svn.wordpress.org/trunk@26032 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-11-13 03:23:10 +00:00
Sergey Biryukov
b85814e48c
Inline documentation for hooks in http.php.
...
props tw2113.
see #25229 .
Built from https://develop.svn.wordpress.org/trunk@25302
git-svn-id: http://core.svn.wordpress.org/trunk@25264 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-08 22:04:09 +00:00
Andrew Nacin
1ec392175c
Additional checks when evaluating the safety of an HTTP request, to avoid false negatives.
...
* Check if the host is considered a safe redirect host.
* Check if the host is another domain in a multisite installation.
* Add a filter to control this.
This only occurs when the DNS resolution of a domain points elsewhere in an internal network, but only internally (and has its own public IP outside the network). This could be considered a bad configuration.
fixes #24646 .
git-svn-id: http://core.svn.wordpress.org/trunk@24915 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-31 06:44:57 +00:00
Andrew Nacin
3fc038fd6f
Add missing documentation from [24894]. see #24646 .
...
git-svn-id: http://core.svn.wordpress.org/trunk@24895 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-30 18:39:57 +00:00
Andrew Nacin
8c7adaa7bd
Introduce wp_safe_remote_request(). Also wp_safe_remote_head(), wp_safe_remote_get(), wp_safe_remote_post().
...
Reverts [24482].
see #24646 .
git-svn-id: http://core.svn.wordpress.org/trunk@24894 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-30 15:37:01 +00:00
Andrew Nacin
ca64e771da
In wp_http_validate_url(), only validate the protocol in lieu of esc_url_raw(). Ensure there is a host component to the URL. fixes #24663 .
...
git-svn-id: http://core.svn.wordpress.org/trunk@24641 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-10 13:35:30 +00:00
Andrew Nacin
96ee267343
Better validation of the URL used in core HTTP requests.
...
git-svn-id: http://core.svn.wordpress.org/trunk@24480 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-06-21 06:07:47 +00:00
Ryan Boren
4385abe40f
Add default args list to wp_remote_request|get|post|head docblocks
...
Props DrewAPicture
fixes #23838
git-svn-id: http://core.svn.wordpress.org/trunk@24250 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-05-14 14:00:19 +00:00
Ryan Boren
ff07308717
Handle pre-flighted OPTIONS requests in send_origin_headers(). Props nacin. fixes #21024
...
git-svn-id: http://core.svn.wordpress.org/trunk@21988 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-24 21:39:04 +00:00
Ryan Boren
f483a85676
Remove unnecessary return by refs. Props wonderboymusic. fixes #21839
...
git-svn-id: http://core.svn.wordpress.org/trunk@21792 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-10 17:00:11 +00:00
ryan
9c3ce86280
API for allowing cross origin resource sharing.
...
* Allowed origin whitelist that can be altered by plugins
* Validation of the request origin against the whitelist
* Send Access-Control-Allow-Origin if origin allowed
* get_http_origin(), get_allowed_http_origins(), is_allowed_http_origin(), send_origin_headers()
See #20681
git-svn-id: http://core.svn.wordpress.org/trunk@20794 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-05-15 18:46:03 +00:00
ryan
07ff8b216b
Use one space, not two, after trailing punctuation. fixes #19537
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@19593 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-12-13 23:45:31 +00:00
duck_
e4ed63fc6f
Fix typos in documentation (wp-includes/[a-h]). See #18560 .
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@18633 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-09-03 16:02:41 +00:00
westi
a851aaa167
Typo fix props duck_
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@17915 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-05-13 10:00:40 +00:00
westi
81cd0218ec
Introduce wp_http_supports as a much less hacky replacement for the http_transport_(get|post)_debug hooks that plugins could have
...
been using to detect if things like ssl requests were working.
See #17251 props mdawaffe
git-svn-id: http://svn.automattic.com/wordpress/trunk@17914 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-05-13 09:56:59 +00:00
ryan
1f93931d55
Always include class-http.php. see #12990
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@14079 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-04-13 21:45:57 +00:00
ryan
9ab7306993
Remove author tags. fixes #12366
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@13377 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-02-24 19:07:21 +00:00
dd32
d271b1357b
Split WP_Http classes into separate file. Fixes #11559
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@13274 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-02-21 02:06:24 +00:00
ryan
dbfb51c6e0
Trim trailing whites
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@13268 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-02-21 00:03:42 +00:00