From 9d5bd5f7ebb094c1daafc90cecd1fa1e0b80d716 Mon Sep 17 00:00:00 2001 From: Andrew Nacin Date: Wed, 31 Jul 2013 06:52:13 +0000 Subject: [PATCH] Use wp_safe_remote_request() and friends instead of reject_unsafe_urls = true. fixes #24646. git-svn-id: https://develop.svn.wordpress.org/trunk@24917 602fd350-edb4-49c9-b593-d223f7449a82 --- wp-admin/includes/class-wp-importer.php | 3 +-- wp-admin/includes/file.php | 2 +- wp-includes/class-feed.php | 3 +-- wp-includes/class-oembed.php | 4 ++-- wp-includes/class-wp-xmlrpc-server.php | 3 +-- wp-includes/comment.php | 7 +++---- wp-includes/functions.php | 8 +++----- wp-includes/rss.php | 2 +- 8 files changed, 13 insertions(+), 19 deletions(-) diff --git a/wp-admin/includes/class-wp-importer.php b/wp-admin/includes/class-wp-importer.php index 0268e7e6ee..b017c84fcd 100644 --- a/wp-admin/includes/class-wp-importer.php +++ b/wp-admin/includes/class-wp-importer.php @@ -183,7 +183,6 @@ class WP_Importer { $headers = array(); $args = array(); - $args['reject_unsafe_urls'] = true; if ( true === $head ) $args['method'] = 'HEAD'; if ( !empty( $username ) && !empty( $password ) ) @@ -191,7 +190,7 @@ class WP_Importer { $args['headers'] = $headers; - return wp_remote_request( $url, $args ); + return wp_safe_remote_request( $url, $args ); } /** diff --git a/wp-admin/includes/file.php b/wp-admin/includes/file.php index bb192fae84..ca424264bc 100644 --- a/wp-admin/includes/file.php +++ b/wp-admin/includes/file.php @@ -497,7 +497,7 @@ function download_url( $url, $timeout = 300 ) { if ( ! $tmpfname ) return new WP_Error('http_no_file', __('Could not create Temporary file.')); - $response = wp_remote_get( $url, array( 'timeout' => $timeout, 'stream' => true, 'filename' => $tmpfname, 'reject_unsafe_urls' => true ) ); + $response = wp_safe_remote_get( $url, array( 'timeout' => $timeout, 'stream' => true, 'filename' => $tmpfname ) ); if ( is_wp_error( $response ) ) { unlink( $tmpfname ); diff --git a/wp-includes/class-feed.php b/wp-includes/class-feed.php index 491d775e14..bdad84db6c 100644 --- a/wp-includes/class-feed.php +++ b/wp-includes/class-feed.php @@ -69,7 +69,6 @@ class WP_SimplePie_File extends SimplePie_File { $args = array( 'timeout' => $this->timeout, 'redirection' => $this->redirects, - 'reject_unsafe_urls' => true, ); if ( !empty($this->headers) ) @@ -78,7 +77,7 @@ class WP_SimplePie_File extends SimplePie_File { if ( SIMPLEPIE_USERAGENT != $this->useragent ) //Use default WP user agent unless custom has been specified $args['user-agent'] = $this->useragent; - $res = wp_remote_request($url, $args); + $res = wp_safe_remote_request($url, $args); if ( is_wp_error($res) ) { $this->error = 'WP HTTP Error: ' . $res->get_error_message(); diff --git a/wp-includes/class-oembed.php b/wp-includes/class-oembed.php index 36f5d71ef3..a880448db3 100644 --- a/wp-includes/class-oembed.php +++ b/wp-includes/class-oembed.php @@ -113,7 +113,7 @@ class WP_oEmbed { $providers = array(); // Fetch URL content - if ( $html = wp_remote_retrieve_body( wp_remote_get( $url, array( 'reject_unsafe_urls' => true ) ) ) ) { + if ( $html = wp_remote_retrieve_body( wp_safe_remote_get( $url ) ) ) { // types that contain oEmbed provider URLs $linktypes = apply_filters( 'oembed_linktypes', array( @@ -195,7 +195,7 @@ class WP_oEmbed { */ function _fetch_with_format( $provider_url_with_args, $format ) { $provider_url_with_args = add_query_arg( 'format', $format, $provider_url_with_args ); - $response = wp_remote_get( $provider_url_with_args, array( 'reject_unsafe_urls' => true ) ); + $response = wp_safe_remote_get( $provider_url_with_args ); if ( 501 == wp_remote_retrieve_response_code( $response ) ) return new WP_Error( 'not-implemented' ); if ( ! $body = wp_remote_retrieve_body( $response ) ) diff --git a/wp-includes/class-wp-xmlrpc-server.php b/wp-includes/class-wp-xmlrpc-server.php index 90b4a9cb50..922e0284a4 100644 --- a/wp-includes/class-wp-xmlrpc-server.php +++ b/wp-includes/class-wp-xmlrpc-server.php @@ -5392,10 +5392,9 @@ class wp_xmlrpc_server extends IXR_Server { $http_api_args = array( 'timeout' => 10, 'redirection' => 0, - 'reject_unsafe_urls' => true, 'limit_response_size' => 153600, // 150 KB ); - $linea = wp_remote_retrieve_body( wp_remote_get( $pagelinkedfrom, $http_api_args ) ); + $linea = wp_remote_retrieve_body( wp_safe_remote_get( $pagelinkedfrom, $http_api_args ) ); if ( !$linea ) return $this->pingback_error( 16, __( 'The source URL does not exist.' ) ); diff --git a/wp-includes/comment.php b/wp-includes/comment.php index d3d8db6486..4d4c9bc496 100644 --- a/wp-includes/comment.php +++ b/wp-includes/comment.php @@ -1658,7 +1658,7 @@ function discover_pingback_server_uri( $url, $deprecated = '' ) { if ( 0 === strpos($url, $uploads_dir['baseurl']) ) return false; - $response = wp_remote_head( $url, array( 'timeout' => 2, 'httpversion' => '1.0', 'reject_unsafe_urls' => true ) ); + $response = wp_safe_remote_head( $url, array( 'timeout' => 2, 'httpversion' => '1.0' ) ); if ( is_wp_error( $response ) ) return false; @@ -1671,7 +1671,7 @@ function discover_pingback_server_uri( $url, $deprecated = '' ) { return false; // Now do a GET since we're going to look in the html headers (and we're sure it's not a binary file) - $response = wp_remote_get( $url, array( 'timeout' => 2, 'httpversion' => '1.0', 'reject_unsafe_urls' => true ) ); + $response = wp_safe_remote_get( $url, array( 'timeout' => 2, 'httpversion' => '1.0' ) ); if ( is_wp_error( $response ) ) return false; @@ -1906,7 +1906,6 @@ function trackback($trackback_url, $title, $excerpt, $ID) { $options = array(); $options['timeout'] = 4; - $options['reject_unsafe_urls'] = true; $options['body'] = array( 'title' => $title, 'url' => get_permalink($ID), @@ -1914,7 +1913,7 @@ function trackback($trackback_url, $title, $excerpt, $ID) { 'excerpt' => $excerpt ); - $response = wp_remote_post($trackback_url, $options); + $response = wp_safe_remote_post( $trackback_url, $options ); if ( is_wp_error( $response ) ) return; diff --git a/wp-includes/functions.php b/wp-includes/functions.php index 6d37ede25d..869da31b09 100644 --- a/wp-includes/functions.php +++ b/wp-includes/functions.php @@ -496,14 +496,13 @@ function wp_get_http( $url, $file_path = false, $red = 1 ) { $options = array(); $options['redirection'] = 5; - $options['reject_unsafe_urls'] = true; if ( false == $file_path ) $options['method'] = 'HEAD'; else $options['method'] = 'GET'; - $response = wp_remote_request($url, $options); + $response = wp_safe_remote_request( $url, $options ); if ( is_wp_error( $response ) ) return false; @@ -544,7 +543,7 @@ function wp_get_http_headers( $url, $deprecated = false ) { if ( !empty( $deprecated ) ) _deprecated_argument( __FUNCTION__, '2.7' ); - $response = wp_remote_head( $url, array( 'reject_unsafe_urls' => true ) ); + $response = wp_safe_remote_head( $url ); if ( is_wp_error( $response ) ) return false; @@ -759,9 +758,8 @@ function wp_remote_fopen( $uri ) { $options = array(); $options['timeout'] = 10; - $options['reject_unsafe_urls'] = true; - $response = wp_remote_get( $uri, $options ); + $response = wp_safe_remote_get( $uri, $options ); if ( is_wp_error( $response ) ) return false; diff --git a/wp-includes/rss.php b/wp-includes/rss.php index d064020c0c..cd08ec99e6 100644 --- a/wp-includes/rss.php +++ b/wp-includes/rss.php @@ -536,7 +536,7 @@ endif; * @return Snoopy style response */ function _fetch_remote_file($url, $headers = "" ) { - $resp = wp_remote_request($url, array('headers' => $headers, 'timeout' => MAGPIE_FETCH_TIME_OUT, 'reject_unsafe_urls' => true )); + $resp = wp_safe_remote_request( $url, array( 'headers' => $headers, 'timeout' => MAGPIE_FETCH_TIME_OUT ) ); if ( is_wp_error($resp) ) { $error = array_shift($resp->errors);