Restrict wp_remote_fopen to remote files.

git-svn-id: https://develop.svn.wordpress.org/trunk@4752 602fd350-edb4-49c9-b593-d223f7449a82

wp-includes/functions.php

@@ -774,10 +774,21 @@ function add_magic_quotes($array) {
 }
 
 function wp_remote_fopen( $uri ) {
+	$timeout = 10;
+	$parsed_url = @parse_url($uri);
+
+	if ( !$parsed_url || !is_array($parsed_url) )
+		return false;
+
+	if ( !isset($parsed_url['scheme']) || !in_array($parsed_url['scheme'], array('http','https')) )
+		$uri = 'http://' . $uri;
+
 	if ( ini_get('allow_url_fopen') ) {
 		$fp = @fopen( $uri, 'r' );
 		if ( !$fp )
 			return false;
+
+		//stream_set_timeout($fp, $timeout); // Requires php 4.3
 		$linea = '';
 		while( $remote_read = fread($fp, 4096) )
 			$linea .= $remote_read;
@@ -788,6 +799,7 @@ function wp_remote_fopen( $uri ) {
 		curl_setopt ($handle, CURLOPT_URL, $uri);
 		curl_setopt ($handle, CURLOPT_CONNECTTIMEOUT, 1);
 		curl_setopt ($handle, CURLOPT_RETURNTRANSFER, 1);
+		curl_setopt ($handle, CURLOPT_TIMEOUT, $timeout);
 		$buffer = curl_exec($handle);
 		curl_close($handle);
 		return $buffer;