From 4d089ce55b5cf49eadbb747c4692b99cb952bdd5 Mon Sep 17 00:00:00 2001 From: Dion Hulse Date: Wed, 5 Oct 2016 03:27:31 +0000 Subject: [PATCH] HTTP: Update Requests to master (0048f3c) which fixes a number of outstanding issues. Merges [38727] to the 4.6 branch. Fixes #38070, #37733 by reverting part of [38429] and using the fix in Requests. Fixes #37992 allowing for connecting to SSL resources on ports other than 443. Fixes #37991 by not sending default ports in the `Host:` header. Fixes #37839 to match and decode Chunked responses correctly. Fixes #38232 allowing a SSL connection to ignore the hostname of the certificate when verification is disabled. Built from https://develop.svn.wordpress.org/branches/4.6@38728 git-svn-id: http://core.svn.wordpress.org/branches/4.6@38671 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/Requests/IRI.php | 5 +---- wp-includes/Requests/Transport/cURL.php | 7 ++++--- wp-includes/Requests/Transport/fsockopen.php | 7 +++++-- wp-includes/class-http.php | 4 +--- wp-includes/class-requests.php | 6 ++++-- wp-includes/version.php | 2 +- 6 files changed, 16 insertions(+), 15 deletions(-) diff --git a/wp-includes/Requests/IRI.php b/wp-includes/Requests/IRI.php index 44a95171b7..8dc2fa2841 100644 --- a/wp-includes/Requests/IRI.php +++ b/wp-includes/Requests/IRI.php @@ -688,10 +688,7 @@ class Requests_IRI { $isauthority = $this->iuserinfo !== null || $this->ihost !== null || $this->port !== null; if ($this->ipath !== '' && ( - $isauthority && ( - $this->ipath[0] !== '/' || - substr($this->ipath, 0, 2) === '//' - ) || + $isauthority && $this->ipath[0] !== '/' || ( $this->scheme === null && !$isauthority && diff --git a/wp-includes/Requests/Transport/cURL.php b/wp-includes/Requests/Transport/cURL.php index 7979b2eba0..4429edb647 100644 --- a/wp-includes/Requests/Transport/cURL.php +++ b/wp-includes/Requests/Transport/cURL.php @@ -375,8 +375,9 @@ class Requests_Transport_cURL implements Requests_Transport { curl_setopt($this->handle, CURLOPT_URL, $url); curl_setopt($this->handle, CURLOPT_REFERER, $url); curl_setopt($this->handle, CURLOPT_USERAGENT, $options['useragent']); - curl_setopt($this->handle, CURLOPT_HTTPHEADER, $headers); - + if (!empty($headers)) { + curl_setopt($this->handle, CURLOPT_HTTPHEADER, $headers); + } if ($options['protocol_version'] === 1.1) { curl_setopt($this->handle, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1); } @@ -458,7 +459,7 @@ class Requests_Transport_cURL implements Requests_Transport { * @param string $data Body data * @return integer Length of provided data */ - protected function stream_body($handle, $data) { + public function stream_body($handle, $data) { $this->hooks->dispatch('request.progress', array($data, $this->response_bytes, $this->response_byte_limit)); $data_length = strlen($data); diff --git a/wp-includes/Requests/Transport/fsockopen.php b/wp-includes/Requests/Transport/fsockopen.php index e9170f417c..21cb56d5ec 100644 --- a/wp-includes/Requests/Transport/fsockopen.php +++ b/wp-includes/Requests/Transport/fsockopen.php @@ -70,7 +70,9 @@ class Requests_Transport_fsockopen implements Requests_Transport { // HTTPS support if (isset($url_parts['scheme']) && strtolower($url_parts['scheme']) === 'https') { $remote_socket = 'ssl://' . $host; - $url_parts['port'] = 443; + if (!isset($url_parts['port'])) { + $url_parts['port'] = 443; + } $context_options = array( 'verify_peer' => true, @@ -97,6 +99,7 @@ class Requests_Transport_fsockopen implements Requests_Transport { } if (isset($options['verifyname']) && $options['verifyname'] === false) { + $context_options['verify_peer_name'] = false; $verifyname = false; } @@ -171,7 +174,7 @@ class Requests_Transport_fsockopen implements Requests_Transport { if (!isset($case_insensitive_headers['Host'])) { $out .= sprintf('Host: %s', $url_parts['host']); - if ($url_parts['port'] !== 80) { + if (( 'http' === strtolower($url_parts['scheme']) && $url_parts['port'] !== 80 ) || ( 'https' === strtolower($url_parts['scheme']) && $url_parts['port'] !== 443 )) { $out .= ':' . $url_parts['port']; } $out .= "\r\n"; diff --git a/wp-includes/class-http.php b/wp-includes/class-http.php index c0272ba487..914aa213f4 100644 --- a/wp-includes/class-http.php +++ b/wp-includes/class-http.php @@ -332,6 +332,7 @@ class WP_Http { // SSL certificate handling if ( ! $r['sslverify'] ) { $options['verify'] = false; + $options['verifyname'] = false; } else { $options['verify'] = $r['sslcertificates']; } @@ -362,9 +363,6 @@ class WP_Http { } } - // Work around a bug in Requests when the path starts with // See https://github.com/rmccue/Requests/issues/231 - $url = preg_replace( '!^(\w+://[^/]+)//(.*)$!i', '$1/$2', $url ); - try { $requests_response = Requests::request( $url, $headers, $data, $type, $options ); diff --git a/wp-includes/class-requests.php b/wp-includes/class-requests.php index 5a6257a8ac..bb266189c1 100644 --- a/wp-includes/class-requests.php +++ b/wp-includes/class-requests.php @@ -749,15 +749,17 @@ class Requests { * @return string Decoded body */ protected static function decode_chunked($data) { - if (!preg_match('/^([0-9a-f]+)[^\r\n]*\r\n/i', trim($data))) { + if (!preg_match('/^([0-9a-f]+)(?:;(?:[\w-]*)(?:=(?:(?:[\w-]*)*|"(?:[^\r\n])*"))?)*\r\n/i', trim($data))) { return $data; } + + $decoded = ''; $encoded = $data; while (true) { - $is_chunked = (bool) preg_match('/^([0-9a-f]+)[^\r\n]*\r\n/i', $encoded, $matches); + $is_chunked = (bool) preg_match('/^([0-9a-f]+)(?:;(?:[\w-]*)(?:=(?:(?:[\w-]*)*|"(?:[^\r\n])*"))?)*\r\n/i', $encoded, $matches); if (!$is_chunked) { // Looks like it's not chunked after all return $data; diff --git a/wp-includes/version.php b/wp-includes/version.php index 5c99377ed8..65694c6f9a 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -4,7 +4,7 @@ * * @global string $wp_version */ -$wp_version = '4.6.2-alpha-38615'; +$wp_version = '4.6.2-alpha-38728'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.