From 7e49f103beec24ddf17cf559107dcf62c66af554 Mon Sep 17 00:00:00 2001 From: Dominik Schilling Date: Wed, 27 Jul 2016 15:52:28 +0000 Subject: [PATCH] HTTP API: All non-GET/HEAD requests should put the arguments in the form body. Requests defaults to _GET/query for HEAD/GET/DELETE and _POST/body for POST/PUT/OPTIONS/PATCH. For backward compatibility `WP_HTTP` needs to force `data_format` to 'body' for all non-GET/HEAD requests. Props dd32. Fixes #37456. Built from https://develop.svn.wordpress.org/trunk@38165 git-svn-id: http://core.svn.wordpress.org/trunk@38106 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/class-http.php | 11 +++++++---- wp-includes/version.php | 2 +- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/wp-includes/class-http.php b/wp-includes/class-http.php index 173566d464..e9ff205142 100644 --- a/wp-includes/class-http.php +++ b/wp-includes/class-http.php @@ -315,8 +315,7 @@ class WP_Http { } if ( empty( $r['redirection'] ) ) { $options['follow_redirects'] = false; - } - else { + } else { $options['redirects'] = $r['redirection']; } @@ -333,11 +332,15 @@ class WP_Http { // SSL certificate handling if ( ! $r['sslverify'] ) { $options['verify'] = false; - } - else { + } else { $options['verify'] = $r['sslcertificates']; } + // All non-GET/HEAD requests should put the arguments in the form body. + if ( 'HEAD' !== $type && 'GET' !== $type ) { + $options['data_format'] = 'body'; + } + /** * Filters whether SSL should be verified for non-local requests. * diff --git a/wp-includes/version.php b/wp-includes/version.php index fc9b7d1d7f..a187c70f8f 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -4,7 +4,7 @@ * * @global string $wp_version */ -$wp_version = '4.6-beta4-38164'; +$wp_version = '4.6-beta4-38165'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.