diff --git a/wp-includes/class-snoopy.php b/wp-includes/class-snoopy.php index e08e732157..7b3940669f 100644 --- a/wp-includes/class-snoopy.php +++ b/wp-includes/class-snoopy.php @@ -999,20 +999,23 @@ class Snoopy if(!empty($this->user) || !empty($this->pass)) $headers[] = "Authorization: BASIC ".base64_encode($this->user.":".$this->pass); - for($curr_header = 0; $curr_header < count($headers); $curr_header++) { - $safer_header = strtr( $headers[$curr_header], "\"", " " ); - $cmdline_params .= " -H \"".$safer_header."\""; + $headerfile = tempnam( $this->temp_dir, "sno" ); + $cmdline_params = '-k -D ' . escapeshellarg( $headerfile ); + + foreach ( $headers as $header ) { + $cmdline_params .= ' -H ' . escapeshellarg( $header ); } - if(!empty($body)) - $cmdline_params .= " -d \"$body\""; + if ( ! empty( $body ) ) { + $cmdline_params .= ' -d ' . escapeshellarg( $body ); + } - if($this->read_timeout > 0) - $cmdline_params .= " -m ".$this->read_timeout; + if ( $this->read_timeout > 0 ) { + $cmdline_params .= ' -m ' . escapeshellarg( $this->read_timeout ); + } - $headerfile = tempnam($this->temp_dir, "sno"); - exec($this->curl_path." -k -D \"$headerfile\"".$cmdline_params." \"".escapeshellcmd($URI)."\"",$results,$return); + exec( $this->curl_path . ' ' . $cmdline_params . ' ' . escapeshellarg( $URI ), $results, $return ); if($return) { diff --git a/wp-includes/version.php b/wp-includes/version.php index 359ca8e493..2432ac804a 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -4,7 +4,7 @@ * * @global string $wp_version */ -$wp_version = '4.5-RC1-37092'; +$wp_version = '4.5-RC1-37094'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.