Fix syntax for single- and multi-line comments in wp-includes/class-http.php.

See #28943 and #28931.

Built from https://develop.svn.wordpress.org/trunk@29229


git-svn-id: http://core.svn.wordpress.org/trunk@29013 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Drew Jaynes 2014-07-18 21:47:15 +00:00
parent c11836174c
commit f35e168f39
1 changed files with 118 additions and 82 deletions

View File

@ -177,11 +177,13 @@ class WP_Http {
if ( $this->block_request( $url ) ) if ( $this->block_request( $url ) )
return new WP_Error( 'http_request_failed', __( 'User has blocked requests through HTTP.' ) ); return new WP_Error( 'http_request_failed', __( 'User has blocked requests through HTTP.' ) );
// Determine if this is a https call and pass that on to the transport functions /*
// so that we can blacklist the transports that do not support ssl verification * Determine if this is a https call and pass that on to the transport functions
* so that we can blacklist the transports that do not support ssl verification
*/
$r['ssl'] = $arrURL['scheme'] == 'https' || $arrURL['scheme'] == 'ssl'; $r['ssl'] = $arrURL['scheme'] == 'https' || $arrURL['scheme'] == 'ssl';
// Determine if this request is to OUR install of WordPress // Determine if this request is to OUR install of WordPress.
$homeURL = parse_url( get_bloginfo( 'url' ) ); $homeURL = parse_url( get_bloginfo( 'url' ) );
if ( isset( $homeURL['host'] ) ) { if ( isset( $homeURL['host'] ) ) {
$r['local'] = ( $homeURL['host'] == $arrURL['host'] || 'localhost' == $arrURL['host'] ); $r['local'] = ( $homeURL['host'] == $arrURL['host'] || 'localhost' == $arrURL['host'] );
@ -190,12 +192,17 @@ class WP_Http {
} }
unset( $homeURL ); unset( $homeURL );
// If we are streaming to a file but no filename was given drop it in the WP temp dir /*
// and pick its name using the basename of the $url * If we are streaming to a file but no filename was given drop it in the WP temp dir
* and pick its name using the basename of the $url.
*/
if ( $r['stream'] && empty( $r['filename'] ) ) if ( $r['stream'] && empty( $r['filename'] ) )
$r['filename'] = get_temp_dir() . basename( $url ); $r['filename'] = get_temp_dir() . basename( $url );
// Force some settings if we are streaming to a file and check for existence and perms of destination directory /*
* Force some settings if we are streaming to a file and check for existence and perms
* of destination directory.
*/
if ( $r['stream'] ) { if ( $r['stream'] ) {
$r['blocking'] = true; $r['blocking'] = true;
if ( ! wp_is_writable( dirname( $r['filename'] ) ) ) if ( ! wp_is_writable( dirname( $r['filename'] ) ) )
@ -224,10 +231,10 @@ class WP_Http {
$r['headers']['connection'] = 'close'; $r['headers']['connection'] = 'close';
} }
// Construct Cookie: header if any cookies are set // Construct Cookie: header if any cookies are set.
WP_Http::buildCookieHeader( $r ); WP_Http::buildCookieHeader( $r );
// Avoid issues where mbstring.func_overload is enabled // Avoid issues where mbstring.func_overload is enabled.
mbstring_binary_safe_encoding(); mbstring_binary_safe_encoding();
if ( ! isset( $r['headers']['Accept-Encoding'] ) ) { if ( ! isset( $r['headers']['Accept-Encoding'] ) ) {
@ -294,11 +301,11 @@ class WP_Http {
*/ */
$request_order = apply_filters( 'http_api_transports', array( 'curl', 'streams' ), $args, $url ); $request_order = apply_filters( 'http_api_transports', array( 'curl', 'streams' ), $args, $url );
// Loop over each transport on each HTTP request looking for one which will serve this request's needs // Loop over each transport on each HTTP request looking for one which will serve this request's needs.
foreach ( $request_order as $transport ) { foreach ( $request_order as $transport ) {
$class = 'WP_HTTP_' . $transport; $class = 'WP_HTTP_' . $transport;
// Check to see if this transport is a possibility, calls the transport statically // Check to see if this transport is a possibility, calls the transport statically.
if ( !call_user_func( array( $class, 'test' ), $args, $url ) ) if ( !call_user_func( array( $class, 'test' ), $args, $url ) )
continue; continue;
@ -450,20 +457,25 @@ class WP_Http {
* Then a numbered array is returned as the value of that header-key. * Then a numbered array is returned as the value of that header-key.
*/ */
public static function processHeaders( $headers, $url = '' ) { public static function processHeaders( $headers, $url = '' ) {
// split headers, one per array element // Split headers, one per array element.
if ( is_string($headers) ) { if ( is_string($headers) ) {
// tolerate line terminator: CRLF = LF (RFC 2616 19.3) // Tolerate line terminator: CRLF = LF (RFC 2616 19.3).
$headers = str_replace("\r\n", "\n", $headers); $headers = str_replace("\r\n", "\n", $headers);
// unfold folded header fields. LWS = [CRLF] 1*( SP | HT ) <US-ASCII SP, space (32)>, <US-ASCII HT, horizontal-tab (9)> (RFC 2616 2.2) /*
* Unfold folded header fields. LWS = [CRLF] 1*( SP | HT ) <US-ASCII SP, space (32)>,
* <US-ASCII HT, horizontal-tab (9)> (RFC 2616 2.2).
*/
$headers = preg_replace('/\n[ \t]/', ' ', $headers); $headers = preg_replace('/\n[ \t]/', ' ', $headers);
// create the headers array // Create the headers array.
$headers = explode("\n", $headers); $headers = explode("\n", $headers);
} }
$response = array('code' => 0, 'message' => ''); $response = array('code' => 0, 'message' => '');
// If a redirection has taken place, The headers for each page request may have been passed. /*
// In this case, determine the final HTTP header and parse from there. * If a redirection has taken place, The headers for each page request may have been passed.
* In this case, determine the final HTTP header and parse from there.
*/
for ( $i = count($headers)-1; $i >= 0; $i-- ) { for ( $i = count($headers)-1; $i >= 0; $i-- ) {
if ( !empty($headers[$i]) && false === strpos($headers[$i], ':') ) { if ( !empty($headers[$i]) && false === strpos($headers[$i], ':') ) {
$headers = array_splice($headers, $i); $headers = array_splice($headers, $i);
@ -518,7 +530,7 @@ class WP_Http {
*/ */
public static function buildCookieHeader( &$r ) { public static function buildCookieHeader( &$r ) {
if ( ! empty($r['cookies']) ) { if ( ! empty($r['cookies']) ) {
// Upgrade any name => value cookie pairs to WP_HTTP_Cookie instances // Upgrade any name => value cookie pairs to WP_HTTP_Cookie instances.
foreach ( $r['cookies'] as $name => $value ) { foreach ( $r['cookies'] as $name => $value ) {
if ( ! is_object( $value ) ) if ( ! is_object( $value ) )
$r['cookies'][ $name ] = new WP_HTTP_Cookie( array( 'name' => $name, 'value' => $value ) ); $r['cookies'][ $name ] = new WP_HTTP_Cookie( array( 'name' => $name, 'value' => $value ) );
@ -554,7 +566,9 @@ class WP_Http {
return $body; return $body;
$parsed_body = ''; $parsed_body = '';
$body_original = $body; // We'll be altering $body, so need a backup in case of error
// We'll be altering $body, so need a backup in case of error.
$body_original = $body;
while ( true ) { while ( true ) {
$has_chunk = (bool) preg_match( '/^([0-9a-f]+)[^\r\n]*\r\n/i', $body, $match ); $has_chunk = (bool) preg_match( '/^([0-9a-f]+)[^\r\n]*\r\n/i', $body, $match );
@ -564,13 +578,13 @@ class WP_Http {
$length = hexdec( $match[1] ); $length = hexdec( $match[1] );
$chunk_length = strlen( $match[0] ); $chunk_length = strlen( $match[0] );
// Parse out the chunk of data // Parse out the chunk of data.
$parsed_body .= substr( $body, $chunk_length, $length ); $parsed_body .= substr( $body, $chunk_length, $length );
// Remove the chunk from the raw data // Remove the chunk from the raw data.
$body = substr( $body, $length + $chunk_length ); $body = substr( $body, $length + $chunk_length );
// End of document // End of the document.
if ( '0' === trim( $body ) ) if ( '0' === trim( $body ) )
return $parsed_body; return $parsed_body;
} }
@ -606,7 +620,7 @@ class WP_Http {
$home = parse_url( get_option('siteurl') ); $home = parse_url( get_option('siteurl') );
// Don't block requests back to ourselves by default // Don't block requests back to ourselves by default.
if ( $check['host'] == 'localhost' || $check['host'] == $home['host'] ) { if ( $check['host'] == 'localhost' || $check['host'] == $home['host'] ) {
/** /**
* Filter whether to block local requests through the proxy. * Filter whether to block local requests through the proxy.
@ -646,7 +660,7 @@ class WP_Http {
if ( empty( $url ) ) if ( empty( $url ) )
return $maybe_relative_path; return $maybe_relative_path;
// Check for a scheme // Check for a scheme.
if ( false !== strpos( $maybe_relative_path, '://' ) ) if ( false !== strpos( $maybe_relative_path, '://' ) )
return $maybe_relative_path; return $maybe_relative_path;
@ -660,31 +674,31 @@ class WP_Http {
if ( isset( $url_parts['port'] ) ) if ( isset( $url_parts['port'] ) )
$absolute_path .= ':' . $url_parts['port']; $absolute_path .= ':' . $url_parts['port'];
// Start off with the Absolute URL path // Start off with the Absolute URL path.
$path = ! empty( $url_parts['path'] ) ? $url_parts['path'] : '/'; $path = ! empty( $url_parts['path'] ) ? $url_parts['path'] : '/';
// If it's a root-relative path, then great // If it's a root-relative path, then great.
if ( ! empty( $relative_url_parts['path'] ) && '/' == $relative_url_parts['path'][0] ) { if ( ! empty( $relative_url_parts['path'] ) && '/' == $relative_url_parts['path'][0] ) {
$path = $relative_url_parts['path']; $path = $relative_url_parts['path'];
// Else it's a relative path // Else it's a relative path.
} elseif ( ! empty( $relative_url_parts['path'] ) ) { } elseif ( ! empty( $relative_url_parts['path'] ) ) {
// Strip off any file components from the absolute path // Strip off any file components from the absolute path.
$path = substr( $path, 0, strrpos( $path, '/' ) + 1 ); $path = substr( $path, 0, strrpos( $path, '/' ) + 1 );
// Build the new path // Build the new path.
$path .= $relative_url_parts['path']; $path .= $relative_url_parts['path'];
// Strip all /path/../ out of the path // Strip all /path/../ out of the path.
while ( strpos( $path, '../' ) > 1 ) { while ( strpos( $path, '../' ) > 1 ) {
$path = preg_replace( '![^/]+/\.\./!', '', $path ); $path = preg_replace( '![^/]+/\.\./!', '', $path );
} }
// Strip any final leading ../ from the path // Strip any final leading ../ from the path.
$path = preg_replace( '!^/(\.\./)+!', '', $path ); $path = preg_replace( '!^/(\.\./)+!', '', $path );
} }
// Add the Query string // Add the Query string.
if ( ! empty( $relative_url_parts['query'] ) ) if ( ! empty( $relative_url_parts['query'] ) )
$path .= '?' . $relative_url_parts['query']; $path .= '?' . $relative_url_parts['query'];
@ -706,29 +720,29 @@ class WP_Http {
if ( ! isset( $response['headers']['location'] ) || 0 === $args['_redirection'] ) if ( ! isset( $response['headers']['location'] ) || 0 === $args['_redirection'] )
return false; return false;
// Only perform redirections on redirection http codes // Only perform redirections on redirection http codes.
if ( $response['response']['code'] > 399 || $response['response']['code'] < 300 ) if ( $response['response']['code'] > 399 || $response['response']['code'] < 300 )
return false; return false;
// Don't redirect if we've run out of redirects // Don't redirect if we've run out of redirects.
if ( $args['redirection']-- <= 0 ) if ( $args['redirection']-- <= 0 )
return new WP_Error( 'http_request_failed', __('Too many redirects.') ); return new WP_Error( 'http_request_failed', __('Too many redirects.') );
$redirect_location = $response['headers']['location']; $redirect_location = $response['headers']['location'];
// If there were multiple Location headers, use the last header specified // If there were multiple Location headers, use the last header specified.
if ( is_array( $redirect_location ) ) if ( is_array( $redirect_location ) )
$redirect_location = array_pop( $redirect_location ); $redirect_location = array_pop( $redirect_location );
$redirect_location = WP_HTTP::make_absolute_url( $redirect_location, $url ); $redirect_location = WP_HTTP::make_absolute_url( $redirect_location, $url );
// POST requests should not POST to a redirected location // POST requests should not POST to a redirected location.
if ( 'POST' == $args['method'] ) { if ( 'POST' == $args['method'] ) {
if ( in_array( $response['response']['code'], array( 302, 303 ) ) ) if ( in_array( $response['response']['code'], array( 302, 303 ) ) )
$args['method'] = 'GET'; $args['method'] = 'GET';
} }
// Include valid cookies in the redirect process // Include valid cookies in the redirect process.
if ( ! empty( $response['cookies'] ) ) { if ( ! empty( $response['cookies'] ) ) {
foreach ( $response['cookies'] as $cookie ) { foreach ( $response['cookies'] as $cookie ) {
if ( $cookie->test( $redirect_location ) ) if ( $cookie->test( $redirect_location ) )
@ -805,7 +819,7 @@ class WP_Http_Streams {
unset($r['headers']['user-agent']); unset($r['headers']['user-agent']);
} }
// Construct Cookie: header if any cookies are set // Construct Cookie: header if any cookies are set.
WP_Http::buildCookieHeader( $r ); WP_Http::buildCookieHeader( $r );
$arrURL = parse_url($url); $arrURL = parse_url($url);
@ -830,8 +844,11 @@ class WP_Http_Streams {
unset( $r['headers']['Host'], $r['headers']['host'] ); unset( $r['headers']['Host'], $r['headers']['host'] );
} }
// Certain versions of PHP have issues with 'localhost' and IPv6, It attempts to connect to ::1, /*
// which fails when the server is not set up for it. For compatibility, always connect to the IPv4 address. * Certain versions of PHP have issues with 'localhost' and IPv6, It attempts to connect
* to ::1, which fails when the server is not set up for it. For compatibility, always
* connect to the IPv4 address.
*/
if ( 'localhost' == strtolower( $connect_host ) ) if ( 'localhost' == strtolower( $connect_host ) )
$connect_host = '127.0.0.1'; $connect_host = '127.0.0.1';
@ -876,11 +893,14 @@ class WP_Http_Streams {
$utimeout = $timeout == $r['timeout'] ? 0 : 1000000 * $r['timeout'] % 1000000; $utimeout = $timeout == $r['timeout'] ? 0 : 1000000 * $r['timeout'] % 1000000;
$connect_timeout = max( $timeout, 1 ); $connect_timeout = max( $timeout, 1 );
$connection_error = null; // Store error number // Store error number.
$connection_error_str = null; // Store error string $connection_error = null;
// Store error string.
$connection_error_str = null;
if ( !WP_DEBUG ) { if ( !WP_DEBUG ) {
// In the event that the SSL connection fails, silence the many PHP Warnings // In the event that the SSL connection fails, silence the many PHP Warnings.
if ( $secure_transport ) if ( $secure_transport )
$error_reporting = error_reporting(0); $error_reporting = error_reporting(0);
@ -900,14 +920,14 @@ class WP_Http_Streams {
} }
if ( false === $handle ) { if ( false === $handle ) {
// SSL connection failed due to expired/invalid cert, or, OpenSSL configuration is broken // SSL connection failed due to expired/invalid cert, or, OpenSSL configuration is broken.
if ( $secure_transport && 0 === $connection_error && '' === $connection_error_str ) if ( $secure_transport && 0 === $connection_error && '' === $connection_error_str )
return new WP_Error( 'http_request_failed', __( 'The SSL certificate for the host could not be verified.' ) ); return new WP_Error( 'http_request_failed', __( 'The SSL certificate for the host could not be verified.' ) );
return new WP_Error('http_request_failed', $connection_error . ': ' . $connection_error_str ); return new WP_Error('http_request_failed', $connection_error . ': ' . $connection_error_str );
} }
// Verify that the SSL certificate is valid for this request // Verify that the SSL certificate is valid for this request.
if ( $secure_transport && $ssl_verify && ! $proxy->is_enabled() ) { if ( $secure_transport && $ssl_verify && ! $proxy->is_enabled() ) {
if ( ! self::verify_ssl_certificate( $handle, $arrURL['host'] ) ) if ( ! self::verify_ssl_certificate( $handle, $arrURL['host'] ) )
return new WP_Error( 'http_request_failed', __( 'The SSL certificate for the host could not be verified.' ) ); return new WP_Error( 'http_request_failed', __( 'The SSL certificate for the host could not be verified.' ) );
@ -963,7 +983,7 @@ class WP_Http_Streams {
if ( isset( $r['limit_response_size'] ) ) if ( isset( $r['limit_response_size'] ) )
$block_size = min( $block_size, $r['limit_response_size'] ); $block_size = min( $block_size, $r['limit_response_size'] );
// If streaming to a file setup the file handle // If streaming to a file setup the file handle.
if ( $r['stream'] ) { if ( $r['stream'] ) {
if ( ! WP_DEBUG ) if ( ! WP_DEBUG )
$stream_handle = @fopen( $r['filename'], 'w+' ); $stream_handle = @fopen( $r['filename'], 'w+' );
@ -1029,13 +1049,14 @@ class WP_Http_Streams {
$response = array( $response = array(
'headers' => $arrHeaders['headers'], 'headers' => $arrHeaders['headers'],
'body' => null, // Not yet processed // Not yet processed.
'body' => null,
'response' => $arrHeaders['response'], 'response' => $arrHeaders['response'],
'cookies' => $arrHeaders['cookies'], 'cookies' => $arrHeaders['cookies'],
'filename' => $r['filename'] 'filename' => $r['filename']
); );
// Handle redirects // Handle redirects.
if ( false !== ( $redirect_response = WP_HTTP::handle_redirects( $url, $r, $response ) ) ) if ( false !== ( $redirect_response = WP_HTTP::handle_redirects( $url, $r, $response ) ) )
return $redirect_response; return $redirect_response;
@ -1081,7 +1102,10 @@ class WP_Http_Streams {
if ( ! $cert ) if ( ! $cert )
return false; return false;
// If the request is being made to an IP address, we'll validate against IP fields in the cert (if they exist) /*
* If the request is being made to an IP address, we'll validate against IP fields
* in the cert (if they exist)
*/
$host_type = ( WP_HTTP::is_ip_address( $host ) ? 'ip' : 'dns' ); $host_type = ( WP_HTTP::is_ip_address( $host ) ? 'ip' : 'dns' );
$certificate_hostnames = array(); $certificate_hostnames = array();
@ -1093,23 +1117,23 @@ class WP_Http_Streams {
$certificate_hostnames[] = strtolower( trim( $match_host ) ); $certificate_hostnames[] = strtolower( trim( $match_host ) );
} }
} elseif ( !empty( $cert['subject']['CN'] ) ) { } elseif ( !empty( $cert['subject']['CN'] ) ) {
// Only use the CN when the certificate includes no subjectAltName extension // Only use the CN when the certificate includes no subjectAltName extension.
$certificate_hostnames[] = strtolower( $cert['subject']['CN'] ); $certificate_hostnames[] = strtolower( $cert['subject']['CN'] );
} }
// Exact hostname/IP matches // Exact hostname/IP matches.
if ( in_array( strtolower( $host ), $certificate_hostnames ) ) if ( in_array( strtolower( $host ), $certificate_hostnames ) )
return true; return true;
// IP's can't be wildcards, Stop processing // IP's can't be wildcards, Stop processing.
if ( 'ip' == $host_type ) if ( 'ip' == $host_type )
return false; return false;
// Test to see if the domain is at least 2 deep for wildcard support // Test to see if the domain is at least 2 deep for wildcard support.
if ( substr_count( $host, '.' ) < 2 ) if ( substr_count( $host, '.' ) < 2 )
return false; return false;
// Wildcard subdomains certs (*.example.com) are valid for a.example.com but not a.b.example.com // Wildcard subdomains certs (*.example.com) are valid for a.example.com but not a.b.example.com.
$wildcard_host = preg_replace( '/^[^.]+\./', '*.', $host ); $wildcard_host = preg_replace( '/^[^.]+\./', '*.', $host );
return in_array( strtolower( $wildcard_host ), $certificate_hostnames ); return in_array( strtolower( $wildcard_host ), $certificate_hostnames );
@ -1162,7 +1186,7 @@ class WP_Http_Streams {
* @deprecated 3.7.0 Please use WP_HTTP::request() directly * @deprecated 3.7.0 Please use WP_HTTP::request() directly
*/ */
class WP_HTTP_Fsockopen extends WP_HTTP_Streams { class WP_HTTP_Fsockopen extends WP_HTTP_Streams {
// For backwards compatibility for users who are using the class directly // For backwards compatibility for users who are using the class directly.
} }
/** /**
@ -1270,8 +1294,10 @@ class WP_Http_Curl {
$ssl_verify = apply_filters( 'https_ssl_verify', $ssl_verify ); $ssl_verify = apply_filters( 'https_ssl_verify', $ssl_verify );
} }
// CURLOPT_TIMEOUT and CURLOPT_CONNECTTIMEOUT expect integers. Have to use ceil since /*
// a value of 0 will allow an unlimited timeout. * CURLOPT_TIMEOUT and CURLOPT_CONNECTTIMEOUT expect integers. Have to use ceil since.
* a value of 0 will allow an unlimited timeout.
*/
$timeout = (int) ceil( $r['timeout'] ); $timeout = (int) ceil( $r['timeout'] );
curl_setopt( $handle, CURLOPT_CONNECTTIMEOUT, $timeout ); curl_setopt( $handle, CURLOPT_CONNECTTIMEOUT, $timeout );
curl_setopt( $handle, CURLOPT_TIMEOUT, $timeout ); curl_setopt( $handle, CURLOPT_TIMEOUT, $timeout );
@ -1282,8 +1308,11 @@ class WP_Http_Curl {
curl_setopt( $handle, CURLOPT_SSL_VERIFYPEER, $ssl_verify ); curl_setopt( $handle, CURLOPT_SSL_VERIFYPEER, $ssl_verify );
curl_setopt( $handle, CURLOPT_CAINFO, $r['sslcertificates'] ); curl_setopt( $handle, CURLOPT_CAINFO, $r['sslcertificates'] );
curl_setopt( $handle, CURLOPT_USERAGENT, $r['user-agent'] ); curl_setopt( $handle, CURLOPT_USERAGENT, $r['user-agent'] );
// The option doesn't work with safe mode or when open_basedir is set, and there's a
// bug #17490 with redirected POST requests, so handle redirections outside Curl. /*
* The option doesn't work with safe mode or when open_basedir is set, and there's
* a bug #17490 with redirected POST requests, so handle redirections outside Curl.
*/
curl_setopt( $handle, CURLOPT_FOLLOWLOCATION, false ); curl_setopt( $handle, CURLOPT_FOLLOWLOCATION, false );
if ( defined( 'CURLOPT_PROTOCOLS' ) ) // PHP 5.2.10 / cURL 7.19.4 if ( defined( 'CURLOPT_PROTOCOLS' ) ) // PHP 5.2.10 / cURL 7.19.4
curl_setopt( $handle, CURLOPT_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS ); curl_setopt( $handle, CURLOPT_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS );
@ -1319,7 +1348,7 @@ class WP_Http_Curl {
else else
$this->max_body_length = false; $this->max_body_length = false;
// If streaming to a file open a file handle, and setup our curl streaming handler // If streaming to a file open a file handle, and setup our curl streaming handler.
if ( $r['stream'] ) { if ( $r['stream'] ) {
if ( ! WP_DEBUG ) if ( ! WP_DEBUG )
$this->stream_handle = @fopen( $r['filename'], 'w+' ); $this->stream_handle = @fopen( $r['filename'], 'w+' );
@ -1332,7 +1361,7 @@ class WP_Http_Curl {
} }
if ( !empty( $r['headers'] ) ) { if ( !empty( $r['headers'] ) ) {
// cURL expects full header strings in each element // cURL expects full header strings in each element.
$headers = array(); $headers = array();
foreach ( $r['headers'] as $name => $value ) { foreach ( $r['headers'] as $name => $value ) {
$headers[] = "{$name}: $value"; $headers[] = "{$name}: $value";
@ -1385,7 +1414,7 @@ class WP_Http_Curl {
$curl_error = curl_errno( $handle ); $curl_error = curl_errno( $handle );
// If an error occured, or, no response // If an error occured, or, no response.
if ( $curl_error || ( 0 == strlen( $theBody ) && empty( $theHeaders['headers'] ) ) ) { if ( $curl_error || ( 0 == strlen( $theBody ) && empty( $theHeaders['headers'] ) ) ) {
if ( CURLE_WRITE_ERROR /* 23 */ == $curl_error && $r['stream'] ) { if ( CURLE_WRITE_ERROR /* 23 */ == $curl_error && $r['stream'] ) {
fclose( $this->stream_handle ); fclose( $this->stream_handle );
@ -1418,7 +1447,7 @@ class WP_Http_Curl {
'filename' => $r['filename'] 'filename' => $r['filename']
); );
// Handle redirects // Handle redirects.
if ( false !== ( $redirect_response = WP_HTTP::handle_redirects( $url, $r, $response ) ) ) if ( false !== ( $redirect_response = WP_HTTP::handle_redirects( $url, $r, $response ) ) )
return $redirect_response; return $redirect_response;
@ -1467,7 +1496,7 @@ class WP_Http_Curl {
$bytes_written = $data_length; $bytes_written = $data_length;
} }
// Upon event of this function returning less than strlen( $data ) curl will error with CURLE_WRITE_ERROR // Upon event of this function returning less than strlen( $data ) curl will error with CURLE_WRITE_ERROR.
return $bytes_written; return $bytes_written;
} }
@ -1487,7 +1516,8 @@ class WP_Http_Curl {
if ( $is_ssl ) { if ( $is_ssl ) {
$curl_version = curl_version(); $curl_version = curl_version();
if ( ! (CURL_VERSION_SSL & $curl_version['features']) ) // Does this cURL version support SSL requests? // Check whether this cURL version support SSL requests.
if ( ! (CURL_VERSION_SSL & $curl_version['features']) )
return false; return false;
} }
@ -1657,8 +1687,10 @@ class WP_HTTP_Proxy {
* @return bool True, to send through the proxy and false if, the proxy should not be used. * @return bool True, to send through the proxy and false if, the proxy should not be used.
*/ */
public function send_through_proxy( $uri ) { public function send_through_proxy( $uri ) {
// parse_url() only handles http, https type URLs, and will emit E_WARNING on failure. /*
// This will be displayed on blogs, which is not reasonable. * parse_url() only handles http, https type URLs, and will emit E_WARNING on failure.
* This will be displayed on blogs, which is not reasonable.
*/
$check = @parse_url($uri); $check = @parse_url($uri);
// Malformed URL, can not process, but this could mean ssl, so let through anyway. // Malformed URL, can not process, but this could mean ssl, so let through anyway.
@ -1796,20 +1828,24 @@ class WP_Http_Cookie {
$this->path = dirname( $this->path ) . '/'; $this->path = dirname( $this->path ) . '/';
if ( is_string( $data ) ) { if ( is_string( $data ) ) {
// Assume it's a header string direct from a previous request // Assume it's a header string direct from a previous request.
$pairs = explode( ';', $data ); $pairs = explode( ';', $data );
// Special handling for first pair; name=value. Also be careful of "=" in value // Special handling for first pair; name=value. Also be careful of "=" in value.
$name = trim( substr( $pairs[0], 0, strpos( $pairs[0], '=' ) ) ); $name = trim( substr( $pairs[0], 0, strpos( $pairs[0], '=' ) ) );
$value = substr( $pairs[0], strpos( $pairs[0], '=' ) + 1 ); $value = substr( $pairs[0], strpos( $pairs[0], '=' ) + 1 );
$this->name = $name; $this->name = $name;
$this->value = urldecode( $value ); $this->value = urldecode( $value );
array_shift( $pairs ); //Removes name=value from items.
// Set everything else as a property // Removes name=value from items.
array_shift( $pairs );
// Set everything else as a property.
foreach ( $pairs as $pair ) { foreach ( $pairs as $pair ) {
$pair = rtrim($pair); $pair = rtrim($pair);
if ( empty($pair) ) //Handles the cookie ending in ; which results in a empty final pair
// Handle the cookie ending in ; which results in a empty final pair.
if ( empty($pair) )
continue; continue;
list( $key, $val ) = strpos( $pair, '=' ) ? explode( '=', $pair ) : array( $pair, '' ); list( $key, $val ) = strpos( $pair, '=' ) ? explode( '=', $pair ) : array( $pair, '' );
@ -1822,7 +1858,7 @@ class WP_Http_Cookie {
if ( !isset( $data['name'] ) ) if ( !isset( $data['name'] ) )
return false; return false;
// Set properties based directly on parameters // Set properties based directly on parameters.
foreach ( array( 'name', 'value', 'path', 'domain', 'port' ) as $field ) { foreach ( array( 'name', 'value', 'path', 'domain', 'port' ) as $field ) {
if ( isset( $data[ $field ] ) ) if ( isset( $data[ $field ] ) )
$this->$field = $data[ $field ]; $this->$field = $data[ $field ];
@ -1850,32 +1886,32 @@ class WP_Http_Cookie {
if ( is_null( $this->name ) ) if ( is_null( $this->name ) )
return false; return false;
// Expires - if expired then nothing else matters // Expires - if expired then nothing else matters.
if ( isset( $this->expires ) && time() > $this->expires ) if ( isset( $this->expires ) && time() > $this->expires )
return false; return false;
// Get details on the URL we're thinking about sending to // Get details on the URL we're thinking about sending to.
$url = parse_url( $url ); $url = parse_url( $url );
$url['port'] = isset( $url['port'] ) ? $url['port'] : ( 'https' == $url['scheme'] ? 443 : 80 ); $url['port'] = isset( $url['port'] ) ? $url['port'] : ( 'https' == $url['scheme'] ? 443 : 80 );
$url['path'] = isset( $url['path'] ) ? $url['path'] : '/'; $url['path'] = isset( $url['path'] ) ? $url['path'] : '/';
// Values to use for comparison against the URL // Values to use for comparison against the URL.
$path = isset( $this->path ) ? $this->path : '/'; $path = isset( $this->path ) ? $this->path : '/';
$port = isset( $this->port ) ? $this->port : null; $port = isset( $this->port ) ? $this->port : null;
$domain = isset( $this->domain ) ? strtolower( $this->domain ) : strtolower( $url['host'] ); $domain = isset( $this->domain ) ? strtolower( $this->domain ) : strtolower( $url['host'] );
if ( false === stripos( $domain, '.' ) ) if ( false === stripos( $domain, '.' ) )
$domain .= '.local'; $domain .= '.local';
// Host - very basic check that the request URL ends with the domain restriction (minus leading dot) // Host - very basic check that the request URL ends with the domain restriction (minus leading dot).
$domain = substr( $domain, 0, 1 ) == '.' ? substr( $domain, 1 ) : $domain; $domain = substr( $domain, 0, 1 ) == '.' ? substr( $domain, 1 ) : $domain;
if ( substr( $url['host'], -strlen( $domain ) ) != $domain ) if ( substr( $url['host'], -strlen( $domain ) ) != $domain )
return false; return false;
// Port - supports "port-lists" in the format: "80,8000,8080" // Port - supports "port-lists" in the format: "80,8000,8080".
if ( !empty( $port ) && !in_array( $url['port'], explode( ',', $port) ) ) if ( !empty( $port ) && !in_array( $url['port'], explode( ',', $port) ) )
return false; return false;
// Path - request path must start with path restriction // Path - request path must start with path restriction.
if ( substr( $url['path'], 0, strlen( $path ) ) != $path ) if ( substr( $url['path'], 0, strlen( $path ) ) != $path )
return false; return false;
@ -2005,7 +2041,7 @@ class WP_Http_Encoding {
*/ */
public static function compatible_gzinflate($gzData) { public static function compatible_gzinflate($gzData) {
// Compressed data might contain a full header, if so strip it for gzinflate() // Compressed data might contain a full header, if so strip it for gzinflate().
if ( substr($gzData, 0, 3) == "\x1f\x8b\x08" ) { if ( substr($gzData, 0, 3) == "\x1f\x8b\x08" ) {
$i = 10; $i = 10;
$flg = ord( substr($gzData, 3, 1) ); $flg = ord( substr($gzData, 3, 1) );
@ -2045,11 +2081,11 @@ class WP_Http_Encoding {
$type = array(); $type = array();
$compression_enabled = WP_Http_Encoding::is_available(); $compression_enabled = WP_Http_Encoding::is_available();
if ( ! $args['decompress'] ) // decompression specifically disabled if ( ! $args['decompress'] ) // Decompression specifically disabled.
$compression_enabled = false; $compression_enabled = false;
elseif ( $args['stream'] ) // disable when streaming to file elseif ( $args['stream'] ) // Disable when streaming to file.
$compression_enabled = false; $compression_enabled = false;
elseif ( isset( $args['limit_response_size'] ) ) // If only partial content is being requested, we won't be able to decompress it elseif ( isset( $args['limit_response_size'] ) ) // If only partial content is being requested, we won't be able to decompress it.
$compression_enabled = false; $compression_enabled = false;
if ( $compression_enabled ) { if ( $compression_enabled ) {