/** * Default filter attached to pingback_ping_source_uri to validate the pingback's Source URI * * @since 3.5.1 * @see wp_http_validate_url() * * @param string $source_uri * @return string */ function pingback_ping_source_uri($source_uri) { return (string) wp_http_validate_url($source_uri); }
/** * Send an HTTP request to a URI. * * Please note: The only URI that are supported in the HTTP Transport implementation * are the HTTP and HTTPS protocols. * * @access public * @since 2.7.0 * * @global string $wp_version * * @param string $url The request URL. * @param string|array $args { * Optional. Array or string of HTTP request arguments. * * @type string $method Request method. Accepts 'GET', 'POST', 'HEAD', or 'PUT'. * Some transports technically allow others, but should not be * assumed. Default 'GET'. * @type int $timeout How long the connection should stay open in seconds. Default 5. * @type int $redirection Number of allowed redirects. Not supported by all transports * Default 5. * @type string $httpversion Version of the HTTP protocol to use. Accepts '1.0' and '1.1'. * Default '1.0'. * @type string $user-agent User-agent value sent. * Default WordPress/' . $wp_version . '; ' . get_bloginfo( 'url' ). * @type bool $reject_unsafe_urls Whether to pass URLs through {@see wp_http_validate_url()}. * Default false. * @type bool $blocking Whether the calling code requires the result of the request. * If set to false, the request will be sent to the remote server, * and processing returned to the calling code immediately, the caller * will know if the request succeeded or failed, but will not receive * any response from the remote server. Default true. * @type string|array $headers Array or string of headers to send with the request. * Default empty array. * @type array $cookies List of cookies to send with the request. Default empty array. * @type string|array $body Body to send with the request. Default null. * @type bool $compress Whether to compress the $body when sending the request. * Default false. * @type bool $decompress Whether to decompress a compressed response. If set to false and * compressed content is returned in the response anyway, it will * need to be separately decompressed. Default true. * @type bool $sslverify Whether to verify SSL for the request. Default true. * @type string sslcertificates Absolute path to an SSL certificate .crt file. * Default ABSPATH . WPINC . '/certificates/ca-bundle.crt'. * @type bool $stream Whether to stream to a file. If set to true and no filename was * given, it will be droped it in the WP temp dir and its name will * be set using the basename of the URL. Default false. * @type string $filename Filename of the file to write to when streaming. $stream must be * set to true. Default null. * @type int $limit_response_size Size in bytes to limit the response to. Default null. * * } * @return array|WP_Error Array containing 'headers', 'body', 'response', 'cookies', 'filename'. * A WP_Error instance upon error. */ public function request($url, $args = array()) { global $wp_version; $defaults = array('method' => 'GET', 'timeout' => apply_filters('http_request_timeout', 5), 'redirection' => apply_filters('http_request_redirection_count', 5), 'httpversion' => apply_filters('http_request_version', '1.0'), 'user-agent' => apply_filters('http_headers_useragent', 'WordPress/' . $wp_version . '; ' . get_bloginfo('url')), 'reject_unsafe_urls' => apply_filters('http_request_reject_unsafe_urls', false), 'blocking' => true, 'headers' => array(), 'cookies' => array(), 'body' => null, 'compress' => false, 'decompress' => true, 'sslverify' => true, 'sslcertificates' => ABSPATH . WPINC . '/certificates/ca-bundle.crt', 'stream' => false, 'filename' => null, 'limit_response_size' => null); // Pre-parse for the HEAD checks. $args = wp_parse_args($args); // By default, Head requests do not cause redirections. if (isset($args['method']) && 'HEAD' == $args['method']) { $defaults['redirection'] = 0; } $r = wp_parse_args($args, $defaults); /** * Filter the arguments used in an HTTP request. * * @since 2.7.0 * * @param array $r An array of HTTP request arguments. * @param string $url The request URL. */ $r = apply_filters('http_request_args', $r, $url); // The transports decrement this, store a copy of the original value for loop purposes. if (!isset($r['_redirection'])) { $r['_redirection'] = $r['redirection']; } /** * Filter whether to preempt an HTTP request's return value. * * Returning a non-false value from the filter will short-circuit the HTTP request and return * early with that value. A filter should return either: * * - An array containing 'headers', 'body', 'response', 'cookies', and 'filename' elements * - A WP_Error instance * - boolean false (to avoid short-circuiting the response) * * Returning any other value may result in unexpected behaviour. * * @since 2.9.0 * * @param false|array|WP_Error $preempt Whether to preempt an HTTP request's return value. Default false. * @param array $r HTTP request arguments. * @param string $url The request URL. */ $pre = apply_filters('pre_http_request', false, $r, $url); if (false !== $pre) { return $pre; } if (function_exists('wp_kses_bad_protocol')) { if ($r['reject_unsafe_urls']) { $url = wp_http_validate_url($url); } if ($url) { $url = wp_kses_bad_protocol($url, array('http', 'https', 'ssl')); } } $arrURL = @parse_url($url); if (empty($url) || empty($arrURL['scheme'])) { return new WP_Error('http_request_failed', __('A valid URL was not provided.')); } if ($this->block_request($url)) { return new WP_Error('http_request_failed', __('User has blocked requests through HTTP.')); } /* * Determine if this is a https call and pass that on to the transport functions * so that we can blacklist the transports that do not support ssl verification */ $r['ssl'] = $arrURL['scheme'] == 'https' || $arrURL['scheme'] == 'ssl'; // Determine if this request is to OUR install of WordPress. $homeURL = parse_url(get_bloginfo('url')); $r['local'] = 'localhost' == $arrURL['host'] || isset($homeURL['host']) && $homeURL['host'] == $arrURL['host']; unset($homeURL); /* * If we are streaming to a file but no filename was given drop it in the WP temp dir * and pick its name using the basename of the $url. */ if ($r['stream'] && empty($r['filename'])) { $r['filename'] = get_temp_dir() . wp_unique_filename(get_temp_dir(), basename($url)); } /* * Force some settings if we are streaming to a file and check for existence and perms * of destination directory. */ if ($r['stream']) { $r['blocking'] = true; if (!wp_is_writable(dirname($r['filename']))) { return new WP_Error('http_request_failed', __('Destination directory for file streaming does not exist or is not writable.')); } } if (is_null($r['headers'])) { $r['headers'] = array(); } if (!is_array($r['headers'])) { $processedHeaders = self::processHeaders($r['headers'], $url); $r['headers'] = $processedHeaders['headers']; } if (isset($r['headers']['User-Agent'])) { $r['user-agent'] = $r['headers']['User-Agent']; unset($r['headers']['User-Agent']); } if (isset($r['headers']['user-agent'])) { $r['user-agent'] = $r['headers']['user-agent']; unset($r['headers']['user-agent']); } if ('1.1' == $r['httpversion'] && !isset($r['headers']['connection'])) { $r['headers']['connection'] = 'close'; } // Construct Cookie: header if any cookies are set. self::buildCookieHeader($r); // Avoid issues where mbstring.func_overload is enabled. mbstring_binary_safe_encoding(); if (!isset($r['headers']['Accept-Encoding'])) { if ($encoding = WP_Http_Encoding::accept_encoding($url, $r)) { $r['headers']['Accept-Encoding'] = $encoding; } } if (!is_null($r['body']) && '' != $r['body'] || 'POST' == $r['method'] || 'PUT' == $r['method']) { if (is_array($r['body']) || is_object($r['body'])) { $r['body'] = http_build_query($r['body'], null, '&'); if (!isset($r['headers']['Content-Type'])) { $r['headers']['Content-Type'] = 'application/x-www-form-urlencoded; charset=' . get_option('blog_charset'); } } if ('' === $r['body']) { $r['body'] = null; } if (!isset($r['headers']['Content-Length']) && !isset($r['headers']['content-length'])) { $r['headers']['Content-Length'] = strlen($r['body']); } } $response = $this->_dispatch_request($url, $r); reset_mbstring_encoding(); if (is_wp_error($response)) { return $response; } // Append cookies that were used in this request to the response if (!empty($r['cookies'])) { $cookies_set = wp_list_pluck($response['cookies'], 'name'); foreach ($r['cookies'] as $cookie) { if (!in_array($cookie->name, $cookies_set) && $cookie->test($url)) { $response['cookies'][] = $cookie; } } } return $response; }
/** * Send an HTTP request to a URI. * * Please note: The only URI that are supported in the HTTP Transport implementation * are the HTTP and HTTPS protocols. * * @access public * @since 2.7.0 * * @param string $url The request URL. * @param string|array $args { * Optional. Array or string of HTTP request arguments. * * @type string $method Request method. Accepts 'GET', 'POST', 'HEAD', or 'PUT'. * Some transports technically allow others, but should not be * assumed. Default 'GET'. * @type int $timeout How long the connection should stay open in seconds. Default 5. * @type int $redirection Number of allowed redirects. Not supported by all transports * Default 5. * @type string $httpversion Version of the HTTP protocol to use. Accepts '1.0' and '1.1'. * Default '1.0'. * @type string $user-agent User-agent value sent. * Default WordPress/' . get_bloginfo( 'version' ) . '; ' . get_bloginfo( 'url' ). * @type bool $reject_unsafe_urls Whether to pass URLs through wp_http_validate_url(). * Default false. * @type bool $blocking Whether the calling code requires the result of the request. * If set to false, the request will be sent to the remote server, * and processing returned to the calling code immediately, the caller * will know if the request succeeded or failed, but will not receive * any response from the remote server. Default true. * @type string|array $headers Array or string of headers to send with the request. * Default empty array. * @type array $cookies List of cookies to send with the request. Default empty array. * @type string|array $body Body to send with the request. Default null. * @type bool $compress Whether to compress the $body when sending the request. * Default false. * @type bool $decompress Whether to decompress a compressed response. If set to false and * compressed content is returned in the response anyway, it will * need to be separately decompressed. Default true. * @type bool $sslverify Whether to verify SSL for the request. Default true. * @type string sslcertificates Absolute path to an SSL certificate .crt file. * Default ABSPATH . WPINC . '/certificates/ca-bundle.crt'. * @type bool $stream Whether to stream to a file. If set to true and no filename was * given, it will be droped it in the WP temp dir and its name will * be set using the basename of the URL. Default false. * @type string $filename Filename of the file to write to when streaming. $stream must be * set to true. Default null. * @type int $limit_response_size Size in bytes to limit the response to. Default null. * * } * @return array|WP_Error Array containing 'headers', 'body', 'response', 'cookies', 'filename'. * A WP_Error instance upon error. */ public function request($url, $args = array()) { $defaults = array('method' => 'GET', 'timeout' => apply_filters('http_request_timeout', 5), 'redirection' => apply_filters('http_request_redirection_count', 5), 'httpversion' => apply_filters('http_request_version', '1.0'), 'user-agent' => apply_filters('http_headers_useragent', 'WordPress/' . get_bloginfo('version') . '; ' . get_bloginfo('url')), 'reject_unsafe_urls' => apply_filters('http_request_reject_unsafe_urls', false), 'blocking' => true, 'headers' => array(), 'cookies' => array(), 'body' => null, 'compress' => false, 'decompress' => true, 'sslverify' => true, 'sslcertificates' => ABSPATH . WPINC . '/certificates/ca-bundle.crt', 'stream' => false, 'filename' => null, 'limit_response_size' => null); // Pre-parse for the HEAD checks. $args = wp_parse_args($args); // By default, Head requests do not cause redirections. if (isset($args['method']) && 'HEAD' == $args['method']) { $defaults['redirection'] = 0; } $r = wp_parse_args($args, $defaults); /** * Filters the arguments used in an HTTP request. * * @since 2.7.0 * * @param array $r An array of HTTP request arguments. * @param string $url The request URL. */ $r = apply_filters('http_request_args', $r, $url); // The transports decrement this, store a copy of the original value for loop purposes. if (!isset($r['_redirection'])) { $r['_redirection'] = $r['redirection']; } /** * Filters whether to preempt an HTTP request's return value. * * Returning a non-false value from the filter will short-circuit the HTTP request and return * early with that value. A filter should return either: * * - An array containing 'headers', 'body', 'response', 'cookies', and 'filename' elements * - A WP_Error instance * - boolean false (to avoid short-circuiting the response) * * Returning any other value may result in unexpected behaviour. * * @since 2.9.0 * * @param false|array|WP_Error $preempt Whether to preempt an HTTP request's return value. Default false. * @param array $r HTTP request arguments. * @param string $url The request URL. */ $pre = apply_filters('pre_http_request', false, $r, $url); if (false !== $pre) { return $pre; } if (function_exists('wp_kses_bad_protocol')) { if ($r['reject_unsafe_urls']) { $url = wp_http_validate_url($url); } if ($url) { $url = wp_kses_bad_protocol($url, array('http', 'https', 'ssl')); } } $arrURL = @parse_url($url); if (empty($url) || empty($arrURL['scheme'])) { return new WP_Error('http_request_failed', __('A valid URL was not provided.')); } if ($this->block_request($url)) { return new WP_Error('http_request_failed', __('User has blocked requests through HTTP.')); } // If we are streaming to a file but no filename was given drop it in the WP temp dir // and pick its name using the basename of the $url if ($r['stream']) { if (empty($r['filename'])) { $r['filename'] = get_temp_dir() . basename($url); } // Force some settings if we are streaming to a file and check for existence and perms of destination directory $r['blocking'] = true; if (!wp_is_writable(dirname($r['filename']))) { return new WP_Error('http_request_failed', __('Destination directory for file streaming does not exist or is not writable.')); } } if (is_null($r['headers'])) { $r['headers'] = array(); } // WP allows passing in headers as a string, weirdly. if (!is_array($r['headers'])) { $processedHeaders = WP_Http::processHeaders($r['headers']); $r['headers'] = $processedHeaders['headers']; } // Setup arguments $headers = $r['headers']; $data = $r['body']; $type = $r['method']; $options = array('timeout' => $r['timeout'], 'useragent' => $r['user-agent'], 'blocking' => $r['blocking'], 'hooks' => new WP_HTTP_Requests_Hooks($url, $r)); // Ensure redirects follow browser behaviour. $options['hooks']->register('requests.before_redirect', array(get_class(), 'browser_redirect_compatibility')); if ($r['stream']) { $options['filename'] = $r['filename']; } if (empty($r['redirection'])) { $options['follow_redirects'] = false; } else { $options['redirects'] = $r['redirection']; } // Use byte limit, if we can if (isset($r['limit_response_size'])) { $options['max_bytes'] = $r['limit_response_size']; } // If we've got cookies, use and convert them to Requests_Cookie. if (!empty($r['cookies'])) { $options['cookies'] = WP_Http::normalize_cookies($r['cookies']); } // SSL certificate handling if (!$r['sslverify']) { $options['verify'] = false; $options['verifyname'] = false; } else { $options['verify'] = $r['sslcertificates']; } // All non-GET/HEAD requests should put the arguments in the form body. if ('HEAD' !== $type && 'GET' !== $type) { $options['data_format'] = 'body'; } /** * Filters whether SSL should be verified for non-local requests. * * @since 2.8.0 * * @param bool $ssl_verify Whether to verify the SSL connection. Default true. */ $options['verify'] = apply_filters('https_ssl_verify', $options['verify']); // Check for proxies. $proxy = new WP_HTTP_Proxy(); if ($proxy->is_enabled() && $proxy->send_through_proxy($url)) { $options['proxy'] = new Requests_Proxy_HTTP($proxy->host() . ':' . $proxy->port()); if ($proxy->use_authentication()) { $options['proxy']->use_authentication = true; $options['proxy']->user = $proxy->username(); $options['proxy']->pass = $proxy->password(); } } // Avoid issues where mbstring.func_overload is enabled mbstring_binary_safe_encoding(); try { $requests_response = Requests::request($url, $headers, $data, $type, $options); // Convert the response into an array $http_response = new WP_HTTP_Requests_Response($requests_response, $r['filename']); $response = $http_response->to_array(); // Add the original object to the array. $response['http_response'] = $http_response; } catch (Requests_Exception $e) { $response = new WP_Error('http_request_failed', $e->getMessage()); } reset_mbstring_encoding(); /** * Fires after an HTTP API response is received and before the response is returned. * * @since 2.8.0 * * @param array|WP_Error $response HTTP response or WP_Error object. * @param string $context Context under which the hook is fired. * @param string $class HTTP transport used. * @param array $args HTTP request arguments. * @param string $url The request URL. */ do_action('http_api_debug', $response, 'response', 'Requests', $r, $url); if (is_wp_error($response)) { return $response; } if (!$r['blocking']) { return array('headers' => array(), 'body' => '', 'response' => array('code' => false, 'message' => false), 'cookies' => array(), 'http_response' => null); } /** * Filters the HTTP API response immediately before the response is returned. * * @since 2.9.0 * * @param array $response HTTP response. * @param array $r HTTP request arguments. * @param string $url The request URL. */ return apply_filters('http_response', $response, $r, $url); }
/** * Handle redirecting the user after authorization * * @param string $verifier Verification code * @return null|WP_Error Null on success, error otherwise */ public function handle_callback_redirect($verifier) { if (!empty($this->token['callback']) && $this->token['callback'] === 'oob') { return apply_filters('json_oauth1_handle_callback', null, $this->token); } if (empty($this->token['callback'])) { // No callback registered, display verification code to the user login_header(__('Access Token')); echo '<p>' . sprintf(__('Your verification token is <code>%s</code>'), $verifier) . '</p>'; login_footer(); return null; } $callback = $this->token['callback']; // Ensure the URL is safe to access // wp_http_validate_url is overly restrictive for desktop applications which might use // 127.0.0.1:xx for the callback. Add hook that allows localhost and check scheme/host of URL. $filtered_callback = parse_url($callback); $filtered_callback = $filtered_callback['scheme'] . '://' . $filtered_callback['host']; add_filter('http_request_host_is_external', array('WP_JSON_Authentication_OAuth1_Authorize', 'http_request_allow_external')); $filtered_callback = wp_http_validate_url($filtered_callback); remove_filter('http_request_host_is_external', array('WP_JSON_Authentication_OAuth1_Authorize', 'http_request_allow_external')); if (empty($filtered_callback)) { return new WP_Error('json_oauth1_invalid_callback', __('The callback URL is invalid'), array('status' => 400)); } $args = array('oauth_token' => $this->token['key'], 'oauth_verifier' => $verifier, 'wp_scope' => '*'); $args = apply_filters('json_oauth1_callback_args', $args, $token); $args = urlencode_deep($args); $callback = add_query_arg($args, $callback); wp_redirect($callback); return null; }
/** * Handle redirecting the user after authorization * * @param string $verifier Verification code * @return null|WP_Error Null on success, error otherwise */ public function handle_callback_redirect($verifier) { if (!empty($this->token['callback']) && $this->token['callback'] === 'oob') { return apply_filters('json_oauth1_handle_callback', null, $this->token); } if (empty($this->token['callback'])) { // No callback registered, display verification code to the user login_header(__('Access Token')); echo '<p>' . sprintf(__('Your verification token is <code>%s</code>'), $verifier) . '</p>'; login_footer(); return null; } $callback = $this->token['callback']; // Ensure the URL is safe to access $callback = wp_http_validate_url($callback); if (empty($callback)) { return new WP_Error('json_oauth1_invalid_callback', __('The callback URL is invalid'), array('status' => 400)); } $args = array('oauth_token' => $this->token['key'], 'oauth_verifier' => $verifier, 'wp_scope' => '*'); $args = apply_filters('json_oauth1_callback_args', $args, $this->token); $args = urlencode_deep($args); $callback = add_query_arg($args, $callback); wp_redirect($callback); return null; }
public function image_exist() { if (false == $this->image() || empty($this->img_src)) { return false; } $result = array(); if (false == $this->is_local_attachment()) { if (false == wp_http_validate_url($this->img_src)) { return false; } $result['external'] = $this->img_src; return $result; } $this->img_src = preg_replace('/-\\d+x\\d+(?=\\.(jpg|jpeg|png|gif)$)/i', '', $this->img_src); $img_filename = str_replace($this->upurl . '/', '', $this->img_src); $img_path = $this->updir . '/' . $img_filename; if (file_exists($img_path) && false != getimagesize($img_path)) { if (5 > getimagesize($img_path)[0] || 5 > getimagesize($img_path)[1]) { $result['toosmall'] = array('filename' => $img_filename, 'path' => $img_path); } else { $result['exists'] = array('filename' => $img_filename, 'path' => $img_path, 'src' => $this->img_src); } } else { $result['noexists'] = array('src' => $this->img_src); } return $result; }
/** * PURGE a single URL * * @param string $url The specific URL to purge the cache for * * @return bool True on success */ public function queue_purge_url($url) { $url = esc_url_raw($url); $url = wp_http_validate_url($url); if (false === $url) { return false; } $this->purge_urls[] = $url; return true; }