/**
* Send an HTTP request to a URI.
*
* Please note: The only URI that are supported in the HTTP Transport implementation
* are the HTTP and HTTPS protocols.
*
* @access public
* @since 2.7.0
*
* @global string $wp_version
*
* @param string $url The request URL.
* @param string|array $args {
* Optional. Array or string of HTTP request arguments.
*
* @type string $method Request method. Accepts 'GET', 'POST', 'HEAD', or 'PUT'.
* Some transports technically allow others, but should not be
* assumed. Default 'GET'.
* @type int $timeout How long the connection should stay open in seconds. Default 5.
* @type int $redirection Number of allowed redirects. Not supported by all transports
* Default 5.
* @type string $httpversion Version of the HTTP protocol to use. Accepts '1.0' and '1.1'.
* Default '1.0'.
* @type string $user-agent User-agent value sent.
* Default WordPress/' . $wp_version . '; ' . get_bloginfo( 'url' ).
* @type bool $reject_unsafe_urls Whether to pass URLs through {@see wp_http_validate_url()}.
* Default false.
* @type bool $blocking Whether the calling code requires the result of the request.
* If set to false, the request will be sent to the remote server,
* and processing returned to the calling code immediately, the caller
* will know if the request succeeded or failed, but will not receive
* any response from the remote server. Default true.
* @type string|array $headers Array or string of headers to send with the request.
* Default empty array.
* @type array $cookies List of cookies to send with the request. Default empty array.
* @type string|array $body Body to send with the request. Default null.
* @type bool $compress Whether to compress the $body when sending the request.
* Default false.
* @type bool $decompress Whether to decompress a compressed response. If set to false and
* compressed content is returned in the response anyway, it will
* need to be separately decompressed. Default true.
* @type bool $sslverify Whether to verify SSL for the request. Default true.
* @type string sslcertificates Absolute path to an SSL certificate .crt file.
* Default ABSPATH . WPINC . '/certificates/ca-bundle.crt'.
* @type bool $stream Whether to stream to a file. If set to true and no filename was
* given, it will be droped it in the WP temp dir and its name will
* be set using the basename of the URL. Default false.
* @type string $filename Filename of the file to write to when streaming. $stream must be
* set to true. Default null.
* @type int $limit_response_size Size in bytes to limit the response to. Default null.
*
* }
* @return array|WP_Error Array containing 'headers', 'body', 'response', 'cookies', 'filename'.
* A WP_Error instance upon error.
*/
public function request($url, $args = array())
{
global $wp_version;
$defaults = array('method' => 'GET', 'timeout' => apply_filters('http_request_timeout', 5), 'redirection' => apply_filters('http_request_redirection_count', 5), 'httpversion' => apply_filters('http_request_version', '1.0'), 'user-agent' => apply_filters('http_headers_useragent', 'WordPress/' . $wp_version . '; ' . get_bloginfo('url')), 'reject_unsafe_urls' => apply_filters('http_request_reject_unsafe_urls', false), 'blocking' => true, 'headers' => array(), 'cookies' => array(), 'body' => null, 'compress' => false, 'decompress' => true, 'sslverify' => true, 'sslcertificates' => ABSPATH . WPINC . '/certificates/ca-bundle.crt', 'stream' => false, 'filename' => null, 'limit_response_size' => null);
// Pre-parse for the HEAD checks.
$args = wp_parse_args($args);
// By default, Head requests do not cause redirections.
if (isset($args['method']) && 'HEAD' == $args['method']) {
$defaults['redirection'] = 0;
}
$r = wp_parse_args($args, $defaults);
/**
* Filter the arguments used in an HTTP request.
*
* @since 2.7.0
*
* @param array $r An array of HTTP request arguments.
* @param string $url The request URL.
*/
$r = apply_filters('http_request_args', $r, $url);
// The transports decrement this, store a copy of the original value for loop purposes.
if (!isset($r['_redirection'])) {
$r['_redirection'] = $r['redirection'];
}
/**
* Filter whether to preempt an HTTP request's return value.
*
* Returning a non-false value from the filter will short-circuit the HTTP request and return
* early with that value. A filter should return either:
*
* - An array containing 'headers', 'body', 'response', 'cookies', and 'filename' elements
* - A WP_Error instance
* - boolean false (to avoid short-circuiting the response)
*
* Returning any other value may result in unexpected behaviour.
*
* @since 2.9.0
*
* @param false|array|WP_Error $preempt Whether to preempt an HTTP request's return value. Default false.
* @param array $r HTTP request arguments.
* @param string $url The request URL.
*/
$pre = apply_filters('pre_http_request', false, $r, $url);
if (false !== $pre) {
return $pre;
}
if (function_exists('wp_kses_bad_protocol')) {
if ($r['reject_unsafe_urls']) {
$url = wp_http_validate_url($url);
}
if ($url) {
$url = wp_kses_bad_protocol($url, array('http', 'https', 'ssl'));
}
}
$arrURL = @parse_url($url);
if (empty($url) || empty($arrURL['scheme'])) {
return new WP_Error('http_request_failed', __('A valid URL was not provided.'));
}
if ($this->block_request($url)) {
return new WP_Error('http_request_failed', __('User has blocked requests through HTTP.'));
}
/*
* Determine if this is a https call and pass that on to the transport functions
* so that we can blacklist the transports that do not support ssl verification
*/
$r['ssl'] = $arrURL['scheme'] == 'https' || $arrURL['scheme'] == 'ssl';
// Determine if this request is to OUR install of WordPress.
$homeURL = parse_url(get_bloginfo('url'));
$r['local'] = 'localhost' == $arrURL['host'] || isset($homeURL['host']) && $homeURL['host'] == $arrURL['host'];
unset($homeURL);
/*
* If we are streaming to a file but no filename was given drop it in the WP temp dir
* and pick its name using the basename of the $url.
*/
if ($r['stream'] && empty($r['filename'])) {
$r['filename'] = get_temp_dir() . wp_unique_filename(get_temp_dir(), basename($url));
}
/*
* Force some settings if we are streaming to a file and check for existence and perms
* of destination directory.
*/
if ($r['stream']) {
$r['blocking'] = true;
if (!wp_is_writable(dirname($r['filename']))) {
return new WP_Error('http_request_failed', __('Destination directory for file streaming does not exist or is not writable.'));
}
}
if (is_null($r['headers'])) {
$r['headers'] = array();
}
if (!is_array($r['headers'])) {
$processedHeaders = self::processHeaders($r['headers'], $url);
$r['headers'] = $processedHeaders['headers'];
}
if (isset($r['headers']['User-Agent'])) {
$r['user-agent'] = $r['headers']['User-Agent'];
unset($r['headers']['User-Agent']);
}
if (isset($r['headers']['user-agent'])) {
$r['user-agent'] = $r['headers']['user-agent'];
unset($r['headers']['user-agent']);
}
if ('1.1' == $r['httpversion'] && !isset($r['headers']['connection'])) {
$r['headers']['connection'] = 'close';
}
// Construct Cookie: header if any cookies are set.
self::buildCookieHeader($r);
// Avoid issues where mbstring.func_overload is enabled.
mbstring_binary_safe_encoding();
if (!isset($r['headers']['Accept-Encoding'])) {
if ($encoding = WP_Http_Encoding::accept_encoding($url, $r)) {
$r['headers']['Accept-Encoding'] = $encoding;
}
}
if (!is_null($r['body']) && '' != $r['body'] || 'POST' == $r['method'] || 'PUT' == $r['method']) {
if (is_array($r['body']) || is_object($r['body'])) {
$r['body'] = http_build_query($r['body'], null, '&');
if (!isset($r['headers']['Content-Type'])) {
$r['headers']['Content-Type'] = 'application/x-www-form-urlencoded; charset=' . get_option('blog_charset');
}
}
if ('' === $r['body']) {
$r['body'] = null;
}
if (!isset($r['headers']['Content-Length']) && !isset($r['headers']['content-length'])) {
$r['headers']['Content-Length'] = strlen($r['body']);
}
}
$response = $this->_dispatch_request($url, $r);
reset_mbstring_encoding();
if (is_wp_error($response)) {
return $response;
}
// Append cookies that were used in this request to the response
if (!empty($r['cookies'])) {
$cookies_set = wp_list_pluck($response['cookies'], 'name');
foreach ($r['cookies'] as $cookie) {
if (!in_array($cookie->name, $cookies_set) && $cookie->test($url)) {
$response['cookies'][] = $cookie;
}
}
}
return $response;
}
/**
* Send a HTTP request to a URI using cURL extension.
*
* @access public
* @since 2.7.0
*
* @param string $url The request URL.
* @param string|array $args Optional. Override the defaults.
* @return array|WP_Error Array containing 'headers', 'body', 'response', 'cookies', 'filename'. A WP_Error instance upon error
*/
public function request($url, $args = array())
{
$defaults = array('method' => 'GET', 'timeout' => 5, 'redirection' => 5, 'httpversion' => '1.0', 'blocking' => true, 'headers' => array(), 'body' => null, 'cookies' => array());
$r = wp_parse_args($args, $defaults);
if (isset($r['headers']['User-Agent'])) {
$r['user-agent'] = $r['headers']['User-Agent'];
unset($r['headers']['User-Agent']);
} elseif (isset($r['headers']['user-agent'])) {
$r['user-agent'] = $r['headers']['user-agent'];
unset($r['headers']['user-agent']);
}
// Construct Cookie: header if any cookies are set.
WP_Http::buildCookieHeader($r);
$handle = curl_init();
// cURL offers really easy proxy support.
$proxy = new WP_HTTP_Proxy();
if ($proxy->is_enabled() && $proxy->send_through_proxy($url)) {
curl_setopt($handle, CURLOPT_PROXYTYPE, CURLPROXY_HTTP);
curl_setopt($handle, CURLOPT_PROXY, $proxy->host());
curl_setopt($handle, CURLOPT_PROXYPORT, $proxy->port());
if ($proxy->use_authentication()) {
curl_setopt($handle, CURLOPT_PROXYAUTH, CURLAUTH_ANY);
curl_setopt($handle, CURLOPT_PROXYUSERPWD, $proxy->authentication());
}
}
$is_local = isset($r['local']) && $r['local'];
$ssl_verify = isset($r['sslverify']) && $r['sslverify'];
if ($is_local) {
/** This filter is documented in wp-includes/class-wp-http-streams.php */
$ssl_verify = apply_filters('https_local_ssl_verify', $ssl_verify);
} elseif (!$is_local) {
/** This filter is documented in wp-includes/class-wp-http-streams.php */
$ssl_verify = apply_filters('https_ssl_verify', $ssl_verify);
}
/*
* CURLOPT_TIMEOUT and CURLOPT_CONNECTTIMEOUT expect integers. Have to use ceil since.
* a value of 0 will allow an unlimited timeout.
*/
$timeout = (int) ceil($r['timeout']);
curl_setopt($handle, CURLOPT_CONNECTTIMEOUT, $timeout);
curl_setopt($handle, CURLOPT_TIMEOUT, $timeout);
curl_setopt($handle, CURLOPT_URL, $url);
curl_setopt($handle, CURLOPT_RETURNTRANSFER, true);
curl_setopt($handle, CURLOPT_SSL_VERIFYHOST, $ssl_verify === true ? 2 : false);
curl_setopt($handle, CURLOPT_SSL_VERIFYPEER, $ssl_verify);
if ($ssl_verify) {
curl_setopt($handle, CURLOPT_CAINFO, $r['sslcertificates']);
}
curl_setopt($handle, CURLOPT_USERAGENT, $r['user-agent']);
/*
* The option doesn't work with safe mode or when open_basedir is set, and there's
* a bug #17490 with redirected POST requests, so handle redirections outside Curl.
*/
curl_setopt($handle, CURLOPT_FOLLOWLOCATION, false);
if (defined('CURLOPT_PROTOCOLS')) {
// PHP 5.2.10 / cURL 7.19.4
curl_setopt($handle, CURLOPT_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS);
}
switch ($r['method']) {
case 'HEAD':
curl_setopt($handle, CURLOPT_NOBODY, true);
break;
case 'POST':
curl_setopt($handle, CURLOPT_POST, true);
curl_setopt($handle, CURLOPT_POSTFIELDS, $r['body']);
break;
case 'PUT':
curl_setopt($handle, CURLOPT_CUSTOMREQUEST, 'PUT');
curl_setopt($handle, CURLOPT_POSTFIELDS, $r['body']);
break;
default:
curl_setopt($handle, CURLOPT_CUSTOMREQUEST, $r['method']);
if (!is_null($r['body'])) {
curl_setopt($handle, CURLOPT_POSTFIELDS, $r['body']);
}
break;
}
if (true === $r['blocking']) {
curl_setopt($handle, CURLOPT_HEADERFUNCTION, array($this, 'stream_headers'));
curl_setopt($handle, CURLOPT_WRITEFUNCTION, array($this, 'stream_body'));
}
curl_setopt($handle, CURLOPT_HEADER, false);
if (isset($r['limit_response_size'])) {
$this->max_body_length = intval($r['limit_response_size']);
} else {
$this->max_body_length = false;
}
// If streaming to a file open a file handle, and setup our curl streaming handler.
if ($r['stream']) {
if (!WP_DEBUG) {
$this->stream_handle = @fopen($r['filename'], 'w+');
} else {
$this->stream_handle = fopen($r['filename'], 'w+');
}
if (!$this->stream_handle) {
return new WP_Error('http_request_failed', sprintf(__('Could not open handle for fopen() to %s'), $r['filename']));
}
} else {
$this->stream_handle = false;
}
if (!empty($r['headers'])) {
// cURL expects full header strings in each element.
$headers = array();
foreach ($r['headers'] as $name => $value) {
$headers[] = "{$name}: {$value}";
}
curl_setopt($handle, CURLOPT_HTTPHEADER, $headers);
}
if ($r['httpversion'] == '1.0') {
curl_setopt($handle, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0);
} else {
curl_setopt($handle, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
}
/**
* Fires before the cURL request is executed.
*
* Cookies are not currently handled by the HTTP API. This action allows
* plugins to handle cookies themselves.
*
* @since 2.8.0
*
* @param resource &$handle The cURL handle returned by curl_init().
* @param array $r The HTTP request arguments.
* @param string $url The request URL.
*/
do_action_ref_array('http_api_curl', array(&$handle, $r, $url));
// We don't need to return the body, so don't. Just execute request and return.
if (!$r['blocking']) {
curl_exec($handle);
if ($curl_error = curl_error($handle)) {
curl_close($handle);
return new WP_Error('http_request_failed', $curl_error);
}
if (in_array(curl_getinfo($handle, CURLINFO_HTTP_CODE), array(301, 302))) {
curl_close($handle);
return new WP_Error('http_request_failed', __('Too many redirects.'));
}
curl_close($handle);
return array('headers' => array(), 'body' => '', 'response' => array('code' => false, 'message' => false), 'cookies' => array());
}
curl_exec($handle);
$theHeaders = WP_Http::processHeaders($this->headers, $url);
$theBody = $this->body;
$bytes_written_total = $this->bytes_written_total;
$this->headers = '';
$this->body = '';
$this->bytes_written_total = 0;
$curl_error = curl_errno($handle);
// If an error occurred, or, no response.
if ($curl_error || 0 == strlen($theBody) && empty($theHeaders['headers'])) {
if (CURLE_WRITE_ERROR == $curl_error) {
if (!$this->max_body_length || $this->max_body_length != $bytes_written_total) {
if ($r['stream']) {
curl_close($handle);
fclose($this->stream_handle);
return new WP_Error('http_request_failed', __('Failed to write request to temporary file.'));
} else {
curl_close($handle);
return new WP_Error('http_request_failed', curl_error($handle));
}
}
} else {
if ($curl_error = curl_error($handle)) {
curl_close($handle);
return new WP_Error('http_request_failed', $curl_error);
}
}
if (in_array(curl_getinfo($handle, CURLINFO_HTTP_CODE), array(301, 302))) {
curl_close($handle);
return new WP_Error('http_request_failed', __('Too many redirects.'));
}
}
curl_close($handle);
if ($r['stream']) {
fclose($this->stream_handle);
}
$response = array('headers' => $theHeaders['headers'], 'body' => null, 'response' => $theHeaders['response'], 'cookies' => $theHeaders['cookies'], 'filename' => $r['filename']);
// Handle redirects.
if (false !== ($redirect_response = WP_HTTP::handle_redirects($url, $r, $response))) {
return $redirect_response;
}
if (true === $r['decompress'] && true === WP_Http_Encoding::should_decode($theHeaders['headers'])) {
$theBody = WP_Http_Encoding::decompress($theBody);
}
$response['body'] = $theBody;
return $response;
}