* @return array The headers of the response. Empty array if incorrect parameter given.
*/
function wp_remote_retrieve_headers( $response ) {
- if ( is_wp_error($response) || ! isset($response['headers']) || ! is_array($response['headers']))
+ if ( is_wp_error( $response ) || ! isset( $response['headers'] ) ) {
return array();
+ }
return $response['headers'];
}
* @return string The header value. Empty string on if incorrect parameter given, or if the header doesn't exist.
*/
function wp_remote_retrieve_header( $response, $header ) {
- if ( is_wp_error($response) || ! isset($response['headers']) || ! is_array($response['headers']))
+ if ( is_wp_error( $response ) || ! isset( $response['headers'] ) ) {
return '';
+ }
- if ( array_key_exists($header, $response['headers']) )
+ if ( isset( $response['headers'][ $header ] ) ) {
return $response['headers'][$header];
+ }
return '';
}
}
/**
- * Retrieve only the body from the raw response.
+ * Retrieve only the cookies from the raw response.
*
* @since 4.4.0
*
* @since 3.4.0
*
* @param null|string $origin Origin URL. If not provided, the value of get_http_origin() is used.
- * @return string True if the origin is allowed. False otherwise.
+ * @return string Origin URL if allowed, empty string if not.
*/
function is_allowed_http_origin( $origin = null ) {
$origin_arg = $origin;
*
* @since 3.4.0
*
- * @param string $origin Result of check for allowed origin.
+ * @param string $origin Origin URL if allowed, empty string if not.
* @param string $origin_arg Original origin string passed into is_allowed_http_origin function.
*/
return apply_filters( 'allowed_http_origin', $origin, $origin_arg );
$parsed_home = @parse_url( get_option( 'home' ) );
- $same_host = strtolower( $parsed_home['host'] ) === strtolower( $parsed_url['host'] );
+ if ( isset( $parsed_home['host'] ) ) {
+ $same_host = ( strtolower( $parsed_home['host'] ) === strtolower( $parsed_url['host'] ) || 'localhost' === strtolower( $parsed_url['host'] ) );
+ } else {
+ $same_host = false;
+ }
if ( ! $same_host ) {
$host = trim( $parsed_url['host'], '.' );
- if ( preg_match( '#^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$#', $host ) ) {
+ if ( preg_match( '#^(([1-9]?\d|1\d\d|25[0-5]|2[0-4]\d)\.){3}([1-9]?\d|1\d\d|25[0-5]|2[0-4]\d)$#', $host ) ) {
$ip = $host;
} else {
$ip = gethostbyname( $host );
}
if ( $ip ) {
$parts = array_map( 'intval', explode( '.', $ip ) );
- if ( 127 === $parts[0] || 10 === $parts[0]
+ if ( 127 === $parts[0] || 10 === $parts[0] || 0 === $parts[0]
|| ( 172 === $parts[0] && 16 <= $parts[1] && 31 >= $parts[1] )
|| ( 192 === $parts[0] && 168 === $parts[1] )
) {
/**
* Whitelists allowed redirect hosts for safe HTTP requests as well.
*
- * Attached to the http_request_host_is_external filter.
+ * Attached to the {@see 'http_request_host_is_external'} filter.
*
* @since 3.6.0
*
/**
* Whitelists any domain in a multisite installation for safe HTTP requests.
*
- * Attached to the http_request_host_is_external filter.
+ * Attached to the {@see 'http_request_host_is_external'} filter.
*
* @since 3.6.0
*