}
/**
- * Retrieve only the body from the raw response.
+ * Retrieve only the cookies from the raw response.
*
* @since 4.4.0
*
* @since 3.4.0
*
* @param null|string $origin Origin URL. If not provided, the value of get_http_origin() is used.
- * @return string True if the origin is allowed. False otherwise.
+ * @return string Origin URL if allowed, empty string if not.
*/
function is_allowed_http_origin( $origin = null ) {
$origin_arg = $origin;
*
* @since 3.4.0
*
- * @param string $origin Result of check for allowed origin.
+ * @param string $origin Origin URL if allowed, empty string if not.
* @param string $origin_arg Original origin string passed into is_allowed_http_origin function.
*/
return apply_filters( 'allowed_http_origin', $origin, $origin_arg );
$parsed_home = @parse_url( get_option( 'home' ) );
- $same_host = strtolower( $parsed_home['host'] ) === strtolower( $parsed_url['host'] );
+ if ( isset( $parsed_home['host'] ) ) {
+ $same_host = ( strtolower( $parsed_home['host'] ) === strtolower( $parsed_url['host'] ) || 'localhost' === strtolower( $parsed_url['host'] ) );
+ } else {
+ $same_host = false;
+ }
if ( ! $same_host ) {
$host = trim( $parsed_url['host'], '.' );
- if ( preg_match( '#^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$#', $host ) ) {
+ if ( preg_match( '#^(([1-9]?\d|1\d\d|25[0-5]|2[0-4]\d)\.){3}([1-9]?\d|1\d\d|25[0-5]|2[0-4]\d)$#', $host ) ) {
$ip = $host;
} else {
$ip = gethostbyname( $host );
}
if ( $ip ) {
$parts = array_map( 'intval', explode( '.', $ip ) );
- if ( 127 === $parts[0] || 10 === $parts[0]
+ if ( 127 === $parts[0] || 10 === $parts[0] || 0 === $parts[0]
|| ( 172 === $parts[0] && 16 <= $parts[1] && 31 >= $parts[1] )
|| ( 192 === $parts[0] && 168 === $parts[1] )
) {