WordPress 4.6.3-scripts

[autoinstalls/wordpress.git] / wp-includes / http.php

diff --git a/wp-includes/http.php b/wp-includes/http.php
index 9f254a15be296e81e4680cb7aea361a2863909a1..130eae3c37ccbd8b167afd021683cf3e14e37d58 100644 (file)
--- a/wp-includes/http.php
+++ b/wp-includes/http.php
@@ -213,8 +213,9 @@ function wp_remote_head($url, $args = array()) {
  * @return array The headers of the response. Empty array if incorrect parameter given.
  */
 function wp_remote_retrieve_headers( $response ) {
-       if ( is_wp_error($response) || ! isset($response['headers']) || ! is_array($response['headers']))
+       if ( is_wp_error( $response ) || ! isset( $response['headers'] ) ) {
                return array();
+       }
 
        return $response['headers'];
 }
@@ -229,11 +230,13 @@ function wp_remote_retrieve_headers( $response ) {
  * @return string The header value. Empty string on if incorrect parameter given, or if the header doesn't exist.
  */
 function wp_remote_retrieve_header( $response, $header ) {
-       if ( is_wp_error($response) || ! isset($response['headers']) || ! is_array($response['headers']))
+       if ( is_wp_error( $response ) || ! isset( $response['headers'] ) ) {
                return '';
+       }
 
-       if ( array_key_exists($header, $response['headers']) )
+       if ( isset( $response['headers'][ $header ] ) ) {
                return $response['headers'][$header];
+       }
 
        return '';
 }
@@ -288,7 +291,7 @@ function wp_remote_retrieve_body( $response ) {
 }
 
 /**
- * Retrieve only the body from the raw response.
+ * Retrieve only the cookies from the raw response.
  *
  * @since 4.4.0
  *
@@ -443,7 +446,7 @@ function get_allowed_http_origins() {
  * @since 3.4.0
  *
  * @param null|string $origin Origin URL. If not provided, the value of get_http_origin() is used.
- * @return string True if the origin is allowed. False otherwise.
+ * @return string Origin URL if allowed, empty string if not.
  */
 function is_allowed_http_origin( $origin = null ) {
        $origin_arg = $origin;
@@ -459,7 +462,7 @@ function is_allowed_http_origin( $origin = null ) {
         *
         * @since 3.4.0
         *
-        * @param string $origin     Result of check for allowed origin.
+        * @param string $origin     Origin URL if allowed, empty string if not.
         * @param string $origin_arg Original origin string passed into is_allowed_http_origin function.
         */
        return apply_filters( 'allowed_http_origin', $origin, $origin_arg );
@@ -523,11 +526,15 @@ function wp_http_validate_url( $url ) {
 
        $parsed_home = @parse_url( get_option( 'home' ) );
 
-       $same_host = strtolower( $parsed_home['host'] ) === strtolower( $parsed_url['host'] );
+       if ( isset( $parsed_home['host'] ) ) {
+               $same_host = ( strtolower( $parsed_home['host'] ) === strtolower( $parsed_url['host'] ) || 'localhost' === strtolower( $parsed_url['host'] ) );
+       } else {
+               $same_host = false;
+       }
 
        if ( ! $same_host ) {
                $host = trim( $parsed_url['host'], '.' );
-               if ( preg_match( '#^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$#', $host ) ) {
+               if ( preg_match( '#^(([1-9]?\d|1\d\d|25[0-5]|2[0-4]\d)\.){3}([1-9]?\d|1\d\d|25[0-5]|2[0-4]\d)$#', $host ) ) {
                        $ip = $host;
                } else {
                        $ip = gethostbyname( $host );
@@ -574,7 +581,7 @@ function wp_http_validate_url( $url ) {
 /**
  * Whitelists allowed redirect hosts for safe HTTP requests as well.
  *
- * Attached to the http_request_host_is_external filter.
+ * Attached to the {@see 'http_request_host_is_external'} filter.
  *
  * @since 3.6.0
  *
@@ -591,7 +598,7 @@ function allowed_http_request_hosts( $is_external, $host ) {
 /**
  * Whitelists any domain in a multisite installation for safe HTTP requests.
  *
- * Attached to the http_request_host_is_external filter.
+ * Attached to the {@see 'http_request_host_is_external'} filter.
  *
  * @since 3.6.0
  *