X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/0459461f9ea42e0b090759ff6fe5f48360bef750..refs/tags/wordpress-4.5:/wp-includes/http.php diff --git a/wp-includes/http.php b/wp-includes/http.php index 9f254a15..dc750371 100644 --- a/wp-includes/http.php +++ b/wp-includes/http.php @@ -288,7 +288,7 @@ function wp_remote_retrieve_body( $response ) { } /** - * Retrieve only the body from the raw response. + * Retrieve only the cookies from the raw response. * * @since 4.4.0 * @@ -443,7 +443,7 @@ function get_allowed_http_origins() { * @since 3.4.0 * * @param null|string $origin Origin URL. If not provided, the value of get_http_origin() is used. - * @return string True if the origin is allowed. False otherwise. + * @return string Origin URL if allowed, empty string if not. */ function is_allowed_http_origin( $origin = null ) { $origin_arg = $origin; @@ -459,7 +459,7 @@ function is_allowed_http_origin( $origin = null ) { * * @since 3.4.0 * - * @param string $origin Result of check for allowed origin. + * @param string $origin Origin URL if allowed, empty string if not. * @param string $origin_arg Original origin string passed into is_allowed_http_origin function. */ return apply_filters( 'allowed_http_origin', $origin, $origin_arg ); @@ -523,11 +523,15 @@ function wp_http_validate_url( $url ) { $parsed_home = @parse_url( get_option( 'home' ) ); - $same_host = strtolower( $parsed_home['host'] ) === strtolower( $parsed_url['host'] ); + if ( isset( $parsed_home['host'] ) ) { + $same_host = ( strtolower( $parsed_home['host'] ) === strtolower( $parsed_url['host'] ) || 'localhost' === strtolower( $parsed_url['host'] ) ); + } else { + $same_host = false; + } if ( ! $same_host ) { $host = trim( $parsed_url['host'], '.' ); - if ( preg_match( '#^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$#', $host ) ) { + if ( preg_match( '#^(([1-9]?\d|1\d\d|25[0-5]|2[0-4]\d)\.){3}([1-9]?\d|1\d\d|25[0-5]|2[0-4]\d)$#', $host ) ) { $ip = $host; } else { $ip = gethostbyname( $host );