X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/53f4633144ed68c8b8fb5861f992b5489894a940..f739362bc2205036998dacdccb4f07eda9048877:/wp-includes/http.php

diff --git a/wp-includes/http.php b/wp-includes/http.php
index 4768c7fd..130eae3c 100644
--- a/wp-includes/http.php
+++ b/wp-includes/http.php
@@ -1,14 +1,12 @@
 <?php
 /**
- * Simple and uniform HTTP request API.
+ * Core HTTP Request API
  *
- * Will eventually replace and standardize the WordPress HTTP requests made.
- *
- * @link https://core.trac.wordpress.org/ticket/4779 HTTP API Proposal
+ * Standardizes the HTTP requests for WordPress. Handles cookies, gzip encoding and decoding, chunk
+ * decoding, if HTTP 1.1 and various other difficult HTTP protocol implementations.
  *
  * @package WordPress
  * @subpackage HTTP
- * @since 2.7.0
  */
 
 /**
@@ -215,8 +213,9 @@ function wp_remote_head($url, $args = array()) {
  * @return array The headers of the response. Empty array if incorrect parameter given.
  */
 function wp_remote_retrieve_headers( $response ) {
-	if ( is_wp_error($response) || ! isset($response['headers']) || ! is_array($response['headers']))
+	if ( is_wp_error( $response ) || ! isset( $response['headers'] ) ) {
 		return array();
+	}
 
 	return $response['headers'];
 }
@@ -231,11 +230,13 @@ function wp_remote_retrieve_headers( $response ) {
  * @return string The header value. Empty string on if incorrect parameter given, or if the header doesn't exist.
  */
 function wp_remote_retrieve_header( $response, $header ) {
-	if ( is_wp_error($response) || ! isset($response['headers']) || ! is_array($response['headers']))
+	if ( is_wp_error( $response ) || ! isset( $response['headers'] ) ) {
 		return '';
+	}
 
-	if ( array_key_exists($header, $response['headers']) )
+	if ( isset( $response['headers'][ $header ] ) ) {
 		return $response['headers'][$header];
+	}
 
 	return '';
 }
@@ -289,6 +290,66 @@ function wp_remote_retrieve_body( $response ) {
 	return $response['body'];
 }
 
+/**
+ * Retrieve only the cookies from the raw response.
+ *
+ * @since 4.4.0
+ *
+ * @param array $response HTTP response.
+ * @return array An array of `WP_Http_Cookie` objects from the response. Empty array if there are none, or the response is a WP_Error.
+ */
+function wp_remote_retrieve_cookies( $response ) {
+	if ( is_wp_error( $response ) || empty( $response['cookies'] ) ) {
+		return array();
+	}
+
+	return $response['cookies'];
+}
+
+/**
+ * Retrieve a single cookie by name from the raw response.
+ *
+ * @since 4.4.0
+ *
+ * @param array  $response HTTP response.
+ * @param string $name     The name of the cookie to retrieve.
+ * @return WP_Http_Cookie|string The `WP_Http_Cookie` object. Empty string if the cookie isn't present in the response.
+ */
+function wp_remote_retrieve_cookie( $response, $name ) {
+	$cookies = wp_remote_retrieve_cookies( $response );
+
+	if ( empty( $cookies ) ) {
+		return '';
+	}
+
+	foreach ( $cookies as $cookie ) {
+		if ( $cookie->name === $name ) {
+			return $cookie;
+		}
+	}
+
+	return '';
+}
+
+/**
+ * Retrieve a single cookie's value by name from the raw response.
+ *
+ * @since 4.4.0
+ *
+ * @param array  $response HTTP response.
+ * @param string $name     The name of the cookie to retrieve.
+ * @return string The value of the cookie. Empty string if the cookie isn't present in the response.
+ */
+function wp_remote_retrieve_cookie_value( $response, $name ) {
+	$cookie = wp_remote_retrieve_cookie( $response, $name );
+
+	if ( ! is_a( $cookie, 'WP_Http_Cookie' ) ) {
+		return '';
+	}
+
+	return $cookie->value;
+}
+
 /**
  * Determines if there is an HTTP Transport that can process this request.
  *
@@ -385,7 +446,7 @@ function get_allowed_http_origins() {
  * @since 3.4.0
  *
  * @param null|string $origin Origin URL. If not provided, the value of get_http_origin() is used.
- * @return string True if the origin is allowed. False otherwise.
+ * @return string Origin URL if allowed, empty string if not.
  */
 function is_allowed_http_origin( $origin = null ) {
 	$origin_arg = $origin;
@@ -401,7 +462,7 @@ function is_allowed_http_origin( $origin = null ) {
 	 *
 	 * @since 3.4.0
 	 *
-	 * @param string $origin     Result of check for allowed origin.
+	 * @param string $origin     Origin URL if allowed, empty string if not.
 	 * @param string $origin_arg Original origin string passed into is_allowed_http_origin function.
 	 */
 	return apply_filters( 'allowed_http_origin', $origin, $origin_arg );
@@ -465,11 +526,15 @@ function wp_http_validate_url( $url ) {
 
 	$parsed_home = @parse_url( get_option( 'home' ) );
 
-	$same_host = strtolower( $parsed_home['host'] ) === strtolower( $parsed_url['host'] );
+	if ( isset( $parsed_home['host'] ) ) {
+		$same_host = ( strtolower( $parsed_home['host'] ) === strtolower( $parsed_url['host'] ) || 'localhost' === strtolower( $parsed_url['host'] ) );
+	} else {
+		$same_host = false;
+	}
 
 	if ( ! $same_host ) {
 		$host = trim( $parsed_url['host'], '.' );
-		if ( preg_match( '#^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$#', $host ) ) {
+		if ( preg_match( '#^(([1-9]?\d|1\d\d|25[0-5]|2[0-4]\d)\.){3}([1-9]?\d|1\d\d|25[0-5]|2[0-4]\d)$#', $host ) ) {
 			$ip = $host;
 		} else {
 			$ip = gethostbyname( $host );
@@ -478,7 +543,7 @@ function wp_http_validate_url( $url ) {
 		}
 		if ( $ip ) {
 			$parts = array_map( 'intval', explode( '.', $ip ) );
-			if ( 127 === $parts[0] || 10 === $parts[0]
+			if ( 127 === $parts[0] || 10 === $parts[0] || 0 === $parts[0]
 				|| ( 172 === $parts[0] && 16 <= $parts[1] && 31 >= $parts[1] )
 				|| ( 192 === $parts[0] && 168 === $parts[1] )
 			) {
@@ -516,7 +581,7 @@ function wp_http_validate_url( $url ) {
 /**
  * Whitelists allowed redirect hosts for safe HTTP requests as well.
  *
- * Attached to the http_request_host_is_external filter.
+ * Attached to the {@see 'http_request_host_is_external'} filter.
  *
  * @since 3.6.0
  *
@@ -533,11 +598,11 @@ function allowed_http_request_hosts( $is_external, $host ) {
 /**
  * Whitelists any domain in a multisite installation for safe HTTP requests.
  *
- * Attached to the http_request_host_is_external filter.
+ * Attached to the {@see 'http_request_host_is_external'} filter.
  *
  * @since 3.6.0
  *
- * @global wpdb $wpdb
+ * @global wpdb $wpdb WordPress database abstraction object.
  * @staticvar array $queried
  *
  * @param bool   $is_external
@@ -556,3 +621,49 @@ function ms_allowed_http_request_hosts( $is_external, $host ) {
 	$queried[ $host ] = (bool) $wpdb->get_var( $wpdb->prepare( "SELECT domain FROM $wpdb->blogs WHERE domain = %s LIMIT 1", $host ) );
 	return $queried[ $host ];
 }
+
+/**
+ * A wrapper for PHP's parse_url() function that handles edgecases in < PHP 5.4.7
+ *
+ * PHP 5.4.7 expanded parse_url()'s ability to handle non-absolute url's, including
+ * schemeless and relative url's with :// in the path, this works around those
+ * limitations providing a standard output on PHP 5.2~5.4+.
+ *
+ * Error suppression is used as prior to PHP 5.3.3, an E_WARNING would be generated
+ * when URL parsing failed.
+ *
+ * @since 4.4.0
+ *
+ * @param string $url The URL to parse.
+ * @return bool|array False on failure; Array of URL components on success;
+ *                    See parse_url()'s return values.
+ */
+function wp_parse_url( $url ) {
+	$parts = @parse_url( $url );
+	if ( ! $parts ) {
+		// < PHP 5.4.7 compat, trouble with relative paths including a scheme break in the path
+		if ( '/' == $url[0] && false !== strpos( $url, '://' ) ) {
+			// Since we know it's a relative path, prefix with a scheme/host placeholder and try again
+			if ( ! $parts = @parse_url( 'placeholder://placeholder' . $url ) ) {
+				return $parts;
+			}
+			// Remove the placeholder values
+			unset( $parts['scheme'], $parts['host'] );
+		} else {
+			return $parts;
+		}
+	}
+
+	// < PHP 5.4.7 compat, doesn't detect schemeless URL's host field
+	if ( '//' == substr( $url, 0, 2 ) && ! isset( $parts['host'] ) ) {
+		$path_parts = explode( '/', substr( $parts['path'], 2 ), 2 );
+		$parts['host'] = $path_parts[0];
+		if ( isset( $path_parts[1] ) ) {
+			$parts['path'] = '/' . $path_parts[1];
+		} else {
+			unset( $parts['path'] );
+		}
+	}
+
+	return $parts;
+}