X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/699231ae09f7057a4d0000cdf32e50a3df6a04ca..8f374b7233bc2815ccc387e448d208c5434eb961:/wp-includes/http.php

diff --git a/wp-includes/http.php b/wp-includes/http.php
index 63cf97d1..dd9df6e7 100644
--- a/wp-includes/http.php
+++ b/wp-includes/http.php
@@ -130,7 +130,7 @@ function wp_remote_retrieve_headers(&$response) {
  *
  * @param array $response
  * @param string $header Header name to retrieve value from.
- * @return string The header value. Empty string on if incorrect parameter given, or if the header doesnt exist.
+ * @return string The header value. Empty string on if incorrect parameter given, or if the header doesn't exist.
  */
 function wp_remote_retrieve_header(&$response, $header) {
 	if ( is_wp_error($response) || ! isset($response['headers']) || ! is_array($response['headers']))
@@ -191,4 +191,111 @@ function wp_remote_retrieve_body(&$response) {
 	return $response['body'];
 }
 
-?>
\ No newline at end of file
+/**
+ * Determines if there is an HTTP Transport that can process this request.
+ *
+ * @since 3.2.0
+ *
+ * @param array  $capabilities Array of capabilities to test or a wp_remote_request() $args array.
+ * @param string $url Optional. If given, will check if the URL requires SSL and adds that requirement to the capabilities array.
+ *
+ * @return bool
+ */
+function wp_http_supports( $capabilities = array(), $url = null ) {
+	$objFetchSite = _wp_http_get_object();
+
+	$capabilities = wp_parse_args( $capabilities );
+
+	$count = count( $capabilities );
+
+	// If we have a numeric $capabilities array, spoof a wp_remote_request() associative $args array
+	if ( $count && count( array_filter( array_keys( $capabilities ), 'is_numeric' ) ) == $count ) {
+		$capabilities = array_combine( array_values( $capabilities ), array_fill( 0, $count, true ) );
+	}
+
+	if ( $url && !isset( $capabilities['ssl'] ) ) {
+		$scheme = parse_url( $url, PHP_URL_SCHEME );
+		if ( 'https' == $scheme || 'ssl' == $scheme ) {
+			$capabilities['ssl'] = true;
+		}
+	}
+
+	return (bool) $objFetchSite->_get_first_available_transport( $capabilities );
+}
+
+/**
+ * Get the HTTP Origin of the current request.
+ *
+ * @since 3.4.0
+ *
+ * @return string URL of the origin. Empty string if no origin.
+ */
+function get_http_origin() {
+	$origin = '';
+	if ( ! empty ( $_SERVER[ 'HTTP_ORIGIN' ] ) )
+		$origin = $_SERVER[ 'HTTP_ORIGIN' ];
+
+	return apply_filters( 'http_origin', $origin );
+}
+
+/**
+ * Retrieve list of allowed http origins.
+ *
+ * @since 3.4.0
+ *
+ * @return array Array of origin URLs.
+ */
+function get_allowed_http_origins() {
+	$admin_origin = parse_url( admin_url() );
+	$home_origin = parse_url( home_url() );
+
+	// @todo preserve port?
+	$allowed_origins = array_unique( array(
+		'http://' . $admin_origin[ 'host' ],
+		'https://' . $admin_origin[ 'host' ],
+		'http://' . $home_origin[ 'host' ],
+		'https://' . $home_origin[ 'host' ],
+	) );
+
+	return apply_filters( 'allowed_http_origins' , $allowed_origins );
+}
+
+/**
+ * Determines if the http origin is an authorized one.
+ *
+ * @since 3.4.0
+ *
+ * @param string Origin URL. If not provided, the value of get_http_origin() is used.
+ * @return bool True if the origin is allowed. False otherwise.
+ */
+function is_allowed_http_origin( $origin = null ) {
+	$origin_arg = $origin;
+
+	if ( null === $origin )
+		$origin = get_http_origin();
+
+	if ( $origin && ! in_array( $origin, get_allowed_http_origins() ) )
+		$origin = '';
+
+	return apply_filters( 'allowed_http_origin', $origin, $origin_arg );
+}
+
+/**
+ * Send Access-Control-Allow-Origin and related headers if the current request
+ * is from an allowed origin.
+ *
+ * @since 3.4.0
+ *
+ * @return bool|string Returns the origin URL if headers are sent. Returns false
+ * if headers are not sent.
+ */
+function send_origin_headers() {
+	$origin = get_http_origin();
+	if ( ! is_allowed_http_origin( $origin ) )
+		return false;
+
+	@header( 'Access-Control-Allow-Origin: ' .  $origin );
+	@header( 'Access-Control-Allow-Credentials: true' );
+
+	return $origin;
+}
\ No newline at end of file