X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/6c8f14c09105d0afa4c1574215c59b5021040e76..baca9ce86a38dc54c4574890ee2d352fd81f78b2:/wp-includes/class-oembed.php

diff --git a/wp-includes/class-oembed.php b/wp-includes/class-oembed.php
index 46d5f629..5ff2a2e0 100644
--- a/wp-includes/class-oembed.php
+++ b/wp-includes/class-oembed.php
@@ -108,7 +108,7 @@ class WP_oEmbed {
 		$providers = array();
 
 		// Fetch URL content
-		if ( $html = wp_remote_retrieve_body( wp_remote_get( $url ) ) ) {
+		if ( $html = wp_remote_retrieve_body( wp_remote_get( $url, array( 'reject_unsafe_urls' => true ) ) ) ) {
 
 			// <link> types that contain oEmbed provider URLs
 			$linktypes = apply_filters( 'oembed_linktypes', array(
@@ -190,7 +190,7 @@ class WP_oEmbed {
 	 */
 	function _fetch_with_format( $provider_url_with_args, $format ) {
 		$provider_url_with_args = add_query_arg( 'format', $format, $provider_url_with_args );
-		$response = wp_remote_get( $provider_url_with_args );
+		$response = wp_remote_get( $provider_url_with_args, array( 'reject_unsafe_urls' => true ) );
 		if ( 501 == wp_remote_retrieve_response_code( $response ) )
 			return new WP_Error( 'not-implemented' );
 		if ( ! $body = wp_remote_retrieve_body( $response ) )
@@ -219,35 +219,24 @@ class WP_oEmbed {
 		if ( !function_exists('simplexml_load_string') ) {
 			return false;
 		}
-
-		if ( ! class_exists( 'DOMDocument' ) )
+		if ( ! function_exists( 'libxml_disable_entity_loader' ) )
 			return false;
 
-		$errors = libxml_use_internal_errors( true );
-		$old_value = null;
-		if ( function_exists( 'libxml_disable_entity_loader' ) ) {
-			$old_value = libxml_disable_entity_loader( true );
-		}
-
-		$dom = new DOMDocument;
-		$success = $dom->loadXML( $response_body );
+		$loader = libxml_disable_entity_loader( true );
 
-		if ( ! is_null( $old_value ) ) {
-			libxml_disable_entity_loader( $old_value );
-		}
+		$errors = libxml_use_internal_errors( true );
+		$data = simplexml_load_string( $response_body );
 		libxml_use_internal_errors( $errors );
 
-		if ( ! $success || isset( $dom->doctype ) ) {
-			return false;
+		$return = false;
+		if ( is_object( $data ) ) {
+			$return = new stdClass;
+			foreach ( $data as $key => $value ) {
+				$return->$key = (string) $value;
+			}
 		}
 
-		$data = simplexml_import_dom( $dom );
-		if ( ! is_object( $data ) )
-			return false;
-
-		$return = new stdClass;
-		foreach ( $data as $key => $value )
-			$return->$key = (string) $value;
+		libxml_disable_entity_loader( $loader );
 		return $return;
 	}