X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/9e77185fafaf4e60e2b73821e0e4b9b1a11fb85f..e0feb3b2e5b436a06bbb04fbc838d1cd6ec95399:/wp-includes/http.php

diff --git a/wp-includes/http.php b/wp-includes/http.php
index 3a5f4ada..4768c7fd 100644
--- a/wp-includes/http.php
+++ b/wp-includes/http.php
@@ -4,7 +4,7 @@
  *
  * Will eventually replace and standardize the WordPress HTTP requests made.
  *
- * @link http://trac.wordpress.org/ticket/4779 HTTP API Proposal
+ * @link https://core.trac.wordpress.org/ticket/4779 HTTP API Proposal
  *
  * @package WordPress
  * @subpackage HTTP
@@ -17,14 +17,16 @@
  * @since 2.7.0
  * @access private
  *
+ * @staticvar WP_Http $http
+ *
  * @return WP_Http HTTP Transport object.
  */
 function _wp_http_get_object() {
-	static $http;
+	static $http = null;
 
-	if ( is_null($http) )
+	if ( is_null( $http ) ) {
 		$http = new WP_Http();
-
+	}
 	return $http;
 }
 
@@ -149,8 +151,8 @@ function wp_safe_remote_head( $url, $args = array() ) {
  * @return WP_Error|array The response or WP_Error on failure.
  */
 function wp_remote_request($url, $args = array()) {
-	$objFetchSite = _wp_http_get_object();
-	return $objFetchSite->request($url, $args);
+	$http = _wp_http_get_object();
+	return $http->request( $url, $args );
 }
 
 /**
@@ -166,8 +168,8 @@ function wp_remote_request($url, $args = array()) {
  * @return WP_Error|array The response or WP_Error on failure.
  */
 function wp_remote_get($url, $args = array()) {
-	$objFetchSite = _wp_http_get_object();
-	return $objFetchSite->get($url, $args);
+	$http = _wp_http_get_object();
+	return $http->get( $url, $args );
 }
 
 /**
@@ -183,8 +185,8 @@ function wp_remote_get($url, $args = array()) {
  * @return WP_Error|array The response or WP_Error on failure.
  */
 function wp_remote_post($url, $args = array()) {
-	$objFetchSite = _wp_http_get_object();
-	return $objFetchSite->post($url, $args);
+	$http = _wp_http_get_object();
+	return $http->post( $url, $args );
 }
 
 /**
@@ -200,8 +202,8 @@ function wp_remote_post($url, $args = array()) {
  * @return WP_Error|array The response or WP_Error on failure.
  */
 function wp_remote_head($url, $args = array()) {
-	$objFetchSite = _wp_http_get_object();
-	return $objFetchSite->head($url, $args);
+	$http = _wp_http_get_object();
+	return $http->head( $url, $args );
 }
 
 /**
@@ -224,7 +226,7 @@ function wp_remote_retrieve_headers( $response ) {
  *
  * @since 2.7.0
  *
- * @param array $response
+ * @param array  $response
  * @param string $header Header name to retrieve value from.
  * @return string The header value. Empty string on if incorrect parameter given, or if the header doesn't exist.
  */
@@ -246,7 +248,7 @@ function wp_remote_retrieve_header( $response, $header ) {
  * @since 2.7.0
  *
  * @param array $response HTTP response.
- * @return string the response code. Empty string on incorrect parameter given.
+ * @return int|string The response code as an integer. Empty string on incorrect parameter given.
  */
 function wp_remote_retrieve_response_code( $response ) {
 	if ( is_wp_error($response) || ! isset($response['response']) || ! is_array($response['response']))
@@ -293,12 +295,13 @@ function wp_remote_retrieve_body( $response ) {
  * @since 3.2.0
  *
  * @param array  $capabilities Array of capabilities to test or a wp_remote_request() $args array.
- * @param string $url Optional. If given, will check if the URL requires SSL and adds that requirement to the capabilities array.
+ * @param string $url          Optional. If given, will check if the URL requires SSL and adds
+ *                             that requirement to the capabilities array.
  *
  * @return bool
  */
 function wp_http_supports( $capabilities = array(), $url = null ) {
-	$objFetchSite = _wp_http_get_object();
+	$http = _wp_http_get_object();
 
 	$capabilities = wp_parse_args( $capabilities );
 
@@ -316,7 +319,7 @@ function wp_http_supports( $capabilities = array(), $url = null ) {
 		}
 	}
 
-	return (bool) $objFetchSite->_get_first_available_transport( $capabilities );
+	return (bool) $http->_get_first_available_transport( $capabilities );
 }
 
 /**
@@ -381,8 +384,8 @@ function get_allowed_http_origins() {
  *
  * @since 3.4.0
  *
- * @param string Origin URL. If not provided, the value of get_http_origin() is used.
- * @return bool True if the origin is allowed. False otherwise.
+ * @param null|string $origin Origin URL. If not provided, the value of get_http_origin() is used.
+ * @return string True if the origin is allowed. False otherwise.
  */
 function is_allowed_http_origin( $origin = null ) {
 	$origin_arg = $origin;
@@ -398,8 +401,8 @@ function is_allowed_http_origin( $origin = null ) {
 	 *
 	 * @since 3.4.0
 	 *
-	 * @param string $origin Result of check for allowed origin.
-	 * @param string $origin_arg original origin string passed into is_allowed_http_origin function.
+	 * @param string $origin     Result of check for allowed origin.
+	 * @param string $origin_arg Original origin string passed into is_allowed_http_origin function.
 	 */
 	return apply_filters( 'allowed_http_origin', $origin, $origin_arg );
 }
@@ -414,8 +417,8 @@ function is_allowed_http_origin( $origin = null ) {
  *
  * @since 3.4.0
  *
- * @return bool|string Returns the origin URL if headers are sent. Returns false
- * if headers are not sent.
+ * @return string|false Returns the origin URL if headers are sent. Returns false
+ *                      if headers are not sent.
  */
 function send_origin_headers() {
 	$origin = get_http_origin();
@@ -441,11 +444,13 @@ function send_origin_headers() {
  *
  * @since 3.5.2
  *
- * @return mixed URL or false on failure.
+ * @param string $url
+ * @return false|string URL or false on failure.
  */
 function wp_http_validate_url( $url ) {
+	$original_url = $url;
 	$url = wp_kses_bad_protocol( $url, array( 'http', 'https' ) );
-	if ( ! $url )
+	if ( ! $url || strtolower( $url ) !== strtolower( $original_url ) )
 		return false;
 
 	$parsed_url = @parse_url( $url );
@@ -455,7 +460,7 @@ function wp_http_validate_url( $url ) {
 	if ( isset( $parsed_url['user'] ) || isset( $parsed_url['pass'] ) )
 		return false;
 
-	if ( false !== strpos( $parsed_url['host'], ':' ) )
+	if ( false !== strpbrk( $parsed_url['host'], ':#?[]' ) )
 		return false;
 
 	$parsed_home = @parse_url( get_option( 'home' ) );
@@ -473,8 +478,7 @@ function wp_http_validate_url( $url ) {
 		}
 		if ( $ip ) {
 			$parts = array_map( 'intval', explode( '.', $ip ) );
-			if ( '127.0.0.1' === $ip
-				|| ( 10 === $parts[0] )
+			if ( 127 === $parts[0] || 10 === $parts[0]
 				|| ( 172 === $parts[0] && 16 <= $parts[1] && 31 >= $parts[1] )
 				|| ( 192 === $parts[0] && 168 === $parts[1] )
 			) {
@@ -486,9 +490,9 @@ function wp_http_validate_url( $url ) {
 				 *
 				 * @since 3.6.0
 				 *
-				 * @param bool false Whether HTTP request is external or not.
+				 * @param bool   false Whether HTTP request is external or not.
 				 * @param string $host IP of the requested host.
-				 * @param string $url URL of the requested host.
+				 * @param string $url  URL of the requested host.
 				 */
 				if ( ! apply_filters( 'http_request_host_is_external', false, $host, $url ) )
 					return false;
@@ -516,7 +520,7 @@ function wp_http_validate_url( $url ) {
  *
  * @since 3.6.0
  *
- * @param bool $is_external
+ * @param bool   $is_external
  * @param string $host
  * @return bool
  */
@@ -533,7 +537,10 @@ function allowed_http_request_hosts( $is_external, $host ) {
  *
  * @since 3.6.0
  *
- * @param bool $is_external
+ * @global wpdb $wpdb
+ * @staticvar array $queried
+ *
+ * @param bool   $is_external
  * @param string $host
  * @return bool
  */