diff -r c7c34916027a -r 177826044cd9 wp/wp-includes/class-wp-http-streams.php --- a/wp/wp-includes/class-wp-http-streams.php Mon Oct 14 18:06:33 2019 +0200 +++ b/wp/wp-includes/class-wp-http-streams.php Mon Oct 14 18:28:13 2019 +0200 @@ -26,12 +26,16 @@ * @param string|array $args Optional. Override the defaults. * @return array|WP_Error Array containing 'headers', 'body', 'response', 'cookies', 'filename'. A WP_Error instance upon error */ - public function request($url, $args = array()) { + public function request( $url, $args = array() ) { $defaults = array( - 'method' => 'GET', 'timeout' => 5, - 'redirection' => 5, 'httpversion' => '1.0', - 'blocking' => true, - 'headers' => array(), 'body' => null, 'cookies' => array() + 'method' => 'GET', + 'timeout' => 5, + 'redirection' => 5, + 'httpversion' => '1.0', + 'blocking' => true, + 'headers' => array(), + 'body' => null, + 'cookies' => array(), ); $r = wp_parse_args( $args, $defaults ); @@ -47,14 +51,14 @@ // Construct Cookie: header if any cookies are set. WP_Http::buildCookieHeader( $r ); - $arrURL = parse_url($url); + $arrURL = parse_url( $url ); $connect_host = $arrURL['host']; $secure_transport = ( $arrURL['scheme'] == 'ssl' || $arrURL['scheme'] == 'https' ); if ( ! isset( $arrURL['port'] ) ) { if ( $arrURL['scheme'] == 'ssl' || $arrURL['scheme'] == 'https' ) { - $arrURL['port'] = 443; + $arrURL['port'] = 443; $secure_transport = true; } else { $arrURL['port'] = 80; @@ -67,10 +71,11 @@ } if ( isset( $r['headers']['Host'] ) || isset( $r['headers']['host'] ) ) { - if ( isset( $r['headers']['Host'] ) ) + if ( isset( $r['headers']['Host'] ) ) { $arrURL['host'] = $r['headers']['Host']; - else + } else { $arrURL['host'] = $r['headers']['host']; + } unset( $r['headers']['Host'], $r['headers']['host'] ); } @@ -79,48 +84,47 @@ * to ::1, which fails when the server is not set up for it. For compatibility, always * connect to the IPv4 address. */ - if ( 'localhost' == strtolower( $connect_host ) ) + if ( 'localhost' == strtolower( $connect_host ) ) { $connect_host = '127.0.0.1'; + } $connect_host = $secure_transport ? 'ssl://' . $connect_host : 'tcp://' . $connect_host; - $is_local = isset( $r['local'] ) && $r['local']; + $is_local = isset( $r['local'] ) && $r['local']; $ssl_verify = isset( $r['sslverify'] ) && $r['sslverify']; if ( $is_local ) { /** * Filters whether SSL should be verified for local requests. * * @since 2.8.0 + * @since 5.1.0 The `$url` parameter was added. * - * @param bool $ssl_verify Whether to verify the SSL connection. Default true. + * @param bool $ssl_verify Whether to verify the SSL connection. Default true. + * @param string $url The request URL. */ - $ssl_verify = apply_filters( 'https_local_ssl_verify', $ssl_verify ); + $ssl_verify = apply_filters( 'https_local_ssl_verify', $ssl_verify, $url ); } elseif ( ! $is_local ) { - /** - * Filters whether SSL should be verified for non-local requests. - * - * @since 2.8.0 - * - * @param bool $ssl_verify Whether to verify the SSL connection. Default true. - */ - $ssl_verify = apply_filters( 'https_ssl_verify', $ssl_verify ); + /** This filter is documented in wp-includes/class-http.php */ + $ssl_verify = apply_filters( 'https_ssl_verify', $ssl_verify, $url ); } $proxy = new WP_HTTP_Proxy(); - $context = stream_context_create( array( - 'ssl' => array( - 'verify_peer' => $ssl_verify, - //'CN_match' => $arrURL['host'], // This is handled by self::verify_ssl_certificate() - 'capture_peer_cert' => $ssl_verify, - 'SNI_enabled' => true, - 'cafile' => $r['sslcertificates'], - 'allow_self_signed' => ! $ssl_verify, + $context = stream_context_create( + array( + 'ssl' => array( + 'verify_peer' => $ssl_verify, + //'CN_match' => $arrURL['host'], // This is handled by self::verify_ssl_certificate() + 'capture_peer_cert' => $ssl_verify, + 'SNI_enabled' => true, + 'cafile' => $r['sslcertificates'], + 'allow_self_signed' => ! $ssl_verify, + ), ) - ) ); + ); - $timeout = (int) floor( $r['timeout'] ); - $utimeout = $timeout == $r['timeout'] ? 0 : 1000000 * $r['timeout'] % 1000000; + $timeout = (int) floor( $r['timeout'] ); + $utimeout = $timeout == $r['timeout'] ? 0 : 1000000 * $r['timeout'] % 1000000; $connect_timeout = max( $timeout, 1 ); // Store error number. @@ -129,52 +133,58 @@ // Store error string. $connection_error_str = null; - if ( !WP_DEBUG ) { + if ( ! WP_DEBUG ) { // In the event that the SSL connection fails, silence the many PHP Warnings. - if ( $secure_transport ) - $error_reporting = error_reporting(0); + if ( $secure_transport ) { + $error_reporting = error_reporting( 0 ); + } - if ( $proxy->is_enabled() && $proxy->send_through_proxy( $url ) ) + if ( $proxy->is_enabled() && $proxy->send_through_proxy( $url ) ) { $handle = @stream_socket_client( 'tcp://' . $proxy->host() . ':' . $proxy->port(), $connection_error, $connection_error_str, $connect_timeout, STREAM_CLIENT_CONNECT, $context ); - else + } else { $handle = @stream_socket_client( $connect_host . ':' . $arrURL['port'], $connection_error, $connection_error_str, $connect_timeout, STREAM_CLIENT_CONNECT, $context ); + } - if ( $secure_transport ) + if ( $secure_transport ) { error_reporting( $error_reporting ); - + } } else { - if ( $proxy->is_enabled() && $proxy->send_through_proxy( $url ) ) + if ( $proxy->is_enabled() && $proxy->send_through_proxy( $url ) ) { $handle = stream_socket_client( 'tcp://' . $proxy->host() . ':' . $proxy->port(), $connection_error, $connection_error_str, $connect_timeout, STREAM_CLIENT_CONNECT, $context ); - else + } else { $handle = stream_socket_client( $connect_host . ':' . $arrURL['port'], $connection_error, $connection_error_str, $connect_timeout, STREAM_CLIENT_CONNECT, $context ); + } } if ( false === $handle ) { // SSL connection failed due to expired/invalid cert, or, OpenSSL configuration is broken. - if ( $secure_transport && 0 === $connection_error && '' === $connection_error_str ) + if ( $secure_transport && 0 === $connection_error && '' === $connection_error_str ) { return new WP_Error( 'http_request_failed', __( 'The SSL certificate for the host could not be verified.' ) ); + } - return new WP_Error('http_request_failed', $connection_error . ': ' . $connection_error_str ); + return new WP_Error( 'http_request_failed', $connection_error . ': ' . $connection_error_str ); } // Verify that the SSL certificate is valid for this request. if ( $secure_transport && $ssl_verify && ! $proxy->is_enabled() ) { - if ( ! self::verify_ssl_certificate( $handle, $arrURL['host'] ) ) + if ( ! self::verify_ssl_certificate( $handle, $arrURL['host'] ) ) { return new WP_Error( 'http_request_failed', __( 'The SSL certificate for the host could not be verified.' ) ); + } } stream_set_timeout( $handle, $timeout, $utimeout ); - if ( $proxy->is_enabled() && $proxy->send_through_proxy( $url ) ) //Some proxies require full URL in this field. + if ( $proxy->is_enabled() && $proxy->send_through_proxy( $url ) ) { //Some proxies require full URL in this field. $requestPath = $url; - else - $requestPath = $arrURL['path'] . ( isset($arrURL['query']) ? '?' . $arrURL['query'] : '' ); + } else { + $requestPath = $arrURL['path'] . ( isset( $arrURL['query'] ) ? '?' . $arrURL['query'] : '' ); + } - $strHeaders = strtoupper($r['method']) . ' ' . $requestPath . ' HTTP/' . $r['httpversion'] . "\r\n"; + $strHeaders = strtoupper( $r['method'] ) . ' ' . $requestPath . ' HTTP/' . $r['httpversion'] . "\r\n"; $include_port_in_host_header = ( ( $proxy->is_enabled() && $proxy->send_through_proxy( $url ) ) || - ( 'http' == $arrURL['scheme'] && 80 != $arrURL['port'] ) || + ( 'http' == $arrURL['scheme'] && 80 != $arrURL['port'] ) || ( 'https' == $arrURL['scheme'] && 443 != $arrURL['port'] ) ); @@ -184,63 +194,80 @@ $strHeaders .= 'Host: ' . $arrURL['host'] . "\r\n"; } - if ( isset($r['user-agent']) ) + if ( isset( $r['user-agent'] ) ) { $strHeaders .= 'User-agent: ' . $r['user-agent'] . "\r\n"; + } - if ( is_array($r['headers']) ) { - foreach ( (array) $r['headers'] as $header => $headerValue ) + if ( is_array( $r['headers'] ) ) { + foreach ( (array) $r['headers'] as $header => $headerValue ) { $strHeaders .= $header . ': ' . $headerValue . "\r\n"; + } } else { $strHeaders .= $r['headers']; } - if ( $proxy->use_authentication() ) + if ( $proxy->use_authentication() ) { $strHeaders .= $proxy->authentication_header() . "\r\n"; + } $strHeaders .= "\r\n"; - if ( ! is_null($r['body']) ) + if ( ! is_null( $r['body'] ) ) { $strHeaders .= $r['body']; + } - fwrite($handle, $strHeaders); + fwrite( $handle, $strHeaders ); if ( ! $r['blocking'] ) { stream_set_blocking( $handle, 0 ); fclose( $handle ); - return array( 'headers' => array(), 'body' => '', 'response' => array('code' => false, 'message' => false), 'cookies' => array() ); + return array( + 'headers' => array(), + 'body' => '', + 'response' => array( + 'code' => false, + 'message' => false, + ), + 'cookies' => array(), + ); } - $strResponse = ''; - $bodyStarted = false; + $strResponse = ''; + $bodyStarted = false; $keep_reading = true; - $block_size = 4096; - if ( isset( $r['limit_response_size'] ) ) + $block_size = 4096; + if ( isset( $r['limit_response_size'] ) ) { $block_size = min( $block_size, $r['limit_response_size'] ); + } // If streaming to a file setup the file handle. if ( $r['stream'] ) { - if ( ! WP_DEBUG ) + if ( ! WP_DEBUG ) { $stream_handle = @fopen( $r['filename'], 'w+' ); - else + } else { $stream_handle = fopen( $r['filename'], 'w+' ); + } if ( ! $stream_handle ) { - return new WP_Error( 'http_request_failed', sprintf( - /* translators: 1: fopen() 2: file name */ - __( 'Could not open handle for %1$s to %2$s.' ), - 'fopen()', - $r['filename'] - ) ); + return new WP_Error( + 'http_request_failed', + sprintf( + /* translators: 1: fopen(), 2: file name */ + __( 'Could not open handle for %1$s to %2$s.' ), + 'fopen()', + $r['filename'] + ) + ); } $bytes_written = 0; - while ( ! feof($handle) && $keep_reading ) { + while ( ! feof( $handle ) && $keep_reading ) { $block = fread( $handle, $block_size ); if ( ! $bodyStarted ) { $strResponse .= $block; if ( strpos( $strResponse, "\r\n\r\n" ) ) { - $process = WP_Http::processResponse( $strResponse ); + $process = WP_Http::processResponse( $strResponse ); $bodyStarted = true; - $block = $process['body']; + $block = $process['body']; unset( $strResponse ); $process['body'] = ''; } @@ -250,7 +277,7 @@ if ( isset( $r['limit_response_size'] ) && ( $bytes_written + $this_block_size ) > $r['limit_response_size'] ) { $this_block_size = ( $r['limit_response_size'] - $bytes_written ); - $block = substr( $block, 0, $this_block_size ); + $block = substr( $block, 0, $this_block_size ); } $bytes_written_to_file = fwrite( $stream_handle, $block ); @@ -263,7 +290,7 @@ $bytes_written += $bytes_written_to_file; - $keep_reading = !isset( $r['limit_response_size'] ) || $bytes_written < $r['limit_response_size']; + $keep_reading = ! isset( $r['limit_response_size'] ) || $bytes_written < $r['limit_response_size']; } fclose( $stream_handle ); @@ -271,13 +298,13 @@ } else { $header_length = 0; while ( ! feof( $handle ) && $keep_reading ) { - $block = fread( $handle, $block_size ); + $block = fread( $handle, $block_size ); $strResponse .= $block; if ( ! $bodyStarted && strpos( $strResponse, "\r\n\r\n" ) ) { $header_length = strpos( $strResponse, "\r\n\r\n" ) + 4; - $bodyStarted = true; + $bodyStarted = true; } - $keep_reading = ( ! $bodyStarted || !isset( $r['limit_response_size'] ) || strlen( $strResponse ) < ( $header_length + $r['limit_response_size'] ) ); + $keep_reading = ( ! $bodyStarted || ! isset( $r['limit_response_size'] ) || strlen( $strResponse ) < ( $header_length + $r['limit_response_size'] ) ); } $process = WP_Http::processResponse( $strResponse ); @@ -290,27 +317,31 @@ $arrHeaders = WP_Http::processHeaders( $process['headers'], $url ); $response = array( - 'headers' => $arrHeaders['headers'], + 'headers' => $arrHeaders['headers'], // Not yet processed. - 'body' => null, + 'body' => null, 'response' => $arrHeaders['response'], - 'cookies' => $arrHeaders['cookies'], - 'filename' => $r['filename'] + 'cookies' => $arrHeaders['cookies'], + 'filename' => $r['filename'], ); // Handle redirects. - if ( false !== ( $redirect_response = WP_Http::handle_redirects( $url, $r, $response ) ) ) + if ( false !== ( $redirect_response = WP_Http::handle_redirects( $url, $r, $response ) ) ) { return $redirect_response; + } // If the body was chunk encoded, then decode it. - if ( ! empty( $process['body'] ) && isset( $arrHeaders['headers']['transfer-encoding'] ) && 'chunked' == $arrHeaders['headers']['transfer-encoding'] ) - $process['body'] = WP_Http::chunkTransferDecode($process['body']); + if ( ! empty( $process['body'] ) && isset( $arrHeaders['headers']['transfer-encoding'] ) && 'chunked' == $arrHeaders['headers']['transfer-encoding'] ) { + $process['body'] = WP_Http::chunkTransferDecode( $process['body'] ); + } - if ( true === $r['decompress'] && true === WP_Http_Encoding::should_decode($arrHeaders['headers']) ) + if ( true === $r['decompress'] && true === WP_Http_Encoding::should_decode( $arrHeaders['headers'] ) ) { $process['body'] = WP_Http_Encoding::decompress( $process['body'] ); + } - if ( isset( $r['limit_response_size'] ) && strlen( $process['body'] ) > $r['limit_response_size'] ) + if ( isset( $r['limit_response_size'] ) && strlen( $process['body'] ) > $r['limit_response_size'] ) { $process['body'] = substr( $process['body'], 0, $r['limit_response_size'] ); + } $response['body'] = $process['body']; @@ -328,7 +359,6 @@ * IP Address support is included if the request is being made to an IP address. * * @since 3.7.0 - * @static * * @param stream $stream The PHP Stream which the SSL request is being made over * @param string $host The hostname being requested @@ -337,12 +367,14 @@ public static function verify_ssl_certificate( $stream, $host ) { $context_options = stream_context_get_options( $stream ); - if ( empty( $context_options['ssl']['peer_certificate'] ) ) + if ( empty( $context_options['ssl']['peer_certificate'] ) ) { return false; + } $cert = openssl_x509_parse( $context_options['ssl']['peer_certificate'] ); - if ( ! $cert ) + if ( ! $cert ) { return false; + } /* * If the request is being made to an IP address, we'll validate against IP fields @@ -355,25 +387,29 @@ $match_against = preg_split( '/,\s*/', $cert['extensions']['subjectAltName'] ); foreach ( $match_against as $match ) { list( $match_type, $match_host ) = explode( ':', $match ); - if ( $host_type == strtolower( trim( $match_type ) ) ) // IP: or DNS: + if ( $host_type == strtolower( trim( $match_type ) ) ) { // IP: or DNS: $certificate_hostnames[] = strtolower( trim( $match_host ) ); + } } - } elseif ( !empty( $cert['subject']['CN'] ) ) { + } elseif ( ! empty( $cert['subject']['CN'] ) ) { // Only use the CN when the certificate includes no subjectAltName extension. $certificate_hostnames[] = strtolower( $cert['subject']['CN'] ); } // Exact hostname/IP matches. - if ( in_array( strtolower( $host ), $certificate_hostnames ) ) + if ( in_array( strtolower( $host ), $certificate_hostnames ) ) { return true; + } // IP's can't be wildcards, Stop processing. - if ( 'ip' == $host_type ) + if ( 'ip' == $host_type ) { return false; + } // Test to see if the domain is at least 2 deep for wildcard support. - if ( substr_count( $host, '.' ) < 2 ) + if ( substr_count( $host, '.' ) < 2 ) { return false; + } // Wildcard subdomains certs (*.example.com) are valid for a.example.com but not a.b.example.com. $wildcard_host = preg_replace( '/^[^.]+\./', '*.', $host ); @@ -384,7 +420,6 @@ /** * Determines whether this class can be used for retrieving a URL. * - * @static * @since 2.7.0 * @since 3.7.0 Combined with the fsockopen transport and switched to stream_socket_client(). * @@ -392,16 +427,19 @@ * @return bool False means this class can not be used, true means it can. */ public static function test( $args = array() ) { - if ( ! function_exists( 'stream_socket_client' ) ) + if ( ! function_exists( 'stream_socket_client' ) ) { return false; + } $is_ssl = isset( $args['ssl'] ) && $args['ssl']; if ( $is_ssl ) { - if ( ! extension_loaded( 'openssl' ) ) + if ( ! extension_loaded( 'openssl' ) ) { return false; - if ( ! function_exists( 'openssl_x509_parse' ) ) + } + if ( ! function_exists( 'openssl_x509_parse' ) ) { return false; + } } /**