[wp-hackers] stop HTTP requests made behind one's back

Jennifer Hodgdon yahgrp at poplarware.com
Wed Feb 18 16:23:15 GMT 2009


I took a look at the code, to see if this would be easy/possible. I 
looked at the 2.8-bleeding code; not sure about 2.7.x.

Anyway, it looks to me as though there are a bunch of filters like 
'use_http_curl_transport', etc., in http.php. If you create a plugin 
that returns FALSE for all of these, you would probably make all 
outgoing HTTP/HTTPS requests fail without trying to go out and get 
data. So you don't have to "rip up" http.php, just disable all its 
mechanisms for escaping. [See wp-includes/http.php, functions 
WP_Http->_getTransport() and _postTransport()]

That's assuming that all HTTP/HTTPS requests are going through the 
code in http.php. I'm not sure whether this is the case or not... ???

It also looks like it would be easy to patch core to do something like

    $working_transport = apply_filter( 'working_transport', 
$working_transport);

(and similar for blocking transport), after it tries all the 
transports it knows about, to allow plugins to define their own 
"transport" mechanisms (such as using proxies). Maybe those who care 
about such things should work this out and suggest it?

    --Jennifer

jidanni at jidanni.org wrote:
> HOW ODD, I said to myself, WordPress seems to make a lot of outbound
> HTTP requests, from the minute you first install it.
[...]
> How is one to install WordPress on a military or intranet where making
> HTTP requests to the Internet is not allowed?
> 
> Just rip up wp-includes/http.php? That won't stop other parts of the
> code from then futilely hammering it even more.

-- 
Jennifer Hodgdon * Poplar ProductivityWare
www.poplarware.com

Drupal/WordPress Sites, Themes, Modules/Plugins
Custom Web Programming, Web Databases
PHP, Perl, MySQL, JavaScript, XML, AJAX



More information about the wp-hackers mailing list