[wp-trac] [WordPress Trac] #16606: WP_Http_Streams::test doesn't check enough to confirm if it can do HTTPS

WordPress Trac wp-trac at lists.automattic.com
Fri Mar 25 10:21:36 UTC 2011 

#16606: WP_Http_Streams::test doesn't check enough to confirm if it can do HTTPS
---------------------------------+-----------------------------
 Reporter:  westi                |       Owner:
     Type:  defect (bug)         |      Status:  new
 Priority:  high                 |   Milestone:  Future Release
Component:  HTTP                 |     Version:  3.0.5
 Severity:  major                |  Resolution:
 Keywords:  3.2-early has-patch  |
---------------------------------+-----------------------------

Comment (by hakre):

 Replying to [comment:4 dd32]:
 > The Streams class only accepts http:// and https:// scheme's:
 > {{{
 >               if ( 'http' != $arrURL['scheme'] && 'https' !=
 $arrURL['scheme'] )
 >                       $url = preg_replace('|^' .
 preg_quote($arrURL['scheme'], '|') . '|', 'http', $url);
 > }}}
 > That renders most of the content of these patches moot.

 Hm?

 As this is the public test() function, it should return false if you test
 it with a URL with a scheme that is not supported, than that function
 should first of all return false for that tested URL.

 If the class can technically not support the scheme of the URL because
 there is no stream wrapper for that scheme registered, it should return
 false. Existing wrappers are available via stream_get_wrappers().

 If you want to check for SSL transport, my stance is to make use of
 stream_get_transports() to check for SSL. That check is more generic than
 checking for the openssl extension in specific.

 I'll attach an updated patch that takes care of all of those.

 For your suggested fopen exists + ini_get exists + allow_url_fopen check I
 suggest we create a function in either a base class for all transports or
 into WP_HTTP as this is used more and more often.

 We could add some for SSL as well because until now, it's checked against
 the open_ssl library only. A ->has($what) like wpdb::has_cap() probably.
 Or on both classes, so that WP_Http can check on all supported transports.
 Could be added to blocking as well, just an idea.

 For what reason does the http stream transport class does not support
 other wrappers btw?

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/16606#comment:5>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list