[wp-trac] [WordPress Trac] #26353: wp_safe_remote_*() functions do not appear to work
WordPress Trac
noreply at wordpress.org
Mon Dec 2 10:30:34 UTC 2013
#26353: wp_safe_remote_*() functions do not appear to work
-------------------------------+------------------------------
Reporter: stefwilliams | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 3.7.1
Severity: normal | Resolution:
Keywords: reporter-feedback |
-------------------------------+------------------------------
Comment (by dd32):
The wp_safe_* HTTP methods CAN'T be used to access local-to-server
networks, that's their entire purpose, to protect code from making
potentially unsafe requests to user-supplied url's (user supplied being
site visitors too) that could reveal sensitive data that a user wouldnt
otherwise have access to.
The best way to allow WordPress to access a local resource is to use the
`http_request_host_is_external` filter, for example:
{{{
add_filter( 'http_request_host_is_external', 'allow_server_mydomain', 10,
3 );
function allow_server_mydomain( $allowed, $hostname, $url ) {
if ( 'server.mydomain' == $hostname ) // IP resolves to something like
10.1.2.3
return true; // Treat this server as being NOT internal network
else
return $allowed;
}
}}}
--
Ticket URL: <http://core.trac.wordpress.org/ticket/26353#comment:2>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list