[wp-trac] [WordPress Trac] #36253: Host header should not include port in WP_Http_Streams

WordPress Trac noreply at wordpress.org
Tue Mar 15 22:39:27 UTC 2016


#36253: Host header should not include port in WP_Http_Streams
--------------------------+------------------------------
 Reporter:  bangelov      |       Owner:
     Type:  defect (bug)  |      Status:  new
 Priority:  normal        |   Milestone:  Awaiting Review
Component:  HTTP API      |     Version:  trunk
 Severity:  normal        |  Resolution:
 Keywords:                |     Focuses:
--------------------------+------------------------------
Changes (by swissspidy):

 * component:  General => HTTP API


Old description:

> If you set '''Host''' header that includes port in wp_remote_* methods
> and you are using '''WP_Http_Streams''', port will be doubly added into
> the '''Host''' header which brakes the HTTP request
>
> Example request:
>
> {{{#!php
> <?php
> wp_remote_post( 'http://example.org', array( 'headers' => array( 'Host'
> => 'localhost:8080' ) );
> }}}
>
> will become localhost:8080:8080 because the following code doesn't strip
> the port from the Host header
>
> {{{#!php
> <?php
> if ( isset( $r['headers']['Host'] ) || isset( $r['headers']['host'] ) ) {
>         if ( isset( $r['headers']['Host'] ) )
>                 $arrURL['host'] = $r['headers']['Host'];
>         else
>                 $arrURL['host'] = $r['headers']['host'];
>         unset( $r['headers']['Host'], $r['headers']['host'] );
> }
> }}}
>
> Solution:
>
> {{{#!php
> <?php
> if ( isset( $r['headers']['Host'] ) || isset( $r['headers']['host'] ) ) {
>         if ( isset( $r['headers']['Host'] ) )
>                 $arrURL['host'] = array_shift( explode( ':',
> $r['headers']['Host'] ) );
>         else
>                 $arrURL['host'] = array_shift( explode( ':',
> $r['headers']['host'] ) );
>                 unset( $r['headers']['Host'], $r['headers']['host'] );
>         }
> }}}

New description:

 If you set '''Host''' header that includes port in `wp_remote_*` methods
 and you are using '''WP_Http_Streams''', port will be doubly added into
 the '''Host''' header which breaks the HTTP request

 Example request:

 {{{#!php
 <?php
 wp_remote_post( 'http://example.org', array( 'headers' => array( 'Host' =>
 'localhost:8080' ) );
 }}}

 will become localhost:8080:8080 because the following code doesn't strip
 the port from the Host header

 {{{#!php
 <?php
 if ( isset( $r['headers']['Host'] ) || isset( $r['headers']['host'] ) ) {
         if ( isset( $r['headers']['Host'] ) )
                 $arrURL['host'] = $r['headers']['Host'];
         else
                 $arrURL['host'] = $r['headers']['host'];
         unset( $r['headers']['Host'], $r['headers']['host'] );
 }
 }}}

 Solution:

 {{{#!php
 <?php
 if ( isset( $r['headers']['Host'] ) || isset( $r['headers']['host'] ) ) {
         if ( isset( $r['headers']['Host'] ) )
                 $arrURL['host'] = array_shift( explode( ':',
 $r['headers']['Host'] ) );
         else
                 $arrURL['host'] = array_shift( explode( ':',
 $r['headers']['host'] ) );
                 unset( $r['headers']['Host'], $r['headers']['host'] );
         }
 }}}

--

--
Ticket URL: <https://core.trac.wordpress.org/ticket/36253#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list