[wp-trac] [WordPress Trac] #24646: fetch_feed() returns WP_Error with "A valid URL was not provided"

WordPress Trac noreply at wordpress.org
Fri Jun 28 05:05:33 UTC 2013


#24646: fetch_feed() returns WP_Error with "A valid URL was not provided"
--------------------------+--------------------
 Reporter:  husdaman      |       Owner:
     Type:  defect (bug)  |      Status:  new
 Priority:  normal        |   Milestone:  3.5.3
Component:  Feeds         |     Version:  3.5.2
 Severity:  major         |  Resolution:
 Keywords:                |
--------------------------+--------------------

Comment (by nacin):

 '''Note:''' There is a difference in functionality between 3.5.2 and
 trunk. If you are experiencing problems in trunk, please test to see if
 you are experiencing those problems in 3.5.2. Trunk is more aggressive in
 rejecting URLs. We need detailed information to figure out how aggressive
 is too aggressive. Detailed information can also help identify potentially
 safe situations that we are rejecting as unsafe.

 Replying to [comment:20 mboynes]:
 > I can no longer query a server on a non-standard port.

 Which port? What kind of request? What protocol? What are you trying to
 accomplish? What's your site's port? How are you making this query?

 You said latest nightly build. Just to be clear — are you having issues on
 3.5.2, or only trunk?

 > I believe this came in with the addition of wp_http_validate_url in
 [24480].

 Yes.

 > While I always respect a push for additional security, this one might be
 a little much. Furthermore, if I'm reading it correctly (and please,
 correct me if I'm wrong), it seems like this was added a week ago, is
 already live in 3.5.2, and didn't even get a nod in the >
 [http://wordpress.org/news/2013/06/wordpress-3-5-2/ release announcement].

 The changes to the HTTP API are not enumerated in the announcement post,
 no, but it is part of the first bullet point. There will be a post soon on
 API changes.

 > If that's the case, developers really had no warning that this was
 coming, no notice that it deployed, and no time to test their code. Am I
 missing something really obvious or am I completely misreading what
 happened?

 No, that's what happened. WordPress 3.5.2 is, very simply, a security
 release for all previous WordPress versions.

 There was definitely the possibility that [24480] would break
 functionality. Believe it or not, we decided to break far less than we
 intended.

 Good thing is, 3.6 is just around the corner. We're happy to entertain any
 detailed information that can help improve wp_http_validate_url().

--
Ticket URL: <http://core.trac.wordpress.org/ticket/24646#comment:21>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list