[wp-trac] [WordPress Trac] #48509: Update of WP-core, themes and Plugins fails behind a firewall
WordPress Trac
noreply at wordpress.org
Wed Nov 6 11:04:55 UTC 2019
#48509: Update of WP-core, themes and Plugins fails behind a firewall
----------------------------+-----------------------------
Reporter: karlte | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: HTTP API | Version: 5.2.4
Severity: major | Keywords: needs-patch
Focuses: administration |
----------------------------+-----------------------------
Hello to all!
Thank you very much for creating wordpress and giving me the chance to
report a bug.
I am working in a governmental organization, which uses a big firewall to
protect
themselves agains the attacks from the internet.
The error appeared first in version 5.2.4, in versions before all went
well.
I have set the severity to "major", because you can't use any of the
update functions
of wordpress behind a firewall anymore.
I found out the following:
In wp-includes/http.php in version 5.2.4 the following changes in function
wp_http_validate_url() take part:
{{{#!php
<?php
-------------- wp-includes/http.php version 5.2.4
-----------------------------
...
551 if ( ! $same_host ) {
552 $host = trim( $parsed_url['host'], '.' );
553 if ( preg_match(
'#^(([1-9]?\d|1\d\d|25[0-5]|2[0-4]\d)\.){3}([1-9]?\d|1\d\d|25[0-5]|2[0-4]\d)$#',
$host ) ) {
554 $ip = $host;
555 } else {
556 $ip = gethostbyname( $host );
557 if ( $ip === $host ) { // Error condition for
gethostbyname()
///////////////////////////////////////////////////////
558 return false; // <---- This is in
version 5.2.4
///////////////////////////////////////////////////////
559 }
560 }
561 if ( $ip ) {
562 $parts = array_map( 'intval', explode( '.',
$ip ) );
563 if ( 127 === $parts[0] || 10 === $parts[0] ||
0 === $parts[0]
564 || ( 172 === $parts[0] && 16 <=
$parts[1] && 31 >= $parts[1] )
565 || ( 192 === $parts[0] && 168 ===
$parts[1] )
566 ) {
...
--------------------------------------------------------------------------------
}}}
Since this change updates of wp-core, install and update of plugins and/or
themes are not(!!) successful.
In version 5.2.3 all went well and i show you the corresponding lines:
{{{#!php
<?php
//-------------- wp-includes/http.php version 5.2.3
------------------------------
...
551 if ( ! $same_host ) {
552 $host = trim( $parsed_url['host'], '.' );
553 if ( preg_match(
'#^(([1-9]?\d|1\d\d|25[0-5]|2[0-4]\d)\.){3}([1-9]?\d|1\d\d|25[0-5]|2[0-4]\d)$#',
$host ) ) {
554 $ip = $host;
555 } else {
556 $ip = gethostbyname( $host );
557 if ( $ip === $host ) { // Error condition for
gethostbyname()
////////////////////////////////////////////////
558 $ip = false; // this works fine
behind firewall
////////////////////////////////////////////////
559 }
560 }
561 if ( $ip ) {
562 $parts = array_map( 'intval', explode( '.',
$ip ) );
563 if ( 127 === $parts[0] || 10 === $parts[0] ||
0 === $parts[0]
564 || ( 172 === $parts[0] && 16 <=
$parts[1] && 31 >= $parts[1] )
565 || ( 192 === $parts[0] && 168 ===
$parts[1] )
566 ) {
...
//--------------------------------------------------------------------------------
}}}
The reason is the php-function "gethostbyname()", which returns an ip-
number to a given host.
Behind a firewall you will find typically no dns-resolving of internet
host names. In this
case gethostbyname() does not return an ip-number, it returns the host
name. Therefor the
condition in line 557 becomes "true" and the result of
wp_http_validate_url() is false.
This produces the error '**A valid URL was not provided.**' in public
function request in
wp-includes/class-http.php
I hope, that helps you to enhance wordpress. I change the 558 back to
version 5.2.3
and wordpress works as good as ever behind a firewall.
Greetings karlte
--
Ticket URL: <https://core.trac.wordpress.org/ticket/48509>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list