[ Index ]

PHP Cross Reference of WordPress Trunk (Updated Daily)

Search

title

Body

[close]

/wp-includes/ -> http.php (source)

   1  <?php
   2  /**
   3   * Core HTTP Request API
   4   *
   5   * Standardizes the HTTP requests for WordPress. Handles cookies, gzip encoding and decoding, chunk
   6   * decoding, if HTTP 1.1 and various other difficult HTTP protocol implementations.
   7   *
   8   * @package WordPress
   9   * @subpackage HTTP
  10   */
  11  
  12  /**
  13   * Returns the initialized WP_Http Object
  14   *
  15   * @since 2.7.0
  16   * @access private
  17   *
  18   * @return WP_Http HTTP Transport object.
  19   */
  20  function _wp_http_get_object() {
  21      static $http = null;
  22  
  23      if ( is_null( $http ) ) {
  24          $http = new WP_Http();
  25      }
  26      return $http;
  27  }
  28  
  29  /**
  30   * Retrieves the raw response from a safe HTTP request.
  31   *
  32   * This function is ideal when the HTTP request is being made to an arbitrary
  33   * URL. The URL, and every URL it redirects to, are validated with wp_http_validate_url()
  34   * to avoid Server Side Request Forgery attacks (SSRF).
  35   *
  36   * @since 3.6.0
  37   *
  38   * @see wp_remote_request() For more information on the response array format.
  39   * @see WP_Http::request() For default arguments information.
  40   * @see wp_http_validate_url() For more information about how the URL is validated.
  41   *
  42   * @link https://owasp.org/www-community/attacks/Server_Side_Request_Forgery
  43   *
  44   * @param string $url  URL to retrieve.
  45   * @param array  $args Optional. Request arguments. Default empty array.
  46   *                     See WP_Http::request() for information on accepted arguments.
  47   * @return array|WP_Error The response or WP_Error on failure.
  48   *                        See WP_Http::request() for information on return value.
  49   */
  50  function wp_safe_remote_request( $url, $args = array() ) {
  51      $args['reject_unsafe_urls'] = true;
  52      $http                       = _wp_http_get_object();
  53      return $http->request( $url, $args );
  54  }
  55  
  56  /**
  57   * Retrieves the raw response from a safe HTTP request using the GET method.
  58   *
  59   * This function is ideal when the HTTP request is being made to an arbitrary
  60   * URL. The URL, and every URL it redirects to, are validated with wp_http_validate_url()
  61   * to avoid Server Side Request Forgery attacks (SSRF).
  62   *
  63   * @since 3.6.0
  64   *
  65   * @see wp_remote_request() For more information on the response array format.
  66   * @see WP_Http::request() For default arguments information.
  67   * @see wp_http_validate_url() For more information about how the URL is validated.
  68   *
  69   * @link https://owasp.org/www-community/attacks/Server_Side_Request_Forgery
  70   *
  71   * @param string $url  URL to retrieve.
  72   * @param array  $args Optional. Request arguments. Default empty array.
  73   *                     See WP_Http::request() for information on accepted arguments.
  74   * @return array|WP_Error The response or WP_Error on failure.
  75   *                        See WP_Http::request() for information on return value.
  76   */
  77  function wp_safe_remote_get( $url, $args = array() ) {
  78      $args['reject_unsafe_urls'] = true;
  79      $http                       = _wp_http_get_object();
  80      return $http->get( $url, $args );
  81  }
  82  
  83  /**
  84   * Retrieves the raw response from a safe HTTP request using the POST method.
  85   *
  86   * This function is ideal when the HTTP request is being made to an arbitrary
  87   * URL. The URL, and every URL it redirects to, are validated with wp_http_validate_url()
  88   * to avoid Server Side Request Forgery attacks (SSRF).
  89   *
  90   * @since 3.6.0
  91   *
  92   * @see wp_remote_request() For more information on the response array format.
  93   * @see WP_Http::request() For default arguments information.
  94   * @see wp_http_validate_url() For more information about how the URL is validated.
  95   *
  96   * @link https://owasp.org/www-community/attacks/Server_Side_Request_Forgery
  97   *
  98   * @param string $url  URL to retrieve.
  99   * @param array  $args Optional. Request arguments. Default empty array.
 100   *                     See WP_Http::request() for information on accepted arguments.
 101   * @return array|WP_Error The response or WP_Error on failure.
 102   *                        See WP_Http::request() for information on return value.
 103   */
 104  function wp_safe_remote_post( $url, $args = array() ) {
 105      $args['reject_unsafe_urls'] = true;
 106      $http                       = _wp_http_get_object();
 107      return $http->post( $url, $args );
 108  }
 109  
 110  /**
 111   * Retrieves the raw response from a safe HTTP request using the HEAD method.
 112   *
 113   * This function is ideal when the HTTP request is being made to an arbitrary
 114   * URL. The URL, and every URL it redirects to, are validated with wp_http_validate_url()
 115   * to avoid Server Side Request Forgery attacks (SSRF).
 116   *
 117   * @since 3.6.0
 118   *
 119   * @see wp_remote_request() For more information on the response array format.
 120   * @see WP_Http::request() For default arguments information.
 121   * @see wp_http_validate_url() For more information about how the URL is validated.
 122   *
 123   * @link https://owasp.org/www-community/attacks/Server_Side_Request_Forgery
 124   *
 125   * @param string $url  URL to retrieve.
 126   * @param array  $args Optional. Request arguments. Default empty array.
 127   *                     See WP_Http::request() for information on accepted arguments.
 128   * @return array|WP_Error The response or WP_Error on failure.
 129   *                        See WP_Http::request() for information on return value.
 130   */
 131  function wp_safe_remote_head( $url, $args = array() ) {
 132      $args['reject_unsafe_urls'] = true;
 133      $http                       = _wp_http_get_object();
 134      return $http->head( $url, $args );
 135  }
 136  
 137  /**
 138   * Performs an HTTP request and returns its response.
 139   *
 140   * There are other API functions available which abstract away the HTTP method:
 141   *
 142   *  - Default 'GET'  for wp_remote_get()
 143   *  - Default 'POST' for wp_remote_post()
 144   *  - Default 'HEAD' for wp_remote_head()
 145   *
 146   * @since 2.7.0
 147   *
 148   * @see WP_Http::request() For information on default arguments.
 149   *
 150   * @param string $url  URL to retrieve.
 151   * @param array  $args Optional. Request arguments. Default empty array.
 152   *                     See WP_Http::request() for information on accepted arguments.
 153   * @return array|WP_Error The response array or a WP_Error on failure.
 154   *                        See WP_Http::request() for information on return value.
 155   */
 156  function wp_remote_request( $url, $args = array() ) {
 157      $http = _wp_http_get_object();
 158      return $http->request( $url, $args );
 159  }
 160  
 161  /**
 162   * Performs an HTTP request using the GET method and returns its response.
 163   *
 164   * @since 2.7.0
 165   *
 166   * @see wp_remote_request() For more information on the response array format.
 167   * @see WP_Http::request() For default arguments information.
 168   *
 169   * @param string $url  URL to retrieve.
 170   * @param array  $args Optional. Request arguments. Default empty array.
 171   *                     See WP_Http::request() for information on accepted arguments.
 172   * @return array|WP_Error The response or WP_Error on failure.
 173   *                        See WP_Http::request() for information on return value.
 174   */
 175  function wp_remote_get( $url, $args = array() ) {
 176      $http = _wp_http_get_object();
 177      return $http->get( $url, $args );
 178  }
 179  
 180  /**
 181   * Performs an HTTP request using the POST method and returns its response.
 182   *
 183   * @since 2.7.0
 184   *
 185   * @see wp_remote_request() For more information on the response array format.
 186   * @see WP_Http::request() For default arguments information.
 187   *
 188   * @param string $url  URL to retrieve.
 189   * @param array  $args Optional. Request arguments. Default empty array.
 190   *                     See WP_Http::request() for information on accepted arguments.
 191   * @return array|WP_Error The response or WP_Error on failure.
 192   *                        See WP_Http::request() for information on return value.
 193   */
 194  function wp_remote_post( $url, $args = array() ) {
 195      $http = _wp_http_get_object();
 196      return $http->post( $url, $args );
 197  }
 198  
 199  /**
 200   * Performs an HTTP request using the HEAD method and returns its response.
 201   *
 202   * @since 2.7.0
 203   *
 204   * @see wp_remote_request() For more information on the response array format.
 205   * @see WP_Http::request() For default arguments information.
 206   *
 207   * @param string $url  URL to retrieve.
 208   * @param array  $args Optional. Request arguments. Default empty array.
 209   *                     See WP_Http::request() for information on accepted arguments.
 210   * @return array|WP_Error The response or WP_Error on failure.
 211   *                        See WP_Http::request() for information on return value.
 212   */
 213  function wp_remote_head( $url, $args = array() ) {
 214      $http = _wp_http_get_object();
 215      return $http->head( $url, $args );
 216  }
 217  
 218  /**
 219   * Retrieves only the headers from the raw response.
 220   *
 221   * @since 2.7.0
 222   * @since 4.6.0 Return value changed from an array to an WpOrg\Requests\Utility\CaseInsensitiveDictionary instance.
 223   *
 224   * @see \WpOrg\Requests\Utility\CaseInsensitiveDictionary
 225   *
 226   * @param array|WP_Error $response HTTP response.
 227   * @return \WpOrg\Requests\Utility\CaseInsensitiveDictionary|array The headers of the response, or empty array
 228   *                                                                 if incorrect parameter given.
 229   */
 230  function wp_remote_retrieve_headers( $response ) {
 231      if ( is_wp_error( $response ) || ! isset( $response['headers'] ) ) {
 232          return array();
 233      }
 234  
 235      return $response['headers'];
 236  }
 237  
 238  /**
 239   * Retrieves a single header by name from the raw response.
 240   *
 241   * @since 2.7.0
 242   *
 243   * @param array|WP_Error $response HTTP response.
 244   * @param string         $header   Header name to retrieve value from.
 245   * @return array|string The header(s) value(s). Array if multiple headers with the same name are retrieved.
 246   *                      Empty string if incorrect parameter given, or if the header doesn't exist.
 247   */
 248  function wp_remote_retrieve_header( $response, $header ) {
 249      if ( is_wp_error( $response ) || ! isset( $response['headers'] ) ) {
 250          return '';
 251      }
 252  
 253      if ( isset( $response['headers'][ $header ] ) ) {
 254          return $response['headers'][ $header ];
 255      }
 256  
 257      return '';
 258  }
 259  
 260  /**
 261   * Retrieves only the response code from the raw response.
 262   *
 263   * Will return an empty string if incorrect parameter value is given.
 264   *
 265   * @since 2.7.0
 266   *
 267   * @param array|WP_Error $response HTTP response.
 268   * @return int|string The response code as an integer. Empty string if incorrect parameter given.
 269   */
 270  function wp_remote_retrieve_response_code( $response ) {
 271      if ( is_wp_error( $response ) || ! isset( $response['response'] ) || ! is_array( $response['response'] ) ) {
 272          return '';
 273      }
 274  
 275      return $response['response']['code'];
 276  }
 277  
 278  /**
 279   * Retrieves only the response message from the raw response.
 280   *
 281   * Will return an empty string if incorrect parameter value is given.
 282   *
 283   * @since 2.7.0
 284   *
 285   * @param array|WP_Error $response HTTP response.
 286   * @return string The response message. Empty string if incorrect parameter given.
 287   */
 288  function wp_remote_retrieve_response_message( $response ) {
 289      if ( is_wp_error( $response ) || ! isset( $response['response'] ) || ! is_array( $response['response'] ) ) {
 290          return '';
 291      }
 292  
 293      return $response['response']['message'];
 294  }
 295  
 296  /**
 297   * Retrieves only the body from the raw response.
 298   *
 299   * @since 2.7.0
 300   *
 301   * @param array|WP_Error $response HTTP response.
 302   * @return string The body of the response. Empty string if no body or incorrect parameter given.
 303   */
 304  function wp_remote_retrieve_body( $response ) {
 305      if ( is_wp_error( $response ) || ! isset( $response['body'] ) ) {
 306          return '';
 307      }
 308  
 309      return $response['body'];
 310  }
 311  
 312  /**
 313   * Retrieves only the cookies from the raw response.
 314   *
 315   * @since 4.4.0
 316   *
 317   * @param array|WP_Error $response HTTP response.
 318   * @return WP_Http_Cookie[] An array of `WP_Http_Cookie` objects from the response.
 319   *                          Empty array if there are none, or the response is a WP_Error.
 320   */
 321  function wp_remote_retrieve_cookies( $response ) {
 322      if ( is_wp_error( $response ) || empty( $response['cookies'] ) ) {
 323          return array();
 324      }
 325  
 326      return $response['cookies'];
 327  }
 328  
 329  /**
 330   * Retrieves a single cookie by name from the raw response.
 331   *
 332   * @since 4.4.0
 333   *
 334   * @param array|WP_Error $response HTTP response.
 335   * @param string         $name     The name of the cookie to retrieve.
 336   * @return WP_Http_Cookie|string The `WP_Http_Cookie` object, or empty string
 337   *                               if the cookie is not present in the response.
 338   */
 339  function wp_remote_retrieve_cookie( $response, $name ) {
 340      $cookies = wp_remote_retrieve_cookies( $response );
 341  
 342      if ( empty( $cookies ) ) {
 343          return '';
 344      }
 345  
 346      foreach ( $cookies as $cookie ) {
 347          if ( $cookie->name === $name ) {
 348              return $cookie;
 349          }
 350      }
 351  
 352      return '';
 353  }
 354  
 355  /**
 356   * Retrieves a single cookie's value by name from the raw response.
 357   *
 358   * @since 4.4.0
 359   *
 360   * @param array|WP_Error $response HTTP response.
 361   * @param string         $name     The name of the cookie to retrieve.
 362   * @return string The value of the cookie, or empty string
 363   *                if the cookie is not present in the response.
 364   */
 365  function wp_remote_retrieve_cookie_value( $response, $name ) {
 366      $cookie = wp_remote_retrieve_cookie( $response, $name );
 367  
 368      if ( ! ( $cookie instanceof WP_Http_Cookie ) ) {
 369          return '';
 370      }
 371  
 372      return $cookie->value;
 373  }
 374  
 375  /**
 376   * Determines if there is an HTTP Transport that can process this request.
 377   *
 378   * @since 3.2.0
 379   *
 380   * @param array  $capabilities Array of capabilities to test or a wp_remote_request() $args array.
 381   * @param string $url          Optional. If given, will check if the URL requires SSL and adds
 382   *                             that requirement to the capabilities array.
 383   *
 384   * @return bool
 385   */
 386  function wp_http_supports( $capabilities = array(), $url = null ) {
 387      $capabilities = wp_parse_args( $capabilities );
 388  
 389      $count = count( $capabilities );
 390  
 391      // If we have a numeric $capabilities array, spoof a wp_remote_request() associative $args array.
 392      if ( $count && count( array_filter( array_keys( $capabilities ), 'is_numeric' ) ) === $count ) {
 393          $capabilities = array_combine( array_values( $capabilities ), array_fill( 0, $count, true ) );
 394      }
 395  
 396      if ( $url && ! isset( $capabilities['ssl'] ) ) {
 397          $scheme = parse_url( $url, PHP_URL_SCHEME );
 398          if ( 'https' === $scheme || 'ssl' === $scheme ) {
 399              $capabilities['ssl'] = true;
 400          }
 401      }
 402  
 403      return WpOrg\Requests\Requests::has_capabilities( $capabilities );
 404  }
 405  
 406  /**
 407   * Gets the HTTP Origin of the current request.
 408   *
 409   * @since 3.4.0
 410   *
 411   * @return string URL of the origin. Empty string if no origin.
 412   */
 413  function get_http_origin() {
 414      $origin = '';
 415      if ( ! empty( $_SERVER['HTTP_ORIGIN'] ) ) {
 416          $origin = $_SERVER['HTTP_ORIGIN'];
 417      }
 418  
 419      /**
 420       * Changes the origin of an HTTP request.
 421       *
 422       * @since 3.4.0
 423       *
 424       * @param string $origin The original origin for the request.
 425       */
 426      return apply_filters( 'http_origin', $origin );
 427  }
 428  
 429  /**
 430   * Retrieves list of allowed HTTP origins.
 431   *
 432   * @since 3.4.0
 433   *
 434   * @return string[] Array of origin URLs.
 435   */
 436  function get_allowed_http_origins() {
 437      $admin_origin = parse_url( admin_url() );
 438      $home_origin  = parse_url( home_url() );
 439  
 440      // @todo Preserve port?
 441      $allowed_origins = array_unique(
 442          array(
 443              'http://' . $admin_origin['host'],
 444              'https://' . $admin_origin['host'],
 445              'http://' . $home_origin['host'],
 446              'https://' . $home_origin['host'],
 447          )
 448      );
 449  
 450      /**
 451       * Changes the origin types allowed for HTTP requests.
 452       *
 453       * @since 3.4.0
 454       *
 455       * @param string[] $allowed_origins {
 456       *     Array of default allowed HTTP origins.
 457       *
 458       *     @type string $0 Non-secure URL for admin origin.
 459       *     @type string $1 Secure URL for admin origin.
 460       *     @type string $2 Non-secure URL for home origin.
 461       *     @type string $3 Secure URL for home origin.
 462       * }
 463       */
 464      return apply_filters( 'allowed_http_origins', $allowed_origins );
 465  }
 466  
 467  /**
 468   * Determines if the HTTP origin is an authorized one.
 469   *
 470   * @since 3.4.0
 471   *
 472   * @param string|null $origin Origin URL. If not provided, the value of get_http_origin() is used.
 473   * @return string Origin URL if allowed, empty string if not.
 474   */
 475  function is_allowed_http_origin( $origin = null ) {
 476      $origin_arg = $origin;
 477  
 478      if ( null === $origin ) {
 479          $origin = get_http_origin();
 480      }
 481  
 482      if ( $origin && ! in_array( $origin, get_allowed_http_origins(), true ) ) {
 483          $origin = '';
 484      }
 485  
 486      /**
 487       * Changes the allowed HTTP origin result.
 488       *
 489       * @since 3.4.0
 490       *
 491       * @param string $origin     Origin URL if allowed, empty string if not.
 492       * @param string $origin_arg Original origin string passed into is_allowed_http_origin function.
 493       */
 494      return apply_filters( 'allowed_http_origin', $origin, $origin_arg );
 495  }
 496  
 497  /**
 498   * Sends Access-Control-Allow-Origin and related headers if the current request
 499   * is from an allowed origin.
 500   *
 501   * If the request is an OPTIONS request, the script exits with either access
 502   * control headers sent, or a 403 response if the origin is not allowed. For
 503   * other request methods, you will receive a return value.
 504   *
 505   * @since 3.4.0
 506   *
 507   * @return string|false Returns the origin URL if headers are sent. Returns false
 508   *                      if headers are not sent.
 509   */
 510  function send_origin_headers() {
 511      $origin = get_http_origin();
 512  
 513      if ( is_allowed_http_origin( $origin ) ) {
 514          header( 'Access-Control-Allow-Origin: ' . $origin );
 515          header( 'Access-Control-Allow-Credentials: true' );
 516          if ( 'OPTIONS' === $_SERVER['REQUEST_METHOD'] ) {
 517              exit;
 518          }
 519          return $origin;
 520      }
 521  
 522      if ( 'OPTIONS' === $_SERVER['REQUEST_METHOD'] ) {
 523          status_header( 403 );
 524          exit;
 525      }
 526  
 527      return false;
 528  }
 529  
 530  /**
 531   * Validates a URL for safe use in the HTTP API.
 532   *
 533   * Examples of URLs that are considered unsafe:
 534   *
 535   * - ftp://example.com/caniload.php - Invalid protocol - only http and https are allowed.
 536   * - http:///example.com/caniload.php - Malformed URL.
 537   * - http://user:pass@example.com/caniload.php - Login information.
 538   * - http://example.invalid/caniload.php - Invalid hostname, as the IP cannot be looked up in DNS.
 539   *
 540   * Examples of URLs that are considered unsafe by default:
 541   *
 542   * - http://192.168.0.1/caniload.php - IPs from LAN networks.
 543   *   This can be changed with the {@see 'http_request_host_is_external'} filter.
 544   * - http://198.143.164.252:81/caniload.php - By default, only 80, 443, and 8080 ports are allowed.
 545   *   This can be changed with the {@see 'http_allowed_safe_ports'} filter.
 546   *
 547   * @since 3.5.2
 548   *
 549   * @param string $url Request URL.
 550   * @return string|false URL or false on failure.
 551   */
 552  function wp_http_validate_url( $url ) {
 553      if ( ! is_string( $url ) || '' === $url || is_numeric( $url ) ) {
 554          return false;
 555      }
 556  
 557      $original_url = $url;
 558      $url          = wp_kses_bad_protocol( $url, array( 'http', 'https' ) );
 559      if ( ! $url || strtolower( $url ) !== strtolower( $original_url ) ) {
 560          return false;
 561      }
 562  
 563      $parsed_url = parse_url( $url );
 564      if ( ! $parsed_url || empty( $parsed_url['host'] ) ) {
 565          return false;
 566      }
 567  
 568      if ( isset( $parsed_url['user'] ) || isset( $parsed_url['pass'] ) ) {
 569          return false;
 570      }
 571  
 572      if ( false !== strpbrk( $parsed_url['host'], ':#?[]' ) ) {
 573          return false;
 574      }
 575  
 576      $parsed_home = parse_url( get_option( 'home' ) );
 577      $same_host   = isset( $parsed_home['host'] ) && strtolower( $parsed_home['host'] ) === strtolower( $parsed_url['host'] );
 578      $host        = trim( $parsed_url['host'], '.' );
 579  
 580      if ( ! $same_host ) {
 581          if ( preg_match( '#^(([1-9]?\d|1\d\d|25[0-5]|2[0-4]\d)\.){3}([1-9]?\d|1\d\d|25[0-5]|2[0-4]\d)$#', $host ) ) {
 582              $ip = $host;
 583          } else {
 584              $ip = gethostbyname( $host );
 585              if ( $ip === $host ) { // Error condition for gethostbyname().
 586                  return false;
 587              }
 588          }
 589          if ( $ip ) {
 590              $parts = array_map( 'intval', explode( '.', $ip ) );
 591              if ( 127 === $parts[0] || 10 === $parts[0] || 0 === $parts[0]
 592                  || ( 172 === $parts[0] && 16 <= $parts[1] && 31 >= $parts[1] )
 593                  || ( 192 === $parts[0] && 168 === $parts[1] )
 594              ) {
 595                  // If host appears local, reject unless specifically allowed.
 596                  /**
 597                   * Checks if HTTP request is external or not.
 598                   *
 599                   * Allows to change and allow external requests for the HTTP request.
 600                   *
 601                   * @since 3.6.0
 602                   *
 603                   * @param bool   $external Whether HTTP request is external or not.
 604                   * @param string $host     Host name of the requested URL.
 605                   * @param string $url      Requested URL.
 606                   */
 607                  if ( ! apply_filters( 'http_request_host_is_external', false, $host, $url ) ) {
 608                      return false;
 609                  }
 610              }
 611          }
 612      }
 613  
 614      if ( empty( $parsed_url['port'] ) ) {
 615          return $url;
 616      }
 617  
 618      $port = $parsed_url['port'];
 619  
 620      /**
 621       * Controls the list of ports considered safe in HTTP API.
 622       *
 623       * Allows to change and allow external requests for the HTTP request.
 624       *
 625       * @since 5.9.0
 626       *
 627       * @param int[]  $allowed_ports Array of integers for valid ports.
 628       * @param string $host          Host name of the requested URL.
 629       * @param string $url           Requested URL.
 630       */
 631      $allowed_ports = apply_filters( 'http_allowed_safe_ports', array( 80, 443, 8080 ), $host, $url );
 632      if ( is_array( $allowed_ports ) && in_array( $port, $allowed_ports, true ) ) {
 633          return $url;
 634      }
 635  
 636      if ( $parsed_home && $same_host && isset( $parsed_home['port'] ) && $parsed_home['port'] === $port ) {
 637          return $url;
 638      }
 639  
 640      return false;
 641  }
 642  
 643  /**
 644   * Marks allowed redirect hosts safe for HTTP requests as well.
 645   *
 646   * Attached to the {@see 'http_request_host_is_external'} filter.
 647   *
 648   * @since 3.6.0
 649   *
 650   * @param bool   $is_external
 651   * @param string $host
 652   * @return bool
 653   */
 654  function allowed_http_request_hosts( $is_external, $host ) {
 655      if ( ! $is_external && wp_validate_redirect( 'http://' . $host ) ) {
 656          $is_external = true;
 657      }
 658      return $is_external;
 659  }
 660  
 661  /**
 662   * Adds any domain in a multisite installation for safe HTTP requests to the
 663   * allowed list.
 664   *
 665   * Attached to the {@see 'http_request_host_is_external'} filter.
 666   *
 667   * @since 3.6.0
 668   *
 669   * @global wpdb $wpdb WordPress database abstraction object.
 670   *
 671   * @param bool   $is_external
 672   * @param string $host
 673   * @return bool
 674   */
 675  function ms_allowed_http_request_hosts( $is_external, $host ) {
 676      global $wpdb;
 677      static $queried = array();
 678      if ( $is_external ) {
 679          return $is_external;
 680      }
 681      if ( get_network()->domain === $host ) {
 682          return true;
 683      }
 684      if ( isset( $queried[ $host ] ) ) {
 685          return $queried[ $host ];
 686      }
 687      $queried[ $host ] = (bool) $wpdb->get_var( $wpdb->prepare( "SELECT domain FROM $wpdb->blogs WHERE domain = %s LIMIT 1", $host ) );
 688      return $queried[ $host ];
 689  }
 690  
 691  /**
 692   * A wrapper for PHP's parse_url() function that handles consistency in the return values
 693   * across PHP versions.
 694   *
 695   * Across various PHP versions, schemeless URLs containing a ":" in the query
 696   * are being handled inconsistently. This function works around those differences.
 697   *
 698   * @since 4.4.0
 699   * @since 4.7.0 The `$component` parameter was added for parity with PHP's `parse_url()`.
 700   *
 701   * @link https://www.php.net/manual/en/function.parse-url.php
 702   *
 703   * @param string $url       The URL to parse.
 704   * @param int    $component The specific component to retrieve. Use one of the PHP
 705   *                          predefined constants to specify which one.
 706   *                          Defaults to -1 (= return all parts as an array).
 707   * @return mixed False on parse failure; Array of URL components on success;
 708   *               When a specific component has been requested: null if the component
 709   *               doesn't exist in the given URL; a string or - in the case of
 710   *               PHP_URL_PORT - integer when it does. See parse_url()'s return values.
 711   */
 712  function wp_parse_url( $url, $component = -1 ) {
 713      $to_unset = array();
 714      $url      = (string) $url;
 715  
 716      if ( str_starts_with( $url, '//' ) ) {
 717          $to_unset[] = 'scheme';
 718          $url        = 'placeholder:' . $url;
 719      } elseif ( str_starts_with( $url, '/' ) ) {
 720          $to_unset[] = 'scheme';
 721          $to_unset[] = 'host';
 722          $url        = 'placeholder://placeholder' . $url;
 723      }
 724  
 725      $parts = parse_url( $url );
 726  
 727      if ( false === $parts ) {
 728          // Parsing failure.
 729          return $parts;
 730      }
 731  
 732      // Remove the placeholder values.
 733      foreach ( $to_unset as $key ) {
 734          unset( $parts[ $key ] );
 735      }
 736  
 737      return _get_component_from_parsed_url_array( $parts, $component );
 738  }
 739  
 740  /**
 741   * Retrieves a specific component from a parsed URL array.
 742   *
 743   * @internal
 744   *
 745   * @since 4.7.0
 746   * @access private
 747   *
 748   * @link https://www.php.net/manual/en/function.parse-url.php
 749   *
 750   * @param array|false $url_parts The parsed URL. Can be false if the URL failed to parse.
 751   * @param int         $component The specific component to retrieve. Use one of the PHP
 752   *                               predefined constants to specify which one.
 753   *                               Defaults to -1 (= return all parts as an array).
 754   * @return mixed False on parse failure; Array of URL components on success;
 755   *               When a specific component has been requested: null if the component
 756   *               doesn't exist in the given URL; a string or - in the case of
 757   *               PHP_URL_PORT - integer when it does. See parse_url()'s return values.
 758   */
 759  function _get_component_from_parsed_url_array( $url_parts, $component = -1 ) {
 760      if ( -1 === $component ) {
 761          return $url_parts;
 762      }
 763  
 764      $key = _wp_translate_php_url_constant_to_key( $component );
 765      if ( false !== $key && is_array( $url_parts ) && isset( $url_parts[ $key ] ) ) {
 766          return $url_parts[ $key ];
 767      } else {
 768          return null;
 769      }
 770  }
 771  
 772  /**
 773   * Translates a PHP_URL_* constant to the named array keys PHP uses.
 774   *
 775   * @internal
 776   *
 777   * @since 4.7.0
 778   * @access private
 779   *
 780   * @link https://www.php.net/manual/en/url.constants.php
 781   *
 782   * @param int $constant PHP_URL_* constant.
 783   * @return string|false The named key or false.
 784   */
 785  function _wp_translate_php_url_constant_to_key( $constant ) {
 786      $translation = array(
 787          PHP_URL_SCHEME   => 'scheme',
 788          PHP_URL_HOST     => 'host',
 789          PHP_URL_PORT     => 'port',
 790          PHP_URL_USER     => 'user',
 791          PHP_URL_PASS     => 'pass',
 792          PHP_URL_PATH     => 'path',
 793          PHP_URL_QUERY    => 'query',
 794          PHP_URL_FRAGMENT => 'fragment',
 795      );
 796  
 797      if ( isset( $translation[ $constant ] ) ) {
 798          return $translation[ $constant ];
 799      } else {
 800          return false;
 801      }
 802  }


Generated : Sat Dec 21 08:20:01 2024 Cross-referenced by PHPXref