From 0c3a3e9be5bef0a884c02cc6cbdf08735bec883e Mon Sep 17 00:00:00 2001 From: dd32 Date: Sun, 14 Feb 2010 10:41:07 +0000 Subject: [PATCH] Disable Redirection on HEAD requests. See #10624 git-svn-id: http://svn.automattic.com/wordpress/trunk@13149 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/http.php | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/wp-includes/http.php b/wp-includes/http.php index 2742eb890..5ee9a6c77 100644 --- a/wp-includes/http.php +++ b/wp-includes/http.php @@ -748,7 +748,7 @@ class WP_Http_Fsockopen { return new WP_Error('http_request_failed', $arrHeaders['response']['code'] . ': ' . $arrHeaders['response']['message']); // If location is found, then assume redirect and redirect to location. - if ( isset($arrHeaders['headers']['location']) ) { + if ( 'HEAD' != $r['method'] && isset($arrHeaders['headers']['location']) ) { if ( $r['redirection']-- > 0 ) { return $this->request($arrHeaders['headers']['location'], $r); } else { @@ -915,8 +915,10 @@ class WP_Http_Fopen { if ( ! function_exists('fopen') || (function_exists('ini_get') && true != ini_get('allow_url_fopen')) ) return false; - $use = true; + if ( isset($args['method']) && 'HEAD' == $args['method'] ) //This transport cannot make a HEAD request + return false; + $use = true; //PHP does not verify SSL certs, We can only make a request via this transports if SSL Verification is turned off. $is_ssl = isset($args['ssl']) && $args['ssl']; if ( $is_ssl ) { @@ -1010,6 +1012,7 @@ class WP_Http_Streams { 'max_redirects' => $r['redirection'] + 1, // See #11557 'protocol_version' => (float) $r['httpversion'], 'header' => $strHeaders, + 'ignore_errors' => true, // Return non-200 requests. 'timeout' => $r['timeout'], 'ssl' => array( 'verify_peer' => $ssl_verify, @@ -1029,7 +1032,10 @@ class WP_Http_Streams { $arrContext['http']['header'] .= $proxy->authentication_header() . "\r\n"; } - if ( ! is_null($r['body']) && ! empty($r['body'] ) ) + if ( 'HEAD' == $r['method'] ) // Disable redirects for HEAD requests + $arrContext['http']['max_redirects'] = 1; + + if ( ! empty($r['body'] ) ) $arrContext['http']['content'] = $r['body']; $context = stream_context_create($arrContext); @@ -1039,7 +1045,7 @@ class WP_Http_Streams { else $handle = fopen($url, 'r', false, $context); - if ( ! $handle) + if ( ! $handle ) return new WP_Error('http_request_failed', sprintf(__('Could not open handle for fopen() to %s'), $url)); $timeout = (int) floor( $r['timeout'] ); @@ -1190,6 +1196,9 @@ class WP_Http_ExtHTTP { ) ); + if ( HTTP_METH_HEAD == $r['method'] ) + $options['redirect'] = 0; // Assumption: Docs seem to suggest that this means do not follow. Untested. + // The HTTP extensions offers really easy proxy support. $proxy = new WP_HTTP_Proxy(); @@ -1358,7 +1367,8 @@ class WP_Http_Curl { curl_setopt( $handle, CURLOPT_HEADER, false ); // The option doesn't work with safe mode or when open_basedir is set. - if ( !ini_get('safe_mode') && !ini_get('open_basedir') ) + // Disable HEAD when making HEAD requests. + if ( !ini_get('safe_mode') && !ini_get('open_basedir') && 'HEAD' != $r['method'] ) curl_setopt( $handle, CURLOPT_FOLLOWLOCATION, true ); if ( !empty( $r['headers'] ) ) { @@ -2165,4 +2175,4 @@ function wp_remote_retrieve_body(&$response) { return $response['body']; } -?> +?> \ No newline at end of file