如何使用“ http_request_host_is_external”过滤器

Question

如何使用“ http_request_host_is_external”过滤器

3

8110 2013-11-14

我很难使用http_request_host_is_external过滤器.对于某些背景,我试图设置一个单独的服务器来处理私有插件和主题更新.问题在于它在单独的服务器上,因此Wordpress wp_http_validate_url(wp-includes/http.php)函数会终止该请求.以下是该文件的第481-503行.

 if ( $ip ) {
        $parts = array_map( 'intval', explode( '.', $ip ) );
        if ( '127.0.0.1' === $ip
            || ( 10 === $parts[0] )
            || ( 172 === $parts[0] && 16 <= $parts[1] && 31 >= $parts[1] )
            || ( 192 === $parts[0] && 168 === $parts[1] )
        ) {
            // If host appears local, reject unless specifically allowed.
            /**
             * Check if HTTP request is external or not.
             *
             * Allows to change and allow external requests for the HTTP request.
             *
             * @since 3.6.0
             *
             * @param bool false Whether HTTP request is external or not.
             * @param string $host IP of the requested host.
             * @param string $url URL of the requested host.
             */
            if ( ! apply_filters( 'http_request_host_is_external', false, $host, $url ) )
                return false;
        }
    }

您会注意到其中有一条评论,其中提到我们应该能够应用过滤器并发出外部请求,但我尝试执行的操作似乎无效.

     require 'plugin_update_checker.php';
apply_filters( 'http_request_host_is_external', true, "my-update-server.com", 'http://my-update-server.com/update/8b6b28f1a2604deea192076cb2343ff4/' );
$MyUpdateChecker = new PluginUpdateChecker_1_3(
    'http://my-update-server/update/8b6b28f1a2604deea192076cb2343ff4/',
    __FILE__,
    'testslug'
);

我认为,如果我在插件的主文件中设置过滤器,它会解决这个问题,但是我认为问题在于外部请求正发生在Wordpress的更新程序中,所以也许我的过滤器不适用?

I'm having a really hard time trying to use the http_request_host_is_external filter. For some background, I'm trying to set up a separate server to handle private plugin and theme updates. The problem is that it's on a separate server, so the Wordpress wp_http_validate_url (wp-includes/http.php) function kills the request. The following are lines 481-503 of that file.

if ( $ip ) {
        $parts = array_map( 'intval', explode( '.', $ip ) );
        if ( '127.0.0.1' === $ip
            || ( 10 === $parts[0] )
            || ( 172 === $parts[0] && 16 <= $parts[1] && 31 >= $parts[1] )
            || ( 192 === $parts[0] && 168 === $parts[1] )
        ) {
            // If host appears local, reject unless specifically allowed.
            /**
             * Check if HTTP request is external or not.
             *
             * Allows to change and allow external requests for the HTTP request.
             *
             * @since 3.6.0
             *
             * @param bool false Whether HTTP request is external or not.
             * @param string $host IP of the requested host.
             * @param string $url URL of the requested host.
             */
            if ( ! apply_filters( 'http_request_host_is_external', false, $host, $url ) )
                return false;
        }
    }

You'll notice that there is a comment in there that mentions we should be able to apply the filter and make external requests, but what I'm trying doesn't seem to work.

    require 'plugin_update_checker.php';
apply_filters( 'http_request_host_is_external', true, "my-update-server.com", 'http://my-update-server.com/update/8b6b28f1a2604deea192076cb2343ff4/' );
$MyUpdateChecker = new PluginUpdateChecker_1_3(
    'http://my-update-server/update/8b6b28f1a2604deea192076cb2343ff4/',
    __FILE__,
    'testslug'
);

I thought that if I set the filter in my plugin's main file it would take care of it, but I think the issue is that the external request is happening right in Wordpress's updater, so maybe my filter doesn't apply?

2 个回答

投票数

0

2013-11-14

我似乎有些生锈.这是为我照顾的:

 add_filter( 'http_request_host_is_external', function() { return true; });

I'm apparently a little rusty. This took care of it for me:

add_filter( 'http_request_host_is_external', function() { return true; });

Otto · Accepted Answer · 2013-11-14

11

2013-11-14

您可以执行以下操作:

 add_filter( 'http_request_host_is_external', '__return_true' );

但是,请注意,这会禁用此安全功能.如果您知道主机或url不会改变,并且始终会保持不变,则可以通过明确检查主机或url来更安全:

 add_filter( 'http_request_host_is_external', 'allow_my_custom_host', 10, 3 );
function allow_my_custom_host( $allow, $host, $url ) {
  if ( $host == 'my-update-server' )
    $allow = true;
  return $allow;
}

You can do this:

add_filter( 'http_request_host_is_external', '__return_true' );

However, note that this disables this security feature. If you know the host or url isn't going to change and is always going to be that, you can be more secure by checking for that explicitly:

add_filter( 'http_request_host_is_external', 'allow_my_custom_host', 10, 3 );
function allow_my_custom_host( $allow, $host, $url ) {
  if ( $host == 'my-update-server' )
    $allow = true;
  return $allow;
}

原文
Otto

(,,10,3)的第三个和第四个参数是什么?

What are the 3rd and 4th arguments for (,,10,3)?
- 0
- 2013-11-15
- Jack Slingerland
10是过滤器的优先级(默认设置为10),而3是传递给过滤器函数的参数数(默认为1).这就是为什么我必须在此处添加10、3的原因,因为我希望函数获取传递给它的$ host和$ url值.

The 10 is the priority of the filter (10 is the default setting), and the 3 is the number of arguments to pass to the filter function (the default is 1). This is why I had to add the 10, 3 here, because I want the function to get the $host and $url values passed to it.
- 1
- 2013-11-15
- Otto