You still need to specify that unsafe URLs not be rejected, but there is one more opportunity to reject such URLs except for that one with the filter ‘http_api_transports’. This filter is intended to specify a particular transport, but the URL is passed to the callback, and returning false results in the request being rejected, so the URL can be run through a custom version of wp_http_validate_url(), which is the function skipped when ‘reject_unsafe_urls’ is set to false.
The only queer thing about filtering URLs this way is the returned error will report no transports were found though it was actually an unsafe URL causing the error.
BTW, instead of the code you are using, you can achieve the same result with simply add_filter('http_request_reject_unsafe_urls', '__return_false');
Hello bcworkz,
Thank you for your reply.
The RSS that’s on the same server is valid by W3C standards,
There must be some server setting that cause the wordpress to evaluate it as invalid. I can’t change these settings though.
Is there any way to modify the add_filter(‘http_request_reject_unsafe_urls’, ‘__return_false’); so it works for only one url? (thank you for the more elegant code)
I don’t want to compromise the security more than it’s necessary and the server i want to allow in i can trust.
Thank You,
Vladimir
No, there is no “clean” way to alter the function that rejects unsafe URLs. You’d have to directly modify the core code, which is a very bad idea. The only clean way (though rather hacky) I could find was as I mentioned in my previous post in using the ‘http_api_transports’ filter to check URLs.
Hello bcworkz,
Right. Thank you for the update.
Could you point me to some resources on how to do the ‘http_api_transports’?
At this point I don’t even know where to start.
Thank you
Refer to public function _get_first_available_transport(). The filter is applied first thing. You can see both the arguments array and the URL are passed in addition to the array of transports.
Your filter callback will want to essentially run a custom version of wp_http_validate_url() that rejects bad URLs as normal unless it is that one URL that is legitimate that is hanging things up in your installation.
For this filter, to accept the URL, simply return the first parameter passed to your callback, the transport array. To reject the URL, return false. The error message will be ‘There are no HTTP transports available which can complete the requested request.’ Though completely misleading, at least bad URLs are rejected.
In reviewing the WP_Http class again, I noticed there is another possibility. You still cannot alter the unsafe URL check function, but you can override the entire WP_Http::request() method with the ‘pre_http_request’ filter. You are again passed the arguments and the URL, but now you must do everything the request method does. Not only checking for unsafe URLs, but parse the URL, completely validating it, process headers, verify the encoding, build the actual query and dispatch the request, update cookies, and return the results, among other things.
A lot of stuff, but mostly cut and paste existing code. The main advantage is you can use your custom version of rejecting unsafe URLs and return a proper error if one is found.
Hello,
Thank you.
I will start working on it.
hi,
i’m having the same issue, with the code in first post everything works, but as already said is an unsafe method… did someone find the way to not reject a specific URL without hacking wp core?
If you require assistance then, as per the Forum Welcome, please post your own topic instead of tagging onto someone else’s topic. This topic has been resolved.
