Skip to content

Commit 7064e4b

Browse files
authored
Normal subscribers require unsafe urls (#11)
1 parent 102701a commit 7064e4b

File tree

4 files changed

+71
-3
lines changed

4 files changed

+71
-3
lines changed

rsscloud/notification-request.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -50,12 +50,12 @@ function rsscloud_hub_process_notification_request( ) {
5050

5151
$challenge = rsscloud_generate_challenge( );
5252

53-
$result = wp_safe_remote_get( $notify_url . '?url=' . esc_url( wp_unslash( $_POST['url1'] ) ) . '&challenge=' . $challenge, array( 'method' => 'GET', 'timeout' => RSSCLOUD_HTTP_TIMEOUT, 'user-agent' => RSSCLOUD_USER_AGENT, 'port' => $port, ) );
53+
$result = wp_remote_get( $notify_url . '?url=' . esc_url( wp_unslash( $_POST['url1'] ) ) . '&challenge=' . $challenge, array( 'method' => 'GET', 'timeout' => RSSCLOUD_HTTP_TIMEOUT, 'user-agent' => RSSCLOUD_USER_AGENT, 'port' => $port, ) );
5454
} else {
5555
if ( false === strpos( $notify_url, 'http://' ) )
5656
$notify_url = 'http://' . $notify_url;
5757

58-
$result = wp_safe_remote_post( $notify_url, array( 'method' => 'POST', 'timeout' => RSSCLOUD_HTTP_TIMEOUT, 'user-agent' => RSSCLOUD_USER_AGENT, 'port' => $port, 'body' => array( 'url' => esc_url_raw( wp_unslash( $_POST['url1'] ) ) ) ) );
58+
$result = wp_remote_post( $notify_url, array( 'method' => 'POST', 'timeout' => RSSCLOUD_HTTP_TIMEOUT, 'user-agent' => RSSCLOUD_USER_AGENT, 'port' => $port, 'body' => array( 'url' => esc_url_raw( wp_unslash( $_POST['url1'] ) ) ) ) );
5959
}
6060

6161
if ( is_wp_error( $result ) )

rsscloud/send-post-notifications.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,7 @@ function rsscloud_send_post_notifications( $rss2_url = false ) {
3030
if ( !empty( $url['port'] ) )
3131
$port = $url['port'];
3232

33-
$result = wp_safe_remote_post( $notify_url, array( 'method' => 'POST', 'timeout' => RSSCLOUD_HTTP_TIMEOUT, 'user-agent' => RSSCLOUD_USER_AGENT, 'port' => $port, 'body' => array( 'url' => $rss2_url ) ) );
33+
$result = wp_remote_post( $notify_url, array( 'method' => 'POST', 'timeout' => RSSCLOUD_HTTP_TIMEOUT, 'user-agent' => RSSCLOUD_USER_AGENT, 'port' => $port, 'body' => array( 'url' => $rss2_url ) ) );
3434

3535
do_action( 'rsscloud_send_notification' );
3636

tests/test-notification-request.php

Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -534,4 +534,44 @@ function ( $preempt, $args, $url ) {
534534
$notify = rsscloud_get_hub_notifications();
535535
$this->assertArrayHasKey( 'http://callback.example.com:9000/notify', $notify[ $this->feed_url ] );
536536
}
537+
538+
public function test_domain_based_nonstandard_port_not_rejected_by_url_validation() {
539+
// No pre_http_request mock — let the real HTTP layer run so
540+
// wp_http_validate_url is exercised. With a non-standard port,
541+
// wp_safe_remote_get rejects the URL before any network call.
542+
$_POST = array(
543+
'url1' => $this->feed_url,
544+
'port' => '4000',
545+
'path' => '/feedupdated',
546+
'domain' => 'web04.geekity.com',
547+
);
548+
549+
$result = $this->call_process_notification_request();
550+
551+
// The request may fail for network reasons (e.g. connection refused),
552+
// but it must NOT fail because of URL validation.
553+
$this->assertStringNotContainsString(
554+
'A valid URL was not provided',
555+
$result->msg,
556+
'Non-standard port should not be rejected by URL validation.'
557+
);
558+
}
559+
560+
public function test_ip_based_nonstandard_port_not_rejected_by_url_validation() {
561+
// No pre_http_request mock — exercise real URL validation.
562+
$_POST = array(
563+
'url1' => $this->feed_url,
564+
'protocol' => 'http-post',
565+
'port' => '4000',
566+
'path' => '/feedupdated',
567+
);
568+
569+
$result = $this->call_process_notification_request();
570+
571+
$this->assertStringNotContainsString(
572+
'A valid URL was not provided',
573+
$result->msg,
574+
'Non-standard port should not be rejected by URL validation.'
575+
);
576+
}
537577
}

tests/test-send-post-notifications.php

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -274,4 +274,32 @@ function () use ( &$fired ) {
274274

275275
$this->assertTrue( $fired );
276276
}
277+
278+
public function test_nonstandard_port_not_rejected_by_url_validation() {
279+
// Call the same function the plugin uses to send notifications,
280+
// without mocking HTTP, to verify URL validation accepts non-standard ports.
281+
$url = 'http://web04.geekity.com:4000/feedupdated';
282+
$result = wp_remote_post(
283+
$url,
284+
array(
285+
'method' => 'POST',
286+
'timeout' => 5,
287+
'user-agent' => RSSCLOUD_USER_AGENT,
288+
'port' => 4000,
289+
'body' => array( 'url' => $this->feed_url ),
290+
)
291+
);
292+
293+
// The request may fail for network reasons, but must NOT fail
294+
// due to URL validation rejecting the non-standard port.
295+
if ( is_wp_error( $result ) ) {
296+
$this->assertStringNotContainsString(
297+
'A valid URL was not provided',
298+
$result->get_error_message(),
299+
'Non-standard port should not be rejected by URL validation.'
300+
);
301+
} else {
302+
$this->assertIsArray( $result );
303+
}
304+
}
277305
}

0 commit comments

Comments
 (0)