4

I'm having a really hard time trying to use the http_request_host_is_external filter. For some background, I'm trying to set up a separate server to handle private plugin and theme updates. The problem is that it's on a separate server, so the Wordpress wp_http_validate_url (wp-includes/http.php) function kills the request. The following are lines 481-503 of that file.

if ( $ip ) { $parts = array_map( 'intval', explode( '.', $ip ) ); if ( '127.0.0.1' === $ip || ( 10 === $parts[0] ) || ( 172 === $parts[0] && 16 <= $parts[1] && 31 >= $parts[1] ) || ( 192 === $parts[0] && 168 === $parts[1] ) ) { // If host appears local, reject unless specifically allowed. /** * Check if HTTP request is external or not. * * Allows to change and allow external requests for the HTTP request. * * @since 3.6.0 * * @param bool false Whether HTTP request is external or not. * @param string $host IP of the requested host. * @param string $url URL of the requested host. */ if ( ! apply_filters( 'http_request_host_is_external', false, $host, $url ) ) return false; } }

You'll notice that there is a comment in there that mentions we should be able to apply the filter and make external requests, but what I'm trying doesn't seem to work.

 require 'plugin_update_checker.php'; apply_filters( 'http_request_host_is_external', true, "my-update-server.com", 'http://my-update-server.com/update/8b6b28f1a2604deea192076cb2343ff4/' ); $MyUpdateChecker = new PluginUpdateChecker_1_3( 'http://my-update-server/update/8b6b28f1a2604deea192076cb2343ff4/', __FILE__, 'testslug' );

I thought that if I set the filter in my plugin's main file it would take care of it, but I think the issue is that the external request is happening right in Wordpress's updater, so maybe my filter doesn't apply?

Improve this question

2 Answers 2

Reset to default
13

You can do this:

add_filter( 'http_request_host_is_external', '__return_true' );

However, note that this disables this security feature. If you know the host or url isn't going to change and is always going to be that, you can be more secure by checking for that explicitly:

add_filter( 'http_request_host_is_external', 'allow_my_custom_host', 10, 3 ); function allow_my_custom_host( $allow, $host, $url ) { if ( $host == 'my-update-server' ) $allow = true; return $allow; }
Improve this answer
4
  • What are the 3rd and 4th arguments for (,,10,3)? Commented Nov 15, 2013 at 13:57
  • 1
    The 10 is the priority of the filter (10 is the default setting), and the 3 is the number of arguments to pass to the filter function (the default is 1). This is why I had to add the 10, 3 here, because I want the function to get the $host and $url values passed to it. Commented Nov 15, 2013 at 17:54
  • is this working in 2021? Commented Jan 1, 2022 at 2:16
  • 1
    Yes, and in 2022. In WordPress, things don't just stop working for no reason. Commented Jan 4, 2022 at 9:03
0

I'm apparently a little rusty. This took care of it for me:

add_filter( 'http_request_host_is_external', function() { return true; });
Improve this answer

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.