v1.8.0
版本发布时间: 2021-04-28 01:10:45
WordPress/Requests最新发布版本:v2.0.12(2024-07-08 16:51:54)
IMPORTANT NOTES
Last release supporting PHP 5.2 - 5.5
Release 1.8.0 will be the last release with compatibility for PHP 5.2 - 5.5. With the next release (v2.0.0), the minimum PHP version will be bumped to 5.6.
Last release supporting PEAR distribution
Release 1.8.0 will be the last release to be distributed via PEAR. From release 2.0.0 onwards, consumers of this library will have to switch to Composer to receive updates.
Overview of changes
-
[SECURITY FIX] Disable deserialization in
FilteredIterator
A
Deserialization of Untrusted Data
weakness was found in theFilteredIterator
class.This security vulnerability was first reported to the WordPress project. The security fix applied to WordPress has been ported back into the library.
GitHub security advisory: Insecure Deserialization of untrusted data
CVE: CVE-2021-29476 - Deserialization of Untrusted Data
Related WordPress CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-28032
(props @dd32, @desrosj, @jrfnl, @peterwilsoncc, @SergeyBiryukov, @whyisjake, @xknown, #421, #422)
-
Repository moved to
WordPress\Requests
The
Requests
library has been moved to the WordPress GitHub organization and can now be found underhttps://github.com/WordPress/Requests
.All links in code and documentation were updated accordingly.
Note: the Composer package name remains unchanged (
rmccue/requests
), as well as the documentation site (requests.ryanmccue.info).(props @dd32, @JustinyAhin, @jrfnl, @rmccue, #440, #441, #448)
-
Manage
"Expect"
header withcURL
transportBy default,
cURL
adds aExpect: 100-Continue
header to certain requests. This can add as much as a second delay to requests done usingcURL
. This is discussed on the cURL mailing list.To prevent this,
Requests
now adds an empty"Expect"
header to requests that are smaller than 1 MB and use HTTP/1.1.(props @carlalexander, @schlessera, @TimothyBJacobs, #453, #454, #469)
-
Update bundled certificates as of 2021-02-12
The bundled certificates were updated. A small subset of expired certificates are still included for legacy reasons (and support).
(props @ozh, @patmead, @schlessera, @todeveni, #385, #398, #451)
-
Add required
Content-*
headers for emptyPOST
requestsSends the
Content-Length
andContent-Type
headers even for emptyPOST
requests, as the length is expected as per RFC2616 Section 14.13:Content-Length header "SHOULD" be included. In practice, it is not used for GET nor HEAD requests, but is expected for POST requests.
(props @dd32, @gstrauss, @jrfnl, @soulseekah, #248, #249, #318, #368)
-
Ignore locale when creating the HTTP version string from a float
The previous behavior allowed for the locale to mess up the float to string conversion resulting in a
GET / HTTP/1,1
instead ofGET / HTTP/1.1
request.(props @tonebender, @Zegnat, #335, #339)
-
Make
verify => false
work withfsockopen
This allows the
fsockopen
transport now to ignore SSL failures when requested.(props @soulseekah, #310, #311)
-
Only include port number in the
Host
header if it differs from the defaultThe code was not violating the RFC per se, but also not following standard practice of leaving the port off when it is the default port for the scheme, which could lead to connectivity issues.
-
Fix PHP cross-version compatibility
Important fixes have been made to improve cross-version compatibility of the code across all supported PHP versions.
- Use documented order for
implode()
arguments. - Harden type handling when no domain was passed.
- Explicitly cast
$url
property tostring
inRequests::parse_response()
. - Initialize
$body
property to an empty string inRequests::parse_response()
. - Ensure the stream handle is valid before trying to close it.
- Ensure the
$callback
in theFilteredIterator
is callable before calling it.
(props @aaronjorbin, @jrfnl, #346, #370, #425, #426, #456, #457)
- Use documented order for
-
Improve testing
Lots of improvements were made to render the tests more reliable and increase the coverage.
And to top it all off, all tests are now run against all supported PHP versions, including PHP 8.0.
(props @datagutten, @jrfnl, @schlessera, #345, #351, #355, #366, #412, #414, #445, #458, #464)
-
Improve code quality and style
A whole swoop of changes has been made to harden the code and make it more consistent.
The code style has been made consistent across both code and tests and is now enforced via a custom PHPCS rule set.
The WordPress Coding Standards were chosen as the basis for the code style checks as most contributors to this library originate from the WordPress community and will be familiar with this code style.
Main differences from the WordPress Coding Standards based on discussions and an analysis of the code styles already in use:
- No whitespace on the inside of parentheses.
- No Yoda conditions.
A more detailed overview of the decisions that went into the final code style rules can be found at #434.
(props @jrfnl, @KasperFranz, @ozh, @schlessera, @TysonAndre, #263, #296, #328, #358, #359, #360, #361, #362, #363, #364, #386, #396, #399, #400, #401, #402, #403, #404, #405, #406, #408, #409, #410, #411, #413, #415, #416, #417, #423, #424, #434)
-
Replace Travis CI with GitHub Actions (partial)
The entire CI setup is gradually being moved from Travis CI to GitHub Actions.
At this point, GitHub Actions takes over the CI from PHP 5.5 onwards, leaving Travis CI as a fallback for lower PHP versions.
This move will be completed after the planned minimum version bump to PHP 5.6+ with the next release, at which point we will get rid of all the remaining Travis CI integrations.
(props @dd32, @desrosj, @jrfnl, @ntwb, @ozh, @schlessera, @TimothyBJacobs, @TysonAndre, #280, #298, #302, #303, #352, #353, #354, #356, #388, #397, #428, #436, #439, #461, #467)
-
Update and improve documentation
- Use clearer and more inclusive language.
- Update the GitHub Pages site.
- Update content and various tweaks to the markdown.
- Fix code blocks in
README.md
file. - Add pagination to documentation pages.
(props @desrosj, @jrfnl, @JustinyAhin, @tnorthcutt, #334, #367, #387, #443, #462, #465, #468, #471 )