Should remove those fallbacks that using file_get_contents
Closed this issue · 0 comments
ka215 commented
This is not actually going to work:
$raw_html = wp_remote_retrieve_body( wp_remote_request( $get_uri ) );
if ( ! $raw_html ) {
if ( preg_match( '@^https://@', $get_uri ) == 1 ) {
$options = stream_context_create([
'ssl' => [
'verify_peer' => false,
'verify_peer_name' => false,
]
]);
$raw_html = file_get_contents( $get_uri, false, $options );
} else {
$raw_html = file_get_contents( $get_uri, false );
}
Many hosts block the use of file_get_contents on remote content. This is a security measure that we fully endorse.
The HTTP API you already included is far more reliable. You should remove those fallbacks.