ICS Calendar

ICS Calendar
  • Features
    • ICS Calendar Pro
    • Feature Comparison
    • Sample Calendars
    • Preview Your Calendar
    • More WordPress Plugins
  • Help
    • User Guide
      • Getting Started
      • General WordPress Settings
      • Shortcode Overview
      • All Parameters (Reference)
      • FAQs and Tips
      • CSS Guide
      • Developer
      • GDPR
    • Shortcode Builder
    • WordPress Support Forums
    • Pro Documentation
      • Calendar Builder
      • Block Editor
      • Manual Calendar Setup
      • Admin Utilities and Settings
      • Customizer
      • All Parameters
    • Pro Support Forums
      • Installation and Configuration
      • Licensing
      • Troubleshooting and Bugs
      • CSS and Design
      • Feature Requests
      • Translations
      • General Support
    • Pro Support Request Form
    • Translation Suggestions
  • Blog
  • Download
  • Buy Now
  • Cart
  • My Account
Search
More...

How to retrieve feed URLs over a local network (private/reserved IP addresses) in ICS Calendar 10.12.2 and later

November 13, 2023

Security researchers identified a moderate-level risk in an ICS Calendar function, which was patched in version 10.12.0.4. However, the patch introduced a new issue that prevented access to ICS feeds over an internal network — specifically, if the source calendar server’s URL resolved to an IP address in one of the private or reserved ranges.

An update in version 10.12.2 addresses this, via the WordPress core http_request_host_is_external filter.

Using this filter, site developers can write a function that defines a set of allowed hostnames, as such:

function my_http_request_host_is_external($external, $host, $url) {
	$allowed_hosts = array(
		'mail.example.com', // Add your allowed hosts to this array
	);
	if (in_array($host, $allowed_hosts)) { $external = true; }
	return $external;
}
add_filter('http_request_host_is_external', 'my_http_request_host_is_external', 10, 3);

This code can go in your theme’s functions.php file or in a custom plugin. (If you are using a pre-built theme, be sure not to edit the theme’s files directly, as the changes will get overwritten when the theme is updated. Use a child theme instead.)

This version of ICS Calendar also adds a few other changes to the ICS Feed URL Tester utility and the debugging tools, to enhance server data security even when this filter is used. I take security very seriously and want to be sure ICS Calendar is an effective and safe tool for its users.

—Scott

Category: New Features

Categories

  • Uncategorized
  • New Features
  • Bug Squashing
  • Just for Fun
  • Web Design & Development
  • Translation
  • Deep Dives

Recent Posts

  • How to retrieve feed URLs over a local network (private/reserved IP addresses) in ICS Calendar 10.12.2 and later November 13, 2023
  • ICS Calendar v.10.12.1 and ICS Calendar Pro v.4.9.0 now available November 6, 2023
  • One of the biggest challenges of developing a calendar plugin: date-specific bugs September 5, 2023
  • ICS Calendar v.10.11.5 and ICS Calendar Pro v.4.8.4 now available July 12, 2023
  • ICS Calendar v.10.11.1 and Pro v.4.8.2 now available April 29, 2023

Related Links

  • Room 34 Creative Services
    Developer of ICS Calendar
  • Underdog of Perfection
    Room 34’s general blog
  • More Plugins by Room 34
    Available in the WordPress Plugin Directory

Room 34 Creative Services, LLC

  • Facebook
  • Instagram
  • YouTube
  • Room 34 Creative Services, LLC
  • Minneapolis, Minnesota 55406 USA
  • info@icscalendar.com
  • More WordPress Plugins
  • Privacy Policy
  • Terms & Conditions

Copyright © 2023 Room 34 Creative Services, LLC. All rights reserved.

https://icscalendar.com/how-to-retrieve-feed-urls-over-a-local-network-private-reserved-ip-addresses-in-ics-calendar-10-12-2-and-later

This website uses cookies for necessary functions and to enhance your browsing experience. Accept to continue or find out more in our Privacy Policy.

Accept & Continue