While we check the URL in several other occasions, we didn't check it before trying to discover feeds there. While this is only accessible to authenticated users with higher permissions than Friends::REQUIRED_ROLE which is edit_private_posts, we still should ensure that the URL is valid according to wp_http_validate_url().
While we check the URL in several other occasions, we didn't check it before trying to discover feeds there. While this is only accessible to authenticated users with higher permissions than
Friends::REQUIRED_ROLE
which isedit_private_posts
, we still should ensure that the URL is valid according towp_http_validate_url()
.