Previous/Next page links maintain all GET variables
|Reported by:||kirrus||Owned by:|
|Severity:||normal||Keywords:||needs-patch 2nd-opinion close|
The newer/older entries pagination system takes any query string in a inbound request, and includes it in the links generated for the newer/older entries.
This causes problems when you put wordpress behind a cache, because all it takes is some bot trying a joomla hack to mean all visitors suddenly have a version of that page, including the bad query string, very visible.
Note, in the 'Newer/Older' links at the bottom of the page, that "test=true" will be retained.
These should only really keep query-strings that wordpress knows it'll need, if you're including them? Else, you can basically poison someone's cache with this.
An example of the really bad query string poisoning a cache:
Change History (11)
- Summary changed from Pagination puts random query strings in generated HTML to Previous/Next page links maintain all GET variables
- Cc crazycoders added
- Keywords 2nd-opinion added
- Severity changed from critical to normal
- Type changed from defect (bug) to enhancement