Opened 4 years ago
Closed 3 years ago
#9786 closed defect (bug) (wontfix)
WordPress should not sniff servers by name
| Reported by: |
|
Owned by: |
|
|---|---|---|---|
| Priority: | normal | Milestone: | |
| Component: | Permalinks | Version: | |
| Severity: | normal | Keywords: | needs-patch server-sniffing |
| Cc: |
Description
In wp-includes/vars.php WordPress sets the global variable $is_apache according to the $_SERVER['SERVER_SOFTWARE'] string.
Just as with JavaScript browser sniffing by User Agent, this approach is doomed to failure. I know I'm not the only one who renames servers for whimsy or security-by-obscurity.
I think a general solution would be to test for the desired behavior that we want. For example, $is_apache is used in two places: the permalink options page and the apache_mod_loaded() function. For the latter, we should be able just to strip out the $is_apache check. For the permalinks options page, couldn't we use apache_mod_loaded() itself?
Change History (6)
- Component changed from General to Permalinks
- Type changed from defect (bug) to enhancement
- Keywords needs-patch added
can you try a few patches on this one? there are a related ticket or two without patches either.
- Milestone changed from Future Release to 2.9
comment:5
janeforshort — 3 years ago
- Milestone changed from 2.9 to Future Release
Punting b/c no patch in 6 months.
I'm calling this a bug, not an enhancement, because WordPress is telling me to prepend permalinks with index.php when I don't need to.