Make WordPress Core

Changeset 17260


Ignore:
Timestamp:
01/11/2011 09:37:12 PM (14 years ago)
Author:
nacin
Message:

Disallow a self-reference on RSS widget save, which would DoS a site. Checking home/siteurl should cover the vast majority of cases. see #8910.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/default-widgets.php

    r16922 r17260  
    713713            return;
    714714
     715        // self-url destruction sequence
     716        if ( $url == site_url() || $url == home_url() )
     717            return;
     718
    715719        $rss = fetch_feed($url);
    716720        $title = $instance['title'];
Note: See TracChangeset for help on using the changeset viewer.