WordPress.org

Make WordPress Core

Changeset 17260


Ignore:
Timestamp:
01/11/11 21:37:12 (7 years ago)
Author:
nacin
Message:

Disallow a self-reference on RSS widget save, which would DoS a site. Checking home/siteurl should cover the vast majority of cases. see #8910.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/default-widgets.php

    r16922 r17260  
    713713            return; 
    714714 
     715        // self-url destruction sequence 
     716        if ( $url == site_url() || $url == home_url() ) 
     717            return; 
     718 
    715719        $rss = fetch_feed($url); 
    716720        $title = $instance['title']; 
Note: See TracChangeset for help on using the changeset viewer.