Make WordPress Core


Ignore:
Timestamp:
07/31/2013 06:44:57 AM (11 years ago)
Author:
nacin
Message:

Additional checks when evaluating the safety of an HTTP request, to avoid false negatives.

  • Check if the host is considered a safe redirect host.
  • Check if the host is another domain in a multisite installation.
  • Add a filter to control this.

This only occurs when the DNS resolution of a domain points elsewhere in an internal network, but only internally (and has its own public IP outside the network). This could be considered a bad configuration.

fixes #24646.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/default-filters.php

    r24848 r24915  
    196196add_filter( 'pingback_ping_source_uri', 'pingback_ping_source_uri'            );
    197197add_filter( 'xmlrpc_pingback_error',    'xmlrpc_pingback_error'               );
     198
     199add_filter( 'http_request_host_is_external', 'allowed_http_request_hosts', 10, 2 );
    198200
    199201// Actions
Note: See TracChangeset for help on using the changeset viewer.