Context Navigation

← Previous Change
Next Change →

default-filters.php

Timestamp:

07/31/2013 06:44:57 AM (12 years ago)

Author:

nacin

Message:

Additional checks when evaluating the safety of an HTTP request, to avoid false negatives.

Check if the host is considered a safe redirect host.
Check if the host is another domain in a multisite installation.
Add a filter to control this.

This only occurs when the DNS resolution of a domain points elsewhere in an internal network, but only internally (and has its own public IP outside the network). This could be considered a bad configuration.

fixes #24646.

File:

: 1 edited

trunk/wp-includes/default-filters.php (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/wp-includes/default-filters.php

r24848	r24915
196	196	add_filter( 'pingback_ping_source_uri', 'pingback_ping_source_uri' );
197	197	add_filter( 'xmlrpc_pingback_error', 'xmlrpc_pingback_error' );
	198
	199	add_filter( 'http_request_host_is_external', 'allowed_http_request_hosts', 10, 2 );
198	200
199	201	// Actions

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Make WordPress Core

Context Navigation

Changeset 24915 for trunk/wp-includes/default-filters.php

Legend:

trunk/wp-includes/default-filters.php

Download in other formats: