Context Navigation

← Previous Change
Next Change →

ms-default-filters.php

Timestamp:

07/31/2013 06:44:57 AM (12 years ago)

Author:

nacin

Message:

Additional checks when evaluating the safety of an HTTP request, to avoid false negatives.

Check if the host is considered a safe redirect host.
Check if the host is another domain in a multisite installation.
Add a filter to control this.

This only occurs when the DNS resolution of a domain points elsewhere in an internal network, but only internally (and has its own public IP outside the network). This could be considered a bad configuration.

fixes #24646.

File:

: 1 edited

trunk/wp-includes/ms-default-filters.php (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/wp-includes/ms-default-filters.php

r21823	r24915
65	65	// If the network upgrade hasn't run yet, assume ms-files.php rewriting is used.
66	66	add_filter( 'default_site_option_ms_files_rewriting', '__return_true' );
	67
	68	// Whitelist multisite domains for HTTP requests
	69	add_filter( 'http_request_host_is_external', 'ms_allowed_http_request_hosts', 20, 2 );

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Make WordPress Core

Context Navigation

Changeset 24915 for trunk/wp-includes/ms-default-filters.php

Legend:

trunk/wp-includes/ms-default-filters.php

Download in other formats: