Make WordPress Core

Opened 13 years ago

Closed 11 years ago

Last modified 18 months ago

#16890 closed defect (bug) (fixed)

Mutliple Location response headers can trigger notices

Reported by: hakre's profile hakre Owned by: dd32's profile dd32
Milestone: 3.7 Priority: normal
Severity: normal Version:
Component: HTTP API Keywords: has-patch has-unit-tests
Focuses: Cc:


The current implementation for manual cUrl redirects (safemode / openbasedir restrictions, see #11305) will do notices and fail if a response contains more than one location response header.

Technically this is possible.

In the RFC I have not found any definition so far wether or not this is violating any standard or not not. Next to that I could gather no information how a HTTP client should interprete such a response.

For my fix I will prefer the first location header over any additional one.

Attachments (2)

16890.patch (527 bytes) - added by hakre 13 years ago.
Quick Fix near parsing
16890.2.patch (736 bytes) - added by hakre 13 years ago.
Fix at the place itself.

Download all attachments as: .zip

Change History (10)

13 years ago

Quick Fix near parsing

13 years ago

Fix at the place itself.

#1 @hakre
13 years ago

Related: #16889

#2 @hakre
13 years ago

Related: #16855

#3 @dd32
13 years ago

  • Component changed from General to HTTP

#4 @dd32
11 years ago

  • Milestone changed from Awaiting Review to 3.7

#6 @dd32
11 years ago

  • Owner set to dd32
  • Resolution set to fixed
  • Status changed from new to closed

In 24846:

WP_HTTP: When multiple location headers are specified, use the last specified location url as the redirect location. Fixes #16890

This ticket was mentioned in PR #3738 on WordPress/wordpress-develop by @peterwilsoncc.

18 months ago

  • Keywords has-unit-tests added
Note: See TracTickets for help on using tickets.