WordPress.org

Make WordPress Core

Opened 3 years ago

Closed 9 months ago

#16890 closed defect (bug) (fixed)

Mutliple Location response headers can trigger notices

Reported by: hakre Owned by: dd32
Milestone: 3.7 Priority: normal
Severity: normal Version:
Component: HTTP API Keywords: has-patch
Focuses: Cc:

Description

The current implementation for manual cUrl redirects (safemode / openbasedir restrictions, see #11305) will do notices and fail if a response contains more than one location response header.

Technically this is possible.

In the RFC I have not found any definition so far wether or not this is violating any standard or not not. Next to that I could gather no information how a HTTP client should interprete such a response.

For my fix I will prefer the first location header over any additional one.

Attachments (2)

16890.patch (527 bytes) - added by hakre 3 years ago.
Quick Fix near parsing
16890.2.patch (736 bytes) - added by hakre 3 years ago.
Fix at the place itself.

Download all attachments as: .zip

Change History (8)

hakre3 years ago

Quick Fix near parsing

hakre3 years ago

Fix at the place itself.

comment:1 hakre3 years ago

Related: #16889

comment:2 hakre3 years ago

Related: #16855

comment:3 dd323 years ago

  • Component changed from General to HTTP

comment:4 dd329 months ago

  • Milestone changed from Awaiting Review to 3.7

comment:6 dd329 months ago

  • Owner set to dd32
  • Resolution set to fixed
  • Status changed from new to closed

In 24846:

WP_HTTP: When multiple location headers are specified, use the last specified location url as the redirect location. Fixes #16890

Note: See TracTickets for help on using tickets.