#24201 closed defect (bug) (fixed)
Error in RegEx for proxy excluded URL in function send_through_proxy
Reported by: | erich1978 | Owned by: | dd32 |
---|---|---|---|
Milestone: | 3.7 | Priority: | normal |
Severity: | normal | Version: | 3.1 |
Component: | HTTP API | Keywords: | |
Focuses: | Cc: |
Description (last modified by )
Dear WordPress Team,
I've detected a bug in the function send_through_proxy in the class WP_HTTP_Proxy. The coded regex for wildcarded domains only works for subdomains containing characters (a-zA-Z0-9) and . (dot) but not for subdomains containing characters (a-zA-Z0-9) and - (dash).
File: wp-includes/class-http.php around line 1411
Example:
define(WP_PROXY_BYPASS_HOSTS, '*.example.com');
foo.bar.example.com will not use proxy.
foo-bar.example.com will use proxy.
POSSIBLE SOLUTION:
Change the line 1411 from
$wildcard_regex[] = str_replace('\*', '[\w.]+?', preg_quote($host, '/'));
to
$wildcard_regex[] = str_replace('\*', '[\w.-]+?', preg_quote($host, '/'));
Yours,
Erich Lerch
Change History (5)
#2
@
11 years ago
- Owner set to dd32
- Resolution set to fixed
- Status changed from new to closed
In 25149:
#4
@
11 years ago
The change to .+
seems like it would also allow for some.subdomain.example.com to be whitelisted for *.example.com. If intended, that's all good, just checking.
#5
@
11 years ago
The change to .+ seems like it would also allow for some.subdomain.example.com to be whitelisted for *.example.com. If intended, that's all good, just checking.
Yes, that was already possible, since it was [\w.]+
, The only change in behaviour is that now non-words (\W
) are allowed in subdomains. I can't think of any failures here, but we might need to change it to a larger ASCII whitelist if there are any bad characters which can trick our string functions, etc.
Related: [15911]