WordPress.org

Make WordPress Core

Opened 9 months ago

Closed 9 months ago

Last modified 6 weeks ago

#24823 closed defect (bug) (duplicate)

Importing attachments fails from intranet blog due to URL validation

Reported by: bbs_felix Owned by:
Milestone: Priority: normal
Severity: normal Version: 3.5.2
Component: Import Keywords:
Focuses: Cc:

Description (last modified by SergeyBiryukov)

Scenario:

  • Two WordPress instances in our local intranet using IPs from the 10.0.0.0/8 range.
  • Blog 1 (B1) is a site on an old WP-MU (the version I cannot tell, sorry), Blog 2 (B2) is a site on a fresh WP 3.5.2 with Multisite enabled.
  • B1 is supposed to be migrated to B2
  • The WordPress WXR format is used to export B1
  • The WordPress Import Plugin is used to import the WXR to B2
  • During import the option to fetch attachments is checked
  • The import of attachment fails with the error message "Remote server did not respond"

The bug here comes with [24481] (which means 3.5.1 is unaffected). The function wp_http_validate_url (in wp-includes/http.php) is a bit over-eager to block internal RFC1918 IPs (or those with DNS names resolving to RFC1918 IPs).
Effectively this blocks communication between blogs hosted in an intranet.

Change History (4)

comment:1 ocean909 months ago

Related/Duplicate: #24646

comment:2 SergeyBiryukov9 months ago

  • Component changed from General to Import
  • Description modified (diff)
  • Milestone changed from Awaiting Review to 3.5.3

Moving for review along with #24646.

comment:3 nacin9 months ago

  • Milestone 3.5.3 deleted
  • Resolution set to duplicate
  • Status changed from new to closed

We're likely going to reverse [24481] for 3.6, in #24646. Though, this isn't entirely over-eager — there are very real security concerns here.

Going to close this as a duplicate of #24646.

comment:4 SergeyBiryukov6 weeks ago

  • Keywords needs-patch removed

Follow-up: #27364

Note: See TracTickets for help on using tickets.