WordPress.org

Make WordPress Core

Changes between Initial Version and Version 1 of Ticket #25239, comment 92


Ignore:
Timestamp:
07/30/2017 10:52:13 PM (3 years ago)
Author:
kitchin
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #25239, comment 92

    initial v1  
    1 Contrary to comments above, general opinion is that HTTP_HOST can be unsafe client data, while SERVER_NAME is a server configuration and so pretty safe. For example, https://stackoverflow.com/questions/2297403/http-host-vs-server-name
     1Contrary to comments above, general opinion is that while HTTP_HOST can be unsafe client data, SERVER_NAME is a server configuration and so pretty safe. For example, https://stackoverflow.com/questions/2297403/http-host-vs-server-name
    22
    33That may not be 100% guaranteed on all servers, so distrusting SERVER_NAME may be wise, but comment:91 is not generally right about "client supplied data."