Opened 11 years ago
Last modified 7 years ago
#26247 new defect (bug)
Importer fails when importing from a server on a private network
Reported by: | dramaley | Owned by: | |
---|---|---|---|
Milestone: | WordPress.org | Priority: | normal |
Severity: | normal | Version: | |
Component: | Import | Keywords: | needs-patch |
Focuses: | Cc: |
Description
WordPress import (using the wordpress-importer plugin) does not work correctly if both machines are on the same private network. Text content imports, but all media imports fail. I have traced the problem down to a test that is done in wp-includes/http.php. Though i am not deeply familiar with the WordPress code base, the test seems unnecessary to me, and if it is commented out then the import function will behave as expected.
I have included a patch against WordPress 3.6.1 that demonstrates where the problematic test is and resolves the issue.
Attachments (1)
Change History (6)
#2
@
11 years ago
This is something we may be able to disable in imports, but only if the user is trusted on the site.
The checks are designed to prevent a malicious user accessing a resource which the web server has access to, but the visitor doesn't, by preventing WordPress from retrieving documents from a internal-only resource.
One example, would be a internal blog (firewalled off from the internet) with a public-facing site, if someone had access to the public blog, they could upload a export which referenced an internal-only file, downloading it to the web server and ultimately allowing the attacker to download it.
Quick hack to fix importer issue. Mostly to demonstrate where i believe the problem to be.