WordPress.org

Make WordPress Core

Opened 20 months ago

Last modified 20 months ago

#26247 new defect (bug)

Importer fails when importing from a server on a private network

Reported by: dramaley Owned by:
Milestone: WordPress.org Priority: normal
Severity: normal Version: 3.6.1
Component: Import Keywords:
Focuses: Cc:

Description

WordPress import (using the wordpress-importer plugin) does not work correctly if both machines are on the same private network. Text content imports, but all media imports fail. I have traced the problem down to a test that is done in wp-includes/http.php. Though i am not deeply familiar with the WordPress code base, the test seems unnecessary to me, and if it is commented out then the import function will behave as expected.

I have included a patch against WordPress 3.6.1 that demonstrates where the problematic test is and resolves the issue.

Attachments (1)

import-bug.diff (498 bytes) - added by dramaley 20 months ago.
Quick hack to fix importer issue. Mostly to demonstrate where i believe the problem to be.

Download all attachments as: .zip

Change History (3)

@dramaley20 months ago

Quick hack to fix importer issue. Mostly to demonstrate where i believe the problem to be.

comment:1 @SergeyBiryukov20 months ago

  • Milestone changed from Awaiting Review to WordPress.org

comment:2 @dd3220 months ago

This is something we may be able to disable in imports, but only if the user is trusted on the site.

The checks are designed to prevent a malicious user accessing a resource which the web server has access to, but the visitor doesn't, by preventing WordPress from retrieving documents from a internal-only resource.
One example, would be a internal blog (firewalled off from the internet) with a public-facing site, if someone had access to the public blog, they could upload a export which referenced an internal-only file, downloading it to the web server and ultimately allowing the attacker to download it.

Note: See TracTickets for help on using tickets.