WordPress.org

Make WordPress Core

Opened 8 years ago

Closed 7 years ago

#3067 closed defect (bug) (wontfix)

WP sends incomplete GET request prior to executing pings.

Reported by: theshaft Owned by:
Milestone: Priority: normal
Severity: normal Version: 2.0.4
Component: XML-RPC Keywords: pingback, user-agent
Focuses: Cc:

Description

If WP is set to send pingbacks and a new post contains URLs to some other blog posts, wordpress, prior to sending the pingbacks (execute-pings.php), sends GET requests to the other blogs so to determine if these URLs are valid. In these GET requests, the User-Agent header is set to nothing, instead of being set to "WordPress X.X.X" or whatever.

This becomes a problem when the web server on either end rejects requests that do not include a valid User-Agent header. For example, rejecting such requests either with mod_rewrite or mod_security, then pingbacks are never sent or received.

How to reproduce:

Both of these methods are very common in order to avoid badly written bots or whatever.

- 1 - with mod_rewrite:
set this rewrite rule and try to send a pingback:

RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule ^.*$ - [F]

- 2 - with mod_security:
set these rules and try to send pingback:

SecFilterScanPOST On
SecFilterSelective REQUEST_METHOD "!^GET$" chain
SecFilterSelective HTTP_Content-Type "!(^$|^application/x-www-form-urlencoded|^multipart/form-data|^text/xml)"
SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$"

Expected results:

The pingback should be sent from blogA and received by blogB

Actual Results:

The pingback never reaches the other end.

Change History (1)

comment:1 Nazgul7 years ago

  • Resolution set to wontfix
  • Status changed from new to closed

No traction in almost a year, so closing as wontfix.

Feel free to re-open it if you have additional information/suggestions/patches/...

Note: See TracTickets for help on using tickets.