Make WordPress Core

Opened 7 weeks ago

Last modified 7 weeks ago

#61907 new enhancement

Make oembed_invalid_url return 400 instead of 404

Reported by: leedxw's profile leedxw Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: REST API Keywords: has-patch
Focuses: Cc:

Description

In wp-includes/class-wp-oembed-controller.php the error response for an invalid url is a 404.

                        return new WP_Error( 'oembed_invalid_url', get_status_header_desc( 404 ), array( 'status' => 404 ) );

Please consider changing this to a 400.

The oembed endpoint seems to be an absolute magnet for unauthorised vulnerability checking, and from the webserver logs we can't see the difference between oembed_invalid_url and a legitimate request that also returns a 404.

Change History (1)

This ticket was mentioned in PR #7227 on WordPress/wordpress-develop by @narenin.


7 weeks ago
#1

  • Keywords has-patch added
Note: See TracTickets for help on using tickets.