Make WordPress Core

Opened 10 years ago

Closed 10 years ago

#7696 closed defect (bug) (duplicate)

Pingback URI discovery broken for some URIs

Reported by: Inquisitus Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: General Keywords: pingback discovery uri url redirect headers header has-patch
Focuses: Cc:


Under some circumstances the discover_pingback_server_uri function will fail due to a 301 redirection being issued by the server.

This can happen when the request URI points to a directory on the recipient server but has no trailing slash. For example, if some blog system is installed at http://foo.com/bar/ (and this URI is pingback-enabled), then requesting http://foo.com/bar (no trailing slash) will result in Apache on the recipient server issuing a 301 redirect to http://foo.com/bar/ (with trailing slash). In this case, the discover_pingback_server_uri function will fail as it will not follow the redirection.

This is perfectly normal behaviour for Apache and so it should really be accounted for, even if it's unlikely to manifest itself as a problem. See here for a more complete description of what happens: http://dmiessler.com/study/hyperlink_trailing_slash/

My proposed fix involves checking the HTTP status code before looking for the X-Pingback header. If it's a 301, we extract the Location header and recursively call discover_pingback_server_uri again with that URI. Stack overflows are prevented by means of a redirection limit parameter for the function; default is 3.

Attachments (1)

pingback_301_fix.patch (1.5 KB) - added by Inquisitus 10 years ago.

Download all attachments as: .zip

Change History (5)

#1 @Inquisitus
10 years ago

Note that this can't be fixed by adding a trailing slash to all URIs before pingback discovery, since it'll screw up some URI schemes (i.e. anything using standard query strings).

#2 @fel64
10 years ago

While a pingback implementation should always supply a valid, usable url for its pingback, it's worth putting this in just as an extra fail-safe.


#3 @Otto42
10 years ago

-1 to this patch. Instead of patching this chunk of code, we should migrate the pingback (and trackback) functionality to use the new built in HTTP API. Get rid of the direct fsocket crap entirely.

Note that the new HTTP API already has the ability to follow redirections when it is appropriate to do so.

See ticket #7676.

#4 @jacobsantos
10 years ago

  • Resolution set to duplicate
  • Status changed from new to closed
  • Version 2.7 deleted

Duplicate of #7676. I'll need to get a work on that patch and work on writing the codex pages on how to use the API.

Note: See TracTickets for help on using tickets.