WordPress.org

Make WordPress Core

Opened 5 years ago

Closed 4 years ago

#9786 closed defect (bug) (wontfix)

WordPress should not sniff servers by name

Reported by: filosofo Owned by: filosofo
Milestone: Priority: normal
Severity: normal Version:
Component: Permalinks Keywords: needs-patch server-sniffing
Focuses: Cc:

Description

In wp-includes/vars.php WordPress sets the global variable $is_apache according to the $_SERVER['SERVER_SOFTWARE'] string.

Just as with JavaScript browser sniffing by User Agent, this approach is doomed to failure. I know I'm not the only one who renames servers for whimsy or security-by-obscurity.

I think a general solution would be to test for the desired behavior that we want. For example, $is_apache is used in two places: the permalink options page and the apache_mod_loaded() function. For the latter, we should be able just to strip out the $is_apache check. For the permalinks options page, couldn't we use apache_mod_loaded() itself?

Change History (6)

comment:1 Denis-de-Bernardy5 years ago

  • Component changed from General to Permalinks
  • Type changed from defect (bug) to enhancement

comment:2 filosofo5 years ago

  • Type changed from enhancement to defect (bug)

I'm calling this a bug, not an enhancement, because WordPress is telling me to prepend permalinks with index.php when I don't need to.

comment:3 Denis-de-Bernardy5 years ago

  • Keywords needs-patch added

can you try a few patches on this one? there are a related ticket or two without patches either.

comment:4 Denis-de-Bernardy5 years ago

  • Milestone changed from Future Release to 2.9

comment:5 janeforshort5 years ago

  • Milestone changed from 2.9 to Future Release

Punting b/c no patch in 6 months.

comment:6 filosofo4 years ago

  • Milestone Future Release deleted
  • Resolution set to wontfix
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.