[wp-trac] Re: [WordPress Trac] #3886: wrong server protocol for
HTTP/1.0 requests resulting in uninterpreted chunked encoding
WordPress Trac
wp-trac at lists.automattic.com
Wed May 9 17:27:27 GMT 2007
#3886: wrong server protocol for HTTP/1.0 requests resulting in uninterpreted
chunked encoding
-----------------------+----------------------------------------------------
Reporter: abtime | Owner: anonymous
Type: defect | Status: new
Priority: high | Milestone: 2.2
Component: General | Version: 2.1.1
Severity: major | Resolution:
Keywords: has-patch |
-----------------------+----------------------------------------------------
Comment (by ryan):
Is SERVER_PROTOCOL trusthworty. If not we open ourselves to header
injection. Maybe match against the following just to be safe.
{{{
^HTTP/(0\.9|1\.0|1\.1)$
}}}
--
Ticket URL: <http://trac.wordpress.org/ticket/3886#comment:9>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list