[wp-trac] [WordPress Trac] #18618: WordPress still relies on HTTP_REFERER for redirects which can be invalid
WordPress Trac
wp-trac at lists.automattic.com
Thu Sep 8 16:06:53 UTC 2011
#18618: WordPress still relies on HTTP_REFERER for redirects which can be invalid
--------------------------+------------------------------
Reporter: _ck_ | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 3.2.1
Severity: normal | Resolution:
Keywords: |
--------------------------+------------------------------
Comment (by nacin):
Nowhere does WordPress rely first on HTTP_REFERER. This was addressed
years ago.
Akismet is not core. That can be reported on
http://plugins.trac.wordpress.org/. They should be using wp_get_referer().
wp_get_referer() falls back to HTTP_REFERER after checking for a
_wp_http_referer field.
There are some old MU functions that we don't use that also fall back to
HTTP_REFERER. Those can be addressed in another ticket.
N.B. _ck_, is the tone truly necessary?
--
Ticket URL: <http://core.trac.wordpress.org/ticket/18618#comment:1>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list