[wp-trac] [WordPress Trac] #25840: Feature Request: WP_ACCESSIBLE_HOSTS as option
WordPress Trac
noreply at wordpress.org
Wed Nov 6 21:07:34 UTC 2013
#25840: Feature Request: WP_ACCESSIBLE_HOSTS as option
-------------------------+--------------------
Reporter: xFireFartx | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: 3.8
Component: HTTP | Version: 3.7.1
Severity: normal | Resolution:
Keywords: |
-------------------------+--------------------
Comment (by Christian Buchhas):
Replying to [comment:7 leewillis77]:
> With the use of a filter, every plugin can register it's own
domains.
>
> Correct - but plugins may also remove domains.
>
> A plugin sends usage statistics to xxx.yyy.com. Now an admin can
manage the whitelist and deny the access to this site. With the use of a
filter the plugin can register xxx.yyy.com for the whitelist and the admin
can not deny it.
>
> The admin can deny it by setting the priority of their own filter higher
than that of the plugins.
Hi,
that is an interesting argument, but there is a possibility where you can
break the security!
When the plugin uses the maximum prio, then there is no more room for the
admin to add a higher prio, and the queue of filters will be processed
with the order of their names ... ?
The easiest and most secure solution is to set the constants in a plugin,
which name begin with zero, because the plugins will be executed with the
order of their names!
The constant hasn't be set in wp-config.php, so there is no problem.
Best regards,
Christian
This filter destroys the security feature of the constants
--
Ticket URL: <http://core.trac.wordpress.org/ticket/25840#comment:9>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list