[wp-trac] [WordPress Trac] #29950: Open_basedir wp-admin/import.php
WordPress Trac
noreply at wordpress.org
Wed Oct 15 04:41:55 UTC 2014
#29950: Open_basedir wp-admin/import.php
-----------------------------+------------------
Reporter: Allan Moraes | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 4.1
Component: Upgrade/Install | Version: 4.0
Severity: major | Resolution:
Keywords: | Focuses:
-----------------------------+------------------
Changes (by dd32):
* keywords: reporter-feedback =>
* component: Import => Upgrade/Install
* milestone: Awaiting Review => 4.1
Comment:
Thanks!
I've confirmed and tracked this down, it's in the Plugin Install popup,
mostly around the Reviews tab.
The callpath to this is:
{{{
do_action('install_plugins_pre_plugin-information'), call_user_func_array,
install_plugin_information,
links_add_base_url, preg_replace_callback, _links_add_base,
path_join, path_is_absolute( '//profiles.wordpress.org/wordpressdotorg' )
}}}
`_links_add_base()` is incorrectly using `path_join()` (which is only for
file paths, not url paths).
`_links_add_base()` only uses `path_join()` when a URL doesn't have a
valid scheme, and since this is a schemeless URL, it falls back to
`path_join()`.
The most obvious fix is to Just replace `path_join()` with
`WP_HTTP::make_absolute_url()`, which is designed for this sort of thing.
patch attached
--
Ticket URL: <https://core.trac.wordpress.org/ticket/29950#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list