[wp-trac] [WordPress Trac] #39309: Secure WordPress Against Infrastructure Attacks
WordPress Trac
noreply at wordpress.org
Mon Mar 25 04:54:24 UTC 2019
#39309: Secure WordPress Against Infrastructure Attacks
------------------------------------------+-----------------------
Reporter: paragoninitiativeenterprises | Owner: pento
Type: task (blessed) | Status: assigned
Priority: normal | Milestone: 5.2
Component: Upgrade/Install | Version: 4.8
Severity: critical | Resolution:
Keywords: has-patch | Focuses:
------------------------------------------+-----------------------
Comment (by dd32):
The implementation has the ability to accept multiple signatures from the
remote server, which is built around having multiple header values
returned.
The HTTP protocol however allows servers and proxies to combine multiple
values into a single header, for example: `X-Content-Signature: SigOne,
SigTwo`. For maximum compatibility we should take that info consideration.
[attachment:"39309-single-header.diff"] adds support for that. Note that
Whitespace and commas are not part of the character set of base64 encoded
values, and are safe to split by here.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/39309#comment:67>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list