[wp-trac] Re: [WordPress Trac] #7157: Disable APP and XMLRPC publishing by default

WordPress Trac wp-trac at lists.automattic.com
Sat Jul 5 18:16:48 GMT 2008

#7157: Disable APP and XMLRPC publishing by default
 Reporter:  westi        |        Owner:  westi
     Type:  enhancement  |       Status:  new  
 Priority:  high         |    Milestone:  2.6  
Component:  Security     |      Version:  2.6  
 Severity:  normal       |   Resolution:       
 Keywords:  has-patch    |  
Comment (by AlanJCastonguay):

 $allow passed to not_allowed() is expected to be an array, and joined into
 a comma-separated list of allowed values. If we're going to use
 not_allowed() to output this warning in the Allow: header, the content
 should be a single-element array rather than a string.

 However, it may be better to use HTTP Status 403 instead, since Status 405
 "MUST include an Allow header containing a list of valid methods for the
 requested resource", not an arbitrary user-oriented string. With Status
 403, WordPress "SHOULD describe the reason for the refusal in the entity"
 body, not through the Accept: header.

Ticket URL: <http://trac.wordpress.org/ticket/7157#comment:23>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list