[wp-trac] Re: [WordPress Trac] #7157: Disable APP and XMLRPC
publishing by default
WordPress Trac
wp-trac at lists.automattic.com
Sat Jul 5 18:16:48 GMT 2008
#7157: Disable APP and XMLRPC publishing by default
-------------------------+--------------------------------------------------
Reporter: westi | Owner: westi
Type: enhancement | Status: new
Priority: high | Milestone: 2.6
Component: Security | Version: 2.6
Severity: normal | Resolution:
Keywords: has-patch |
-------------------------+--------------------------------------------------
Comment (by AlanJCastonguay):
$allow passed to not_allowed() is expected to be an array, and joined into
a comma-separated list of allowed values. If we're going to use
not_allowed() to output this warning in the Allow: header, the content
should be a single-element array rather than a string.
However, it may be better to use HTTP Status 403 instead, since Status 405
"MUST include an Allow header containing a list of valid methods for the
requested resource", not an arbitrary user-oriented string. With Status
403, WordPress "SHOULD describe the reason for the refusal in the entity"
body, not through the Accept: header.
--
Ticket URL: <http://trac.wordpress.org/ticket/7157#comment:23>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list