[wp-trac] Re: [WordPress Trac] #8152: WordPress should force all
URL query string requests to be 255 characters or less
WordPress Trac
wp-trac at lists.automattic.com
Tue Nov 11 15:12:17 GMT 2008
#8152: WordPress should force all URL query string requests to be 255 characters
or less
-------------------------+--------------------------------------------------
Reporter: _ck_ | Owner: anonymous
Type: defect | Status: new
Priority: normal | Milestone: 2.8
Component: Security | Version: 2.6.1
Severity: normal | Resolution:
Keywords: needs-patch |
-------------------------+--------------------------------------------------
Comment (by _ck_):
Whatcha think of this (saved as an underscore plugin to load as early as
possible)
{{{
<?php
/*
Plugin Name: Block Long Queries
*/
if (strlen($_SERVER['QUERY_STRING'])>255 ||
strlen($_SERVER['REQUEST_URI'])>320) {
@header("HTTP/1.1 414 Request-URI Too Long");
@header("Status: 414 Request-URI Too Long");
@header("Connection: Close");
@exit;
}
?>
}}}
I do both query_strong and request_uri because repermalink has not
executed at load time.
--
Ticket URL: <http://trac.wordpress.org/ticket/8152#comment:2>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list