[wp-trac] Re: [WordPress Trac] #7141: pluggable.php:
auth_redirect() contains invalid test for SSL request
WordPress Trac
wp-trac at lists.automattic.com
Mon Apr 20 20:13:11 GMT 2009
#7141: pluggable.php: auth_redirect() contains invalid test for SSL request
------------------------------+---------------------------------------------
Reporter: wet | Owner: anonymous
Type: defect (bug) | Status: closed
Priority: low | Milestone:
Component: Security | Version: 2.6
Severity: normal | Resolution: wontfix
Keywords: has-patch tested |
------------------------------+---------------------------------------------
Changes (by ryan):
* status: reopened => closed
* resolution: => wontfix
* milestone: 2.8 =>
Comment:
Replying to [comment:5 grotfl1]:
> This is still a bug, but for a different reason. Instead of this line:
>
> {{{
> if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) {
> }}}
>
> There should be this one:
>
> {{{
> if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http:') ) {
> }}}
>
> Otherwise there would be a redirect loop (because 'https:/...' also
starts with 'http'!).
>
> I stumbled across this because I did have a redirect loop (though this
was not the reason for it). I guess there aren't many setups that would
have protocol in REQUEST_URI or this bug would have surfaced a long time
ago. ;)
>
> Btw, there are two such checks in auth_redirect(). IMHO they should both
be removed.
'http' instead of 'http:' is done on purpose. Since this is inside an
!is_ssl() check, I don't see a redirect loop happening.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/7141#comment:8>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list