[wp-trac] Re: [WordPress Trac] #5682: Clean permalinks and mod_rewrite support for IIS

WordPress Trac wp-trac at lists.automattic.com
Mon Jun 15 20:43:15 GMT 2009

#5682: Clean permalinks and mod_rewrite support for IIS
 Reporter:  man999        |       Owner:  ryan            
     Type:  defect (bug)  |      Status:  new             
 Priority:  normal        |   Milestone:  2.8.1           
Component:  Permalinks    |     Version:  2.5             
 Severity:  normal        |    Keywords:  has-patch commit

Comment(by ruslany):

 There is another problem with this patch. With this patch the WordPress
 will start using HTTP_X_ORIGINAL_URL server variable on IIS instead of the
 proper REQUEST_URI. Using that server variable is not recommended by IIS
 team as its value can be controlled by client by setting the HTTP header
 "x-original-url". This may be a potential security issue. Using of
 REQUEST_URI is recommended because it is set by IIS only and cannot be
 controlled by client.

 IIS team has deliberately added REQUEST_URI support to all IIS versions so
 that workarounds like this one could be avoided.

Ticket URL: <http://core.trac.wordpress.org/ticket/5682#comment:21>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list