[wp-trac] Re: [WordPress Trac] #5682: Clean permalinks and
mod_rewrite support for IIS
WordPress Trac
wp-trac at lists.automattic.com
Mon Jun 15 20:43:15 GMT 2009
#5682: Clean permalinks and mod_rewrite support for IIS
--------------------------+-------------------------------------------------
Reporter: man999 | Owner: ryan
Type: defect (bug) | Status: new
Priority: normal | Milestone: 2.8.1
Component: Permalinks | Version: 2.5
Severity: normal | Keywords: has-patch commit
--------------------------+-------------------------------------------------
Comment(by ruslany):
There is another problem with this patch. With this patch the WordPress
will start using HTTP_X_ORIGINAL_URL server variable on IIS instead of the
proper REQUEST_URI. Using that server variable is not recommended by IIS
team as its value can be controlled by client by setting the HTTP header
"x-original-url". This may be a potential security issue. Using of
REQUEST_URI is recommended because it is set by IIS only and cannot be
controlled by client.
IIS team has deliberately added REQUEST_URI support to all IIS versions so
that workarounds like this one could be avoided.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/5682#comment:21>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list