[wp-trac] Re: [WordPress Trac] #9689: SimplePie auto-detection
ignores feeds with incorrect content-type in HTTP header
WordPress Trac
wp-trac at lists.automattic.com
Sat May 9 15:43:36 GMT 2009
#9689: SimplePie auto-detection ignores feeds with incorrect content-type in HTTP
header
-------------------------------+--------------------------------------------
Reporter: Denis-de-Bernardy | Owner: westi
Type: defect (bug) | Status: assigned
Priority: normal | Milestone: 2.8
Component: Feeds | Version: 2.8
Severity: major | Keywords: has-patch reporter-feedback
-------------------------------+--------------------------------------------
Comment(by link92):
I'll change handling of text/plain (and any other bit of Content-Type
sniffing) in SimplePie if and only if you can convince Adam/Ian to change
[http://tools.ietf.org/id/draft-abarth-mime-sniff]. Treating text/plain as
a privileged type (such as any syndication format) allows scripting, which
opens up whole extra security holes on top of what it claims to be.
text/plain most certainly is not a media type that represents any sort of
XML, and treating something sent as text/plain as a feed is most certainly
wrong.
Replying to [comment:14 westi]:
> I think the best option here is to turn off auto-discovery in SimplePie.
>
> rmccue is there any benifit of using
{{{set_autodiscovery_level(SIMPLEPIE_LOCATOR_NONE)}}} over
{{{force_feed()}}} or do both end up doing the same thing?
The former stops auto-discovery from looking for a feed in an HTML
document (via link[@rel='feed']/@href or link[@rel='alternate' and
(@type='application/rss+xml' or @type='application/atom+xml')]/@href)
whereas the latter forces the URL given to be treated as a feed regardless
of media type.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/9689#comment:15>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list