[wp-trac] [WordPress Trac] #9786: WordPress should not sniff
servers by name
WordPress Trac
wp-trac at lists.automattic.com
Sun May 10 23:57:11 GMT 2009
#9786: WordPress should not sniff servers by name
--------------------------+-------------------------------------------------
Reporter: filosofo | Owner: filosofo
Type: defect (bug) | Status: new
Priority: normal | Milestone: Future Release
Component: General | Version:
Severity: normal | Keywords: server-sniffing
--------------------------+-------------------------------------------------
In {{{wp-includes/vars.php}}} !WordPress sets the global variable
$is_apache according to the {{{$_SERVER['SERVER_SOFTWARE']}}} string.
Just as with !JavaScript browser sniffing by User Agent, this approach is
doomed to failure. I know I'm not the only one who renames servers for
whimsy or security-by-obscurity.
I think a general solution would be to test for the desired behavior that
we want. For example, $is_apache is used in two places: the permalink
options page and the apache_mod_loaded() function. For the latter, we
should be able just to strip out the $is_apache check. For the permalinks
options page, couldn't we use apache_mod_loaded() itself?
--
Ticket URL: <http://core.trac.wordpress.org/ticket/9786>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list