[wp-trac] [WordPress Trac] #16778: wordpress is leaking user/blog information during wp_version_check()
WordPress Trac
wp-trac at lists.automattic.com
Sun Mar 6 18:57:44 UTC 2011
#16778: wordpress is leaking user/blog information during wp_version_check()
--------------------------+-----------------------------
Reporter: investici | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version:
Severity: normal | Keywords:
--------------------------+-----------------------------
Hi,
we've noticed that wordpress will send how many users and blogs are in a
given installation during the GET to api.wordpress.org together with the
installation URL in the headers.
Is there any reason why this is done? It seems quite a leak of
information. Can it be turned into an option defaulting to off and admins
can opt-in if they want to report how many users/blogs are currently
there?
thanks.
PS. slightly related, WP will also leak which blog in MU mode is
requesting any URL via the user-agent in the WP_Http class (for example
while updating the news feed on the dashboard)
--
Ticket URL: <http://core.trac.wordpress.org/ticket/16778>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list