[wp-trac] [WordPress Trac] #25418: bloginfo for pingback_url doesn't respect SSL
WordPress Trac
noreply at wordpress.org
Wed Sep 25 16:17:47 UTC 2013
#25418: bloginfo for pingback_url doesn't respect SSL
--------------------------+------------------
Reporter: technosailor | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 3.7
Component: XML-RPC | Version: 2.6
Severity: normal | Resolution:
Keywords: has-patch |
--------------------------+------------------
Comment (by technosailor):
Replying to [comment:4 nacin]:
> I could see how this could be a problem, sure. Can anyone make a case
that this could (or would not) break something?
All you need is a CSRF attack, now or in the future, to corrupt
pingback_url and then encrypted traffic would leak. Theoretically.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/25418#comment:5>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list