[wp-trac] [WordPress Trac] #25418: bloginfo for pingback_url doesn't respect SSL

WordPress Trac noreply at wordpress.org
Wed Sep 25 16:17:47 UTC 2013


#25418: bloginfo for pingback_url doesn't respect SSL
--------------------------+------------------
 Reporter:  technosailor  |       Owner:
     Type:  defect (bug)  |      Status:  new
 Priority:  normal        |   Milestone:  3.7
Component:  XML-RPC       |     Version:  2.6
 Severity:  normal        |  Resolution:
 Keywords:  has-patch     |
--------------------------+------------------

Comment (by technosailor):

 Replying to [comment:4 nacin]:
 > I could see how this could be a problem, sure. Can anyone make a case
 that this could (or would not) break something?

 All you need is a CSRF attack, now or in the future, to corrupt
 pingback_url and then encrypted traffic would leak. Theoretically.

--
Ticket URL: <http://core.trac.wordpress.org/ticket/25418#comment:5>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list