[wp-trac] [WordPress Trac] #32413: Including http://*. in $_GET variable breaks user session

WordPress Trac noreply at wordpress.org
Fri May 15 16:43:34 UTC 2015


#32413: Including http://*. in $_GET variable breaks user session
--------------------------+------------------------------
 Reporter:  zergling81    |       Owner:
     Type:  defect (bug)  |      Status:  closed
 Priority:  normal        |   Milestone:  Awaiting Review
Component:  General       |     Version:  4.2.2
 Severity:  normal        |  Resolution:  invalid
 Keywords:                |     Focuses:
--------------------------+------------------------------
Changes (by zergling81):

 * status:  new => closed
 * resolution:   => invalid


Comment:

 This looks to be a hosting environment issue and not a Wordpress issue -
 my reproduction works reliably on Hostgator shared hosting, but not on my
 local server. On Bluehost Wordpress hosting, "http://*." does not cause
 problems - but a range of popular file suffixes (.jpg, .jpeg, .png, .pdf,
 .mp3 but NOT .doc, .aiff, .tiff) in the variable value produce the exact
 same behavior.

 With this knowledge in hand, I have managed to elicit the behavior from a
 4.1.5 install as well as a generic HTML page. So, it's somebody's issue,
 but not a WP bug, contrary to prior appearances.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/32413#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list