[wp-trac] [WordPress Trac] #20226: Don't advertise pingback URL on resources that don't support pingbacks

WordPress Trac noreply at wordpress.org
Tue Nov 10 04:22:06 UTC 2015 

#20226: Don't advertise pingback URL on resources that don't support pingbacks
------------------------------+-----------------------------
 Reporter:  solarissmoke      |       Owner:  wonderboymusic
     Type:  enhancement       |      Status:  closed
 Priority:  normal            |   Milestone:  4.4
Component:  Pings/Trackbacks  |     Version:  3.3
 Severity:  minor             |  Resolution:  fixed
 Keywords:  has-patch         |     Focuses:  template
------------------------------+-----------------------------

Comment (by mark-k):

 from the discover_pingback_server_uri function in .4.4

 {{{

         $response = wp_safe_remote_head( $url, array( 'timeout' => 2,
 'httpversion' => '1.0' ) );

         if ( is_wp_error( $response ) )
                 return false;

         if ( wp_remote_retrieve_header( $response, 'x-pingback' ) )
                 return wp_remote_retrieve_header( $response, 'x-pingback'
 );

         // Not an (x)html, sgml, or xml page, no use going further.
         if ( preg_match('#(image|audio|video|model)/#is',
 wp_remote_retrieve_header( $response, 'content-type' )) )
                 return false;

         // Now do a GET since we're going to look in the html headers (and
 we're sure it's not a binary file)
         $response = wp_safe_remote_get( $url, array( 'timeout' => 2,
 'httpversion' => '1.0' ) );

 }}}

 pinging home page of a 4.3 site scenario:
 the call to wp_remote_retrieve_header return the xmlrpc end point of the
 site and we can continue to sending the pingback

 pinging home page of a 4.4 site scenario:
 the call to wp_remote_retrieve_header return false
 therefor we call wp_safe_remote_get an parse the content

 One more request.

 Of course that code is bad as it should just issue a GET in the first
 place and then decide from which source, header or content, to get the
 endpoint URL.

 And since this change do not remove the rel="pingback" from the content it
 will not prevent the sending of the pingback itself.

 At the minimum the decision when to send X-pingback should be
 filterable/overideable. With the 4.4 code it is kinda possible but just
 too hard.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/20226#comment:23>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list