[wp-trac] [WordPress Trac] #16778: wordpress is leaking user/blog information during wp_version_check()
WordPress Trac
noreply at wordpress.org
Wed Dec 7 16:58:44 UTC 2016
#16778: wordpress is leaking user/blog information during wp_version_check()
----------------------------+-----------------------
Reporter: investici | Owner:
Type: enhancement | Status: reopened
Priority: normal | Milestone:
Component: Administration | Version:
Severity: minor | Resolution:
Keywords: has-patch | Focuses:
----------------------------+-----------------------
Comment (by DvanKooten):
Replying to [comment:67 Otto42]:
> If you wish to filter the data for privacy purposes, then you can do so
and it will not affect the update process for small WordPress
installations. At present, there is not a secondary update path for large
installations, but that does not preclude the possibility of one occurring
in the future.
Let me just add here that the proposed filter here does not seem to be
entirely sufficient, as the `pre_http_request` filter has to fire off a
request off its own, meaning a request can only be pre-fired (or pre-
emptied) once. So if two plugins are short-circuiting the request like
this, a request is effectively fired twice and the entire point is
defeated.
This would be _much_ simpler if request URL's could be filtered.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/16778#comment:68>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list