[wp-trac] [WordPress Trac] #16778: wordpress is leaking user/blog information during wp_version_check()

WordPress Trac noreply at wordpress.org
Wed Dec 7 16:58:44 UTC 2016


#16778: wordpress is leaking user/blog information during wp_version_check()
----------------------------+-----------------------
 Reporter:  investici       |       Owner:
     Type:  enhancement     |      Status:  reopened
 Priority:  normal          |   Milestone:
Component:  Administration  |     Version:
 Severity:  minor           |  Resolution:
 Keywords:  has-patch       |     Focuses:
----------------------------+-----------------------

Comment (by DvanKooten):

 Replying to [comment:67 Otto42]:
 > If you wish to filter the data for privacy purposes, then you can do so
 and it will not affect the update process for small WordPress
 installations. At present, there is not a secondary update path for large
 installations, but that does not preclude the possibility of one occurring
 in the future.

 Let me just add here that the proposed filter here does not seem to be
 entirely sufficient, as the `pre_http_request` filter has to fire off a
 request off its own, meaning a request can only be pre-fired (or pre-
 emptied) once. So if two plugins are short-circuiting the request like
 this, a request is effectively fired twice and the entire point is
 defeated.

 This would be _much_ simpler if request URL's could be filtered.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/16778#comment:68>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list