[wp-trac] [WordPress Trac] #16778: wordpress is leaking user/blog information during wp_version_check()

WordPress Trac noreply at wordpress.org
Tue Nov 15 11:19:38 UTC 2016


#16778: wordpress is leaking user/blog information during wp_version_check()
----------------------------+----------------------
 Reporter:  investici       |       Owner:
     Type:  enhancement     |      Status:  closed
 Priority:  normal          |   Milestone:
Component:  Administration  |     Version:
 Severity:  minor           |  Resolution:  invalid
 Keywords:  has-patch       |     Focuses:
----------------------------+----------------------

Comment (by dd32):

 I'll just note that this page exists: https://wordpress.org/about/privacy/
 (as it hasn't been mentioned on this thread)

 > The other concern here is that you suggest that the `http_request_args`
 filter can be used for the same purpose, I disagree (but am happy to be
 corrected)

 You're right, that filter doesn't really work for the purpose you want,
 instead you should use the `pre_http_request` filter and perform a
 modified request, similar to what the WordPress Beta Tester plugin does:
 https://plugins.trac.wordpress.org/browser/wordpress-beta-tester/trunk/wp-
 beta-tester.php?rev=1367272&marks=35,69-86#L33

--
Ticket URL: <https://core.trac.wordpress.org/ticket/16778#comment:37>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list