[wp-trac] [WordPress Trac] #45933: WSODs protection returns incorrect content type
WordPress Trac
noreply at wordpress.org
Thu Jan 17 11:47:11 UTC 2019
#45933: WSODs protection returns incorrect content type
--------------------------------------------------+------------------------
Reporter: spacedmonkey | Owner: flixos90
Type: defect (bug) | Status: reviewing
Priority: normal | Milestone: 5.1
Component: Bootstrap/Load | Version: trunk
Severity: normal | Resolution:
Keywords: servehappy needs-patch needs-testing | Focuses: multisite
--------------------------------------------------+------------------------
Comment (by birgire):
I had a quick look at {{{wp_is_xml_request()}}} in
[attachment:"45933.8.diff"] and wonder about this part:
{{{
if ( isset( $_SERVER['CONTENT_TYPE'] ) && 'application/json' ===
$_SERVER['CONTENT_TYPE'] ) {
if ( isset( $_SERVER['CONTENT_TYPE'] ) && in_array(
$_SERVER['CONTENT_TYPE'], $accepted, true ) ) {
return true;
}
}
}}}
Here {{{isset( $_SERVER['CONTENT_TYPE'] )}}} is checked twice and
{{{'application/json'}}} is not part of {{{$accepted}}}:
{{{
$accepted = array(
'application/rss+xml',
'application/rss+xml',
'text/xml',
'application/atom+xml',
'application/rdf+xml',
);
}}}
where the {{{'application/rss+xml'}}} is duplicated in {{{$accepted}}}.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/45933#comment:26>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list