[wp-trac] [WordPress Trac] #52457: WordPress vulnerable to search-reflected webspam
WordPress Trac
noreply at wordpress.org
Fri Feb 12 05:34:58 UTC 2021
#52457: WordPress vulnerable to search-reflected webspam
-------------------------------------------------+-------------------------
Reporter: abagtcs | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: 5.7
Component: General | Version:
Severity: normal | Resolution:
Keywords: has-patch needs-testing needs-unit- | Focuses: template
tests needs-refresh |
-------------------------------------------------+-------------------------
Changes (by peterwilsoncc):
* keywords: has-patch needs-testing needs-unit-tests => has-patch needs-
testing needs-unit-tests needs-refresh
Comment:
Thanks for the patch @ayeshrajans
While the `add_action()` such as you've got is a good approach, adding it
inside `get_search_query()` will cause problems for themes or plugins
wishing to handle robots tags in there own way.
Each time `get_search_query()` is called, they'd need to reinitialize
their own handling.
There are two possible approaches I can think of (others may have another
suggestion or two):
* in the `noindex` function, call `wp_no_robots()` if the blog is not
private, or if `is_search()` is true
* As the templates are loaded, add the code from your original patch once
the search template is chosen.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/52457#comment:7>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list