[wp-trac] [WordPress Trac] #16858: Usage of HTTP_HOST in the administration
WordPress Trac
noreply at wordpress.org
Thu Jul 14 09:20:08 UTC 2022
#16858: Usage of HTTP_HOST in the administration
-------------------------------------+------------------------------
Reporter: amirhabibi | Owner: dd32
Type: defect (bug) | Status: reviewing
Priority: normal | Milestone: Awaiting Review
Component: Administration | Version: 3.1
Severity: normal | Resolution:
Keywords: has-patch needs-refresh | Focuses:
-------------------------------------+------------------------------
Comment (by piotrczapla2jb):
I would like to add that this issue is affecting WordPress running under
github codespaces, which is quite unfortunate as codespaces could be the
easiest way to work with WordPress. Here is the specific issue:
https://github.com/jungleboogie-pl/vscode-wordpress/issues/2
When executed under codespaces WordPress thinks it is running under
https://localhost as it does not respect
$_SERVER['HTTP_X_FORWARDED_HOST'].
The code that cause issues is here:
https://github.com/WordPress/wordpress-
develop/blob/7932ebc2796c5623c01b783da1eee1253bd99da0/src/wp-
admin/includes/misc.php#L1349
And it seems it is being used verbatim in a few other places:
https://github.com/search?q=org%3AWordPress+%24current_url++%3D+set_url_scheme%28+%27http%3A%2F%2F%27+.+%24_SERVER%5B%27HTTP_HOST%27%5D+.+%24_SERVER%5B%27REQUEST_URI%27%5D+%29&type=code
--
Ticket URL: <https://core.trac.wordpress.org/ticket/16858#comment:21>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list