[wp-trac] [WordPress Trac] #61907: Make oembed_invalid_url return 400 instead of 404
WordPress Trac
noreply at wordpress.org
Thu Aug 22 09:49:19 UTC 2024
#61907: Make oembed_invalid_url return 400 instead of 404
-------------------------+-----------------------------
Reporter: leedxw | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: REST API | Version:
Severity: normal | Keywords:
Focuses: |
-------------------------+-----------------------------
In `wp-includes/class-wp-oembed-controller.php` the error response for an
invalid url is a 404.
{{{#!php
return new WP_Error( 'oembed_invalid_url',
get_status_header_desc( 404 ), array( 'status' => 404 ) );
}}}
Please consider changing this to a 400.
The oembed endpoint seems to be an absolute magnet for unauthorised
vulnerability checking, and from the webserver logs we can't see the
difference between `oembed_invalid_url` and a legitimate request that also
returns a 404.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/61907>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list