[wp-trac] [WordPress Trac] #60261: Fatal error with invalid charset specified in Trackback
WordPress Trac
noreply at wordpress.org
Mon Jun 10 01:23:50 UTC 2024
#60261: Fatal error with invalid charset specified in Trackback
------------------------------+---------------------
Reporter: dd32 | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: 6.6
Component: Pings/Trackbacks | Version:
Severity: normal | Resolution:
Keywords: has-patch php81 | Focuses:
------------------------------+---------------------
Changes (by dd32):
* keywords: has-patch php81 needs-testing-info => has-patch php81
Comment:
Replying to [comment:7 oglekler]:
> What it the difference between incorrect encoding and obsolete UTF-7
that will cause die() (I wonder if it should use wp_die() instead)?
UTF-7 `die()`'ing is more of a security thing, It's obsoleted in that it
was never an official standard and has known security vulnerabilities that
were never going to be fixed.
Die'ing here for "invalid" charsets is fine, such as `foobar` but that's
not necessarily wanted here.
There's also the case of 'unsupported' charsets, A receiver site might not
support the sent charset, we probably still want to process the request in
that case (Which is what happens today).
> Can you, please, provide testing instructions?
The best testing instructions are the first comment on this trac ticket,
listing `curl` commands.
It's worth noting, that AFAIK, this `charset` parameter isn't actually in
the Trackback specification, and that it's supposed to be sent as part of
the `Content-Type` header which WordPress ignores.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/60261#comment:8>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list