[wp-hackers] Serious security hole

David House dmhouse at gmail.com
Thu Apr 20 11:41:04 GMT 2006


On 20/04/06, Elliotte Harold <elharo at metalab.unc.edu> wrote:
> (What
> happens to Referer headers in redirect situations? Is there any
> indication the server that the request has been redirected? i.e. is
> there any HTTP header we could look at to see if someone's sitting in
> between Wordpress and the client? I need to go read the HTTP spec and
> find out.)

Redirects are basically server A saying "That request is not my
problem. Go talk to server B". The client then makes a totally
seperate request to server B, so it should carry the same referer as
if it'd never requested the server A in the first place.

IIRC.

--
-David House, dmhouse at gmail.com, http://xmouse.ithium.net


More information about the wp-hackers mailing list