[wp-trac] Re: [WordPress Trac] #7141: pluggable.php: auth_redirect() contains invalid test for SSL request

WordPress Trac wp-trac at lists.automattic.com
Tue Feb 10 15:48:25 GMT 2009


#7141: pluggable.php: auth_redirect() contains invalid test for SSL request
--------------------------+-------------------------------------------------
 Reporter:  wet           |        Owner:  anonymous
     Type:  defect (bug)  |       Status:  reopened 
 Priority:  high          |    Milestone:           
Component:  Security      |      Version:  2.6      
 Severity:  major         |   Resolution:           
 Keywords:  needs-patch   |  
--------------------------+-------------------------------------------------
Changes (by grotfl1):

  * status:  closed => reopened
  * resolution:  wontfix =>

Comment:

 This is still a bug, but for a different reason. Instead of this line:

 {{{
 if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) {
 }}}

 There should be this one:

 {{{
 if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http:') ) {
 }}}

 Otherwise there would be a redirect loop (because 'https:/...' also starts
 with 'http'!).

 I stumbled across this because I did have a redirect loop (though this was
 not the reason for it). I guess there aren't many setups that would have
 protocol in REQUEST_URI or this bug would have surfaced a long time ago.
 ;)

 Btw, there are two such checks in auth_redirect(). IMHO they should both
 be removed.

-- 
Ticket URL: <http://trac.wordpress.org/ticket/7141#comment:5>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list