[wp-trac] Re: [WordPress Trac] #7141: pluggable.php:
auth_redirect() contains invalid test for SSL request
WordPress Trac
wp-trac at lists.automattic.com
Tue Feb 10 15:48:25 GMT 2009
#7141: pluggable.php: auth_redirect() contains invalid test for SSL request
--------------------------+-------------------------------------------------
Reporter: wet | Owner: anonymous
Type: defect (bug) | Status: reopened
Priority: high | Milestone:
Component: Security | Version: 2.6
Severity: major | Resolution:
Keywords: needs-patch |
--------------------------+-------------------------------------------------
Changes (by grotfl1):
* status: closed => reopened
* resolution: wontfix =>
Comment:
This is still a bug, but for a different reason. Instead of this line:
{{{
if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) {
}}}
There should be this one:
{{{
if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http:') ) {
}}}
Otherwise there would be a redirect loop (because 'https:/...' also starts
with 'http'!).
I stumbled across this because I did have a redirect loop (though this was
not the reason for it). I guess there aren't many setups that would have
protocol in REQUEST_URI or this bug would have surfaced a long time ago.
;)
Btw, there are two such checks in auth_redirect(). IMHO they should both
be removed.
--
Ticket URL: <http://trac.wordpress.org/ticket/7141#comment:5>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list