[wp-trac] [WordPress Trac] #25840: Feature Request: WP_ACCESSIBLE_HOSTS as option
WordPress Trac
noreply at wordpress.org
Thu Nov 7 06:35:33 UTC 2013
#25840: Feature Request: WP_ACCESSIBLE_HOSTS as option
-------------------------+--------------------
Reporter: xFireFartx | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: 3.8
Component: HTTP | Version: 3.7.1
Severity: normal | Resolution:
Keywords: |
-------------------------+--------------------
Comment (by rmccue):
Replying to [comment:9 Christian Buchhas]:
> that is an interesting argument, but there is a possibility where you
can break the security!
> When the plugin uses the maximum prio, then there is no more room for
the admin to add a higher prio, and the queue of filters will be processed
with the order of their names ... ?
>
> The easiest and most secure solution is to set the constants in a
plugin, which name begin with zero, because the plugins will be executed
with the order of their names!
That would be true, but there's not really a "maximum" priority as such.
Priorities aren't guaranteed to be integers, floats, or even numbers, so
there's basically something higher that you can set. e.g. if something
uses `-1 * PHP_INT_MAX`, you can use `-1 * PHP_INT_MAX - 1` and it'll
transparently become a more-negative float. (Interesting thought: what
*is* the highest priority (earliest sorted value) you can get in PHP? I'd
guess `-INF`.)
---
Apart from the intellectual exercise, I'm not sure it really matters. If
you enable a plugin, it can already run arbitrary code, so it's hardly a
security issue.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/25840#comment:10>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list