[wp-trac] [WordPress Trac] #26247: Importer fails when importing from a server on a private network
WordPress Trac
noreply at wordpress.org
Tue Nov 26 01:16:30 UTC 2013
#26247: Importer fails when importing from a server on a private network
--------------------------+----------------------------
Reporter: dramaley | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: WordPress.org
Component: Import | Version: 3.6.1
Severity: normal | Resolution:
Keywords: |
--------------------------+----------------------------
Comment (by dd32):
This is something we may be able to disable in imports, but only if the
user is trusted on the site.
The checks are designed to prevent a malicious user accessing a resource
which the web server has access to, but the visitor doesn't, by preventing
WordPress from retrieving documents from a internal-only resource.
One example, would be a internal blog (firewalled off from the internet)
with a public-facing site, if someone had access to the public blog, they
could upload a export which referenced an internal-only file, downloading
it to the web server and ultimately allowing the attacker to download it.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/26247#comment:2>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list