[wp-trac] [WordPress Trac] #54527: missing
WordPress Trac
noreply at wordpress.org
Sat Nov 27 17:24:17 UTC 2021
#54527: missing
--------------------------+-----------------------------
Reporter: danielrufde | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Widgets | Version:
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
At https://github.com/WordPress/WordPress/blob/5.8.2/wp-includes/widgets
/class-wp-widget-rss.php#L48-L64 there is a check to prevent that the home
/ site_url URL is accidentally used as RSS feed URL as this can lead to
interesting cases like infinite loops, many long-running http requests and
some sort of "Self" Denial of Service (DoS).
In WordPress 5.8.2 when we edit block-enabled them and add the RSS widget
and use the same URL like home / site_url, then we get the mentioned
problems because the check is missing there:
https://github.com/WordPress/WordPress/blob/5.8.2/wp-
includes/blocks/rss.php#L16
--
Ticket URL: <https://core.trac.wordpress.org/ticket/54527>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list