Bootstrap/Load: Prevent loopback scraping errors when there is no key or nonce.
For error detection and rollback functions WordPress also starts a loopback request to the homepage. This loopback request is made with special parameters that when they don't match, generates an erorr. This hardens that flow by exiting out of the check if the nonce or key is missing or the nonce is not saved in the DB. It further hardens it by not caching the failures and asking search engines not to index the url with the failures. Props georgwordpress, swissspidy, jorbin. Fixes #62105. Built from https://develop.svn.wordpress.org/trunk@59171 git-svn-id: http://core.svn.wordpress.org/trunk@58566 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
245dde2107
commit
df9b79e4cd
|
@ -1806,8 +1806,20 @@ function wp_start_scraping_edited_file_errors() {
|
||||||
|
|
||||||
$key = substr( sanitize_key( wp_unslash( $_REQUEST['wp_scrape_key'] ) ), 0, 32 );
|
$key = substr( sanitize_key( wp_unslash( $_REQUEST['wp_scrape_key'] ) ), 0, 32 );
|
||||||
$nonce = wp_unslash( $_REQUEST['wp_scrape_nonce'] );
|
$nonce = wp_unslash( $_REQUEST['wp_scrape_nonce'] );
|
||||||
|
if ( empty( $key ) || empty( $nonce ) ) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
if ( get_transient( 'scrape_key_' . $key ) !== $nonce ) {
|
$transient = get_transient( 'scrape_key_' . $key );
|
||||||
|
if ( false === $transient ) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
if ( $transient !== $nonce ) {
|
||||||
|
if ( ! headers_sent() ) {
|
||||||
|
header( 'X-Robots-Tag: noindex' );
|
||||||
|
nocache_headers();
|
||||||
|
}
|
||||||
echo "###### wp_scraping_result_start:$key ######";
|
echo "###### wp_scraping_result_start:$key ######";
|
||||||
echo wp_json_encode(
|
echo wp_json_encode(
|
||||||
array(
|
array(
|
||||||
|
|
|
@ -16,7 +16,7 @@
|
||||||
*
|
*
|
||||||
* @global string $wp_version
|
* @global string $wp_version
|
||||||
*/
|
*/
|
||||||
$wp_version = '6.7-beta1-59170';
|
$wp_version = '6.7-beta1-59171';
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
||||||
|
|
Loading…
Reference in New Issue