Upgrades to WordPress 2.9 on several of the production blogs – and it’s the same old issue with php header injection.
I’ve blogged about this before – and raised a trac ticket. I’m probably going to write a plugin to solve this one for good.
Here’s the change – around line 863 of wp-includes/pluggable.php
/* ** Remove header injection piece - fix for exec-php ** evilzenscientist - 27 Dec 09 ** originally from 28 May 08 ** ref http://trac.wordpress.org/ticket/2860
if ( $is_IIS ) { header("Refresh: 0;url=$location"); } else { if ( php_sapi_name() != 'cgi-fcgi' ) status_header($status); // This causes problems on I header("Location: $location", true, $status); } } endif;
** */
/** added new header injection and refresh ** http://trac.wordpress.org/ticket/2860 ** evilzenscientist - 28 May 2008 */ if( !headers_sent() ) { if ($is_IIS) header("Refresh: 0;url=$location"); else header("Location: $location"); } else echo "<meta http-equiv='refresh' content='0;url=$location' />"; } endif; /** end of change */
Recent Comments