Ticket #1713 (closed defect: fixed)

Opened 3 years ago

Last modified 2 years ago

User-Agent Used to Confirm Pingbacks Should not be Blank

Reported by: macmanx Assigned to: markjaquith
Priority: high Milestone:
Component: XML-RPC Version: 1.5.2
Severity: major Keywords: pingback user-agent bg|has-patch bg|commit
Cc:

Description

[[Note: While this problem has been caused by a plugin, I do believe that it is a WordPress issue.]]

Currently, WordPress seems to confirm pingbacks using a blank user-agent. This is a common technique used by spammers to avoid spam filters, and as such, it is now blocked by Michael Hampton's "Bad Behavior" v1.2.2. Any attempt to send a pingback while using Bad Behavior v1.2.2 will fail, because the confirmation request from the pinged blog will be blocked for having no user-agent. While this problem has been caused by a plugin, I do believe that it is a WordPress issue. WordPress should not be using common spamming techniques. And, after all, why not identify WordPress' confirmation requests with a user-agent like "WordPress"?

Michael Hampton's "Bad Behavior" can be found here: http://www.ioerror.us/software/bad-behavior/

Attachments

functions.diff (477 bytes) - added by error on 10/04/05 18:44:20.
patch wp-includes/functions.php fixes this issue

Change History

09/28/05 16:24:17 changed by error

  • component changed from General to XML-RPC.

The root cause of the problem is that there's a lot of duplicate code in WP as regards making outbound HTTP connections. Instead of just adding a user-agent here, I would suggest actually cleaning house and getting rid of all the duplicate code.

09/29/05 20:18:40 changed by markjaquith

Yeah, we need to consolidate everything into one function, which makes judgements about what methods are supported on the server, and then behaves similarly in terms of user agent whichever method chosen.

10/04/05 18:44:20 changed by error

  • attachment functions.diff added.

patch wp-includes/functions.php fixes this issue

10/04/05 18:46:48 changed by error

  • milestone set to 1.6.

I dropped in a quick patch which puts a user-agent string in the outbound connections; it'll get you up and running for now, but long-term a lot of this duplicate code really should be consolidated.

10/04/05 18:52:47 changed by error

  • keywords changed from pingback user-agent to pingback user-agent bg|has-patch bg|commit.

10/04/05 19:15:15 changed by markjaquith

  • owner changed from anonymous to markjaquith.
  • status changed from new to assigned.

10/05/05 23:29:57 changed by ryan

  • status changed from assigned to closed.
  • resolution set to fixed.

(In [2933]) Send User-Agent when confirming pingbacks. Props error. fixes #1713

11/30/06 19:41:47 changed by

  • milestone deleted.

Milestone 2.0 deleted