Making WordPress.org


Ignore:
Timestamp:
02/21/2017 01:57:50 PM (8 years ago)
Author:
ocean90
Message:

WordPress.org SSO: Improve whitelist check for wp-json and xmlrpc.php to support query arguments.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • sites/trunk/common/includes/wporg-sso/wp-plugin.php

    r4964 r4971  
    230230                            }
    231231                        }
    232                     } elseif ( ( is_admin() && is_super_admin() ) || preg_match( '!^/wp-json(/?$|/.+)!i', $_SERVER['REQUEST_URI'] ) || '/xmlrpc.php' === $_SERVER['REQUEST_URI'] ) {
     232                    } elseif ( ( is_admin() && is_super_admin() ) || 0 === strpos( $_SERVER['REQUEST_URI'], '/wp-json' ) || 0 === strpos( $_SERVER['REQUEST_URI'], '/xmlrpc.php' ) ) {
    233233                        // Do nothing, allow access to wp-admin, wp-json and xmlrpc.php on login.wordpress.org
    234234                    } elseif ( is_user_logged_in() ) {
Note: See TracChangeset for help on using the changeset viewer.