Is curl required?

For the record, I have uninstalled curl and wordpress was working on seamlessly. So I confirm that curl is not a dependency of wordpress. However, some plugins may require curl.

How do I troubleshoot responses with WP HTTP API?

We tracked it down to content-encoding’ => string ‘deflate’ (length=7) being at fault. WP_HTTP is adding in a deflate header for no reason and un gzip compressing the results. It only happens when the body of the response is under a certain string length. Very annoying when all you want isa 1 or a 0. …

Read more

Does WordPress send data about your blog to WordPress.org or Automattic?

Yes, it does. See Ticket #16778 wordpress is leaking user/blog information during wp_version_check(). All the details are in /wp-includes/update.php: if ( is_multisite( ) ) { $user_count = get_user_count( ); $num_blogs = get_blog_count( ); $wp_install = network_site_url( ); $multisite_enabled = 1; } else { $user_count = count_users( ); $user_count = $user_count[‘total_users’]; $multisite_enabled = 0; $num_blogs = …

Read more

WordPress HTTP parameter pollution

This really wouldn’t have anything to do with WordPress intrinsically. It would be related to some plugin or code that passes values based on post data or anything that can request back-end HTTP to another application. The problem is you are open for XSS and SQL injection. Do you have user input fields i.e. POST …

Read more

When looking at the differences between X-Auth-Token vs Authorization headers, which is preferred?

Authorization is the primary header used by clients to authenticate against peers in HTTP as foreseen in RFC 7235. It is often linked to the Basic authentication scheme as per RFC 7617, but that is not a given. The Basic scheme allows clients to provide a username-password-pair separated by a colon (:) coded in Base64. It cannot be stressed enough that this is a transport …

Read more

Are HTTP headers case-sensitive?

Header names are not case sensitive. From RFC 2616 – “Hypertext Transfer Protocol — HTTP/1.1”, Section 4.2, “Message Headers”: Each header field consists of a name followed by a colon (“:”) and the field value. Field names are case-insensitive. The updating RFC 7230 does not list any changes from RFC 2616 at this part.