http

Does WordPress send data about your blog to WordPress.org or Automattic?

by

Yes, it does. See Ticket #16778 wordpress is leaking user/blog information during wp_version_check(). All the details are in /wp-includes/update.php: if ( is_multisite( ) ) { $user_count = get_user_count( ); $num_blogs = get_blog_count( ); $wp_install = network_site_url( ); $multisite_enabled = 1; } else { $user_count = count_users( ); $user_count = $user_count[‘total_users’]; $multisite_enabled = 0; $num_blogs = … Read more

WordPress HTTP parameter pollution

by

This really wouldn’t have anything to do with WordPress intrinsically. It would be related to some plugin or code that passes values based on post data or anything that can request back-end HTTP to another application. The problem is you are open for XSS and SQL injection. Do you have user input fields i.e. POST … Read more

When looking at the differences between X-Auth-Token vs Authorization headers, which is preferred?

by

Authorization is the primary header used by clients to authenticate against peers in HTTP as foreseen in RFC 7235. It is often linked to the Basic authentication scheme as per RFC 7617, but that is not a given. The Basic scheme allows clients to provide a username-password-pair separated by a colon (:) coded in Base64. It cannot be stressed enough that this is a transport … Read more

Are HTTP headers case-sensitive?

by

Header names are not case sensitive. From RFC 2616 – “Hypertext Transfer Protocol — HTTP/1.1”, Section 4.2, “Message Headers”: Each header field consists of a name followed by a colon (“:”) and the field value. Field names are case-insensitive. The updating RFC 7230 does not list any changes from RFC 2616 at this part.

Why am I suddenly getting a “Blocked loading mixed active content” issue in Firefox?

by

I found this blog post which cleared up a few things. To quote the most relevant bit: Mixed Active Content is now blocked by default in Firefox 23! What is Mixed Content?When a user visits a page served over HTTP, their connection is open for eavesdropping and man-in-the-middle (MITM) attacks. When a user visits a … Read more

How are parameters sent in an HTTP POST request?

by

The values are sent in the request body, in the format that the content type specifies. Usually the content type is application/x-www-form-urlencoded, so the request body uses the same format as the query string: When you use a file upload in the form, you use the multipart/form-data encoding instead, which has a different format. It’s more complicated, but … Read more

Setting Curl’s Timeout in PHP

by

See documentation: http://www.php.net/manual/en/function.curl-setopt.php CURLOPT_CONNECTTIMEOUT – The number of seconds to wait while trying to connect. Use 0 to wait indefinitely.CURLOPT_TIMEOUT – The maximum number of seconds to allow cURL functions to execute. also don’t forget to enlarge time execution of php script self:

ndroid 8: Cleartext HTTP traffic not permitted

by

According to Network security configuration – Starting with Android 9 (API level 28), cleartext support is disabled by default. Also have a look at Android M and the war on cleartext traffic Codelabs explanation from Google Option 1 – First try hitting the URL with “https://” instead of “http://” Option 2 – Create file res/xml/network_security_config.xml … Read more