robechar
Member
Posted 14 years ago #
We've had a problem with users of our WPMU including their blogs own RSS feed. It appears this causes problems with the cron task and causes major performance issues with our server.
Is there any way to prevent this from happening, or should I file a bug in Wordpress? Its a security issue if any user can bring down a server by doing this.
Here are a couple of people who mention this issue, but don't have any specific fix for it besides removing the offending widget:
http://premium.wpmudev.org/forums/topic/wpmu-performance-assistance
http://mu.wordpress.org/forums/topic/14240
Yup, it does. Very much known issue. There's trac tickets on both the wp and wpmu tracs about this.
http://trac.mu.wordpress.org/ticket/1183
http://trac.mu.wordpress.org/ticket/1000
http://trac.mu.wordpress.org/ticket/852
There's a regular wp trac ticket on it as well with some discussion but I can;t find it right off. Maybe someone else can find it.
edit: And as always, right after hitting save, I find it:
http://core.trac.wordpress.org/ticket/8910
robechar
Member
Posted 14 years ago #
Thanks tdjcbe for the links to the tickets.
To protect our servers, I've reluctantly hacked some core code to prevent people from including their own RSS feeds. It doesn't look like anyone is rushing to fix the issue, but is pretty serious from a systems perspective.
I added this to wp-includes/default-widgets.php at line 741:
/**
* Override save settings to prevent inclusion of your own RSS feed
*
* Included in our patch until this issue gets resolved:
* http://core.trac.wordpress.org/ticket/8910
*/
function save_settings($settings) {
global $current_blog;
// Make sure this blog isn't including their own RSS feed
foreach ($settings as $index=>$fields) {
if (!empty($fields['url'])) {
if (substr_count($fields['url'], $current_blog->domain . $current_blog->path)) {
$settings[$index]['url'] = '';
}
}
}
return parent::save_settings($settings);
}
robechar - please add your voice to the ticket.