From 3e45fdb260d16776bd1472b1e17ec73154316b10 Mon Sep 17 00:00:00 2001
From: nacin <nacin@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Tue, 11 Jan 2011 21:37:12 +0000
Subject: [PATCH] Disallow a self-reference on RSS widget save, which would DoS
 a site. Checking home/siteurl should cover the vast majority of cases. see
 #8910.

git-svn-id: http://svn.automattic.com/wordpress/trunk@17260 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-includes/default-widgets.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/wp-includes/default-widgets.php b/wp-includes/default-widgets.php
index 7a7598376..a36990515 100644
--- a/wp-includes/default-widgets.php
+++ b/wp-includes/default-widgets.php
@@ -712,6 +712,10 @@ class WP_Widget_RSS extends WP_Widget {
 		if ( empty($url) )
 			return;
 
+		// self-url destruction sequence
+		if ( $url == site_url() || $url == home_url() )
+			return;
+
 		$rss = fetch_feed($url);
 		$title = $instance['title'];
 		$desc = '';