Surface context snippet in edit modal#253
Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting
| $response = $remote_request_client->head($normalized_url, $head_args); | ||
| $response_code = null; | ||
| $needs_get = false; | ||
|
|
||
| if (is_wp_error($response)) { | ||
| $needs_get = true; | ||
| } else { | ||
| $response_code = (int) $remote_request_client->responseCode($response); | ||
| if (in_array($response_code, [403, 405, 501], true)) { | ||
| $needs_get = true; | ||
| } | ||
| } | ||
|
|
||
| if ($needs_get) { | ||
| $response = $remote_request_client->get($normalized_url, $get_args); | ||
| if (is_wp_error($response)) { |
There was a problem hiding this comment.
The new blc_ajax_recheck_link_callback() immediately issues a HEAD/GET request to whatever URL is stored for the row without checking blc_is_safe_remote_host() or any of the host/IP allow lists used during scanning. Links pointing to private or otherwise blocked hosts that the scanner deliberately skipped can now be rechecked manually and trigger network calls to internal resources. This bypasses the existing SSRF safeguards and can hit forbidden hosts on every recheck.
Useful? React with 👍 / 👎.
1 participant
Summary
Testing
https://chatgpt.com/codex/tasks/task_e_68defbc55eac832e9e1c04b37c463e30