From c4e9ac89baf9b27459e62ea2001b158d864c09a7 Mon Sep 17 00:00:00 2001
From: Andrew Nacin <nacin@git.wordpress.org>
Date: Tue, 11 Jan 2011 21:37:12 +0000
Subject: [PATCH] Disallow a self-reference on RSS widget save, which would DoS
 a site. Checking home/siteurl should cover the vast majority of cases. see
 #8910.

git-svn-id: https://develop.svn.wordpress.org/trunk@17260 602fd350-edb4-49c9-b593-d223f7449a82
---
 wp-includes/default-widgets.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/wp-includes/default-widgets.php b/wp-includes/default-widgets.php
index 7a75983766..a36990515a 100644
--- a/wp-includes/default-widgets.php
+++ b/wp-includes/default-widgets.php
@@ -712,6 +712,10 @@ class WP_Widget_RSS extends WP_Widget {
 		if ( empty($url) )
 			return;
 
+		// self-url destruction sequence
+		if ( $url == site_url() || $url == home_url() )
+			return;
+
 		$rss = fetch_feed($url);
 		$title = $instance['title'];
 		$desc = '';