[wp-trac] [WordPress Trac] #34683: Default .htaccess config creates rewrite infinite loops for path-based multisite installations

WordPress Trac noreply at wordpress.org
Sat Nov 14 20:16:55 UTC 2015


#34683: Default .htaccess config creates rewrite infinite loops for path-based
multisite installations
--------------------------------+-----------------------------
 Reporter:  rob006              |      Owner:
     Type:  defect (bug)        |     Status:  new
 Priority:  normal              |  Milestone:  Awaiting Review
Component:  Networks and Sites  |    Version:  4.3.1
 Severity:  normal              |   Keywords:
  Focuses:  multisite           |
--------------------------------+-----------------------------
 Default .htaccess config for path-based multisite installations looks like
 that:
 {{{
 RewriteBase /
 RewriteRule ^index\.php$ - [L]

 # add a trailing slash to /wp-admin
 RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L]

 RewriteCond %{REQUEST_FILENAME} -f [OR]
 RewriteCond %{REQUEST_FILENAME} -d
 RewriteRule ^ - [L]
 RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) $2 [L]
 RewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ $2 [L]
 RewriteRule . index.php [L]
 }}}

 The problem is in these lines:

 {{{
 RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) $2 [L]
 RewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ $2 [L]
 }}}

 `?` sign makes expression `([_0-9a-zA-Z-]+/)` optional, so rule works also
 for request like `http://example.com/wp-config/file.png` and basicly try
 to internal redirect request to the same address. If file does not exist,
 it creates infinite internal loops that causes internal server errors.

 There is no sense create rewrite rules for main site of network and site
 prefix should no be optional for rewrites. Correct .htaccess content
 should be:

 {{{
 RewriteBase /
 RewriteRule ^index\.php$ - [L]

 # add a trailing slash to /wp-admin
 RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L]

 RewriteCond %{REQUEST_FILENAME} -f [OR]
 RewriteCond %{REQUEST_FILENAME} -d
 RewriteRule ^ - [L]
 RewriteRule ^([_0-9a-zA-Z-]+/)(wp-(content|admin|includes).*) $2 [L]
 RewriteRule ^([_0-9a-zA-Z-]+/)(.*\.php)$ $2 [L]
 RewriteRule . index.php [L]
 }}}

--
Ticket URL: <https://core.trac.wordpress.org/ticket/34683>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list