[wp-trac] [WordPress Trac] #47980: New wp_validate_redirect() removes domain in some circumstances.

WordPress Trac noreply at wordpress.org
Fri Sep 13 15:21:32 UTC 2019


#47980: New wp_validate_redirect() removes domain in some circumstances.
--------------------------+-----------------------------
 Reporter:  rconde        |       Owner:  SergeyBiryukov
     Type:  defect (bug)  |      Status:  assigned
 Priority:  normal        |   Milestone:  5.2.4
Component:  General       |     Version:  5.2.3
 Severity:  critical      |  Resolution:
 Keywords:  has-patch     |     Focuses:
--------------------------+-----------------------------

Comment (by rconde):

 Replying to [comment:12 Sixes]:
 > I am seeing the same issue on a Ubuntu server (18.04.3 LTS).  The
 WordPress install is version 5.2.3 on a multi-site setup.
 >
 > I have tried removing the section at
 https://github.com/WordPress/WordPress/commit/c86ee39ff4c1a79b93c967eb88522f5c09614a28
 and this makes no difference.  Clearly adding a backslash to the
 {{{ltrim()}}} statement also has no effect.
 >
 > In any case, does {{{ltrim()}}} really take three parameters?  According
 to the php manual:
 >
 > {{{#!php
 >  ltrim ( string $str [, string $character_mask ] ) : string
 > }}}
 >
 > The only other odd thing about this setup is that
 [https://fearoflanding.com/ Fear of Landing] redirects through
 Cloudflare.com.
 >
 > Any suggestions as to how to get round this issue?  Currently none of my
 users can log in.
 >
 > Edit: Having checked further, it seems that {{{wp_validate_redirect()}}}
 is not actually being called.  Also this may be a different issue as the
 user is (sometimes) getting:
 >
 >   **ERROR**: Cookies are blocked or not supported by your browser. You
 must enable cookies to use WordPress.
 >

 This seems unrelated to this ticket. Fortunately you have mentioned
 Cloudflare...

 I can tell you what is happening:

 wp-login.php creates php cookie 'wordpress_test_cookie' when you access
 this page.

 So I guess that you have configured Cloudflare incorrectly, so when you
 access wp-login.php you are getting a cached page from Cloudflare, not
 from your server, hence your server is not creating any cookie because the
 request is not getting the page from your server but from cloudflare.

 Try setting Cloudflare development mode ON and try to log in and see if
 the problem persists. Please set the development mode On, wait at least 1
 minute, reload wp-login.php and try.

 If this fixes the problem, its your Cloudflare config, not WordPress.

 Then the fix for you is to create a page rule in Cloudflare under 'Page
 Rules' -> Create page rule -> in the url field insert
 https://fearoflanding.com/*.php* and then click add a setting and select
 'Cache level' -> Bypass and save and deploy.

 Hope this fixes your problem.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/47980#comment:13>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list