[wp-trac] Re: [WordPress Trac] #3727: WP->parse_request() won't replace $pathinfo when $req_uri contains any %## encoding character.

WordPress Trac wp-trac at lists.automattic.com
Thu Jun 14 08:35:27 GMT 2007 

#3727: WP->parse_request() won't replace $pathinfo when $req_uri contains any %##
encoding character.
-------------------------------+--------------------------------------------
 Reporter:  Kirin_Lin          |        Owner:  ryan    
     Type:  defect             |       Status:  reopened
 Priority:  normal             |    Milestone:  2.2.2   
Component:  General            |      Version:  2.2     
 Severity:  blocker            |   Resolution:          
 Keywords:  rewrite permalink  |  
-------------------------------+--------------------------------------------
Comment (by Kirin_Lin):

 Replying to [comment:17 hakre]:
 > I reopened this, becasue this Fix creates new Defects in the Rewrite
 Rule parsing engine. It transposes "%26"s into "&"s which are then passed
 to query string parser and will create a new query string values.
 >
 > Can confirm that this is in 2.2 now.
 I realized what hakre said, so I rethink the problem and how to solve it.
 When we use urldecode(or rawueldecode) function to convert URI, it may
 cause security problem. In WordPress, the post title will be sanitized. I
 notice normal utf8 characters will be convert by utf8_uri_encode
 function.[[BR]]
 Since we have risk by using decoding function, why don't we convert
 $pathinfo by using encoding function?[[BR]]
 Thus, I try to use these code to test:
 {{{
         if( seems_utf8($pathinfo) )
                 $pathinfo = utf8_uri_encode($pathinfo);
         $req_uri = str_replace($pathinfo, '', $req_uri);
 }}}
 and
 {{{
         $pathinfo = utf8_uri_encode($pathinfo);
 }}}

 Now, posts seem fine, but pages are broken. Because the rewrite rules are
 decoded utf8 from changeset:1841 when generating page index uri.[[BR]]
 I undo the changeset and flush rules again, then pages come back.[[BR]]
 Posts and Pages are fine now. I will do more test before i submit another
 patch.

-- 
Ticket URL: <http://trac.wordpress.org/ticket/3727#comment:27>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list