[wp-trac] [WordPress Trac] #7270: tilde character encoded by mod_proxy creates a redirect loop on login

WordPress Trac wp-trac at lists.automattic.com
Wed Jul 9 15:55:49 GMT 2008


#7270: tilde character encoded by mod_proxy creates a redirect loop on login
----------------------------+-----------------------------------------------
 Reporter:  hopson          |       Owner:  anonymous
     Type:  defect          |      Status:  new      
 Priority:  normal          |   Milestone:  2.7      
Component:  Administration  |     Version:           
 Severity:  normal          |    Keywords:           
----------------------------+-----------------------------------------------
 When unix user accounts are frontended by Apache+mod_proxy, the tilde
 character (~) is encoded as %7E.  RFC 2396 states that it does not need to
 be encoded, and Apache 2.3 has fixed this:

   http://svn.apache.org/repos/asf/httpd/httpd/trunk/CHANGES

 In wp-includes/pluggable.php, function auth_redirect (line 612 in
 wordpress 2.5.1):

 {{{
 wp_redirect(get_option('siteurl') . '/wp-login.php?redirect_to=' .
 urlencode($_SERVER['REQUEST_URI']));
 }}}

 creates a redirect loop, because REQUEST_URI already contains the decoded
 %7E, so it is double-encoded, and then fails the path check (against
 wp_settings('home'); I believe).

 The attached patch (for Wordpress 2.5.1) adds a call to urldecode() before
 urlencode(), to turn the %7E back into tilde.

-- 
Ticket URL: <http://trac.wordpress.org/ticket/7270>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list