[wp-trac] [WordPress Trac] #17047: Not following spec for REQUEST_URI

WordPress Trac wp-trac at lists.automattic.com
Mon Apr 4 20:11:00 UTC 2011

#17047: Not following spec for REQUEST_URI
 Reporter:  sterlo         |      Owner:
     Type:  defect (bug)   |     Status:  new
 Priority:  normal         |  Milestone:  Awaiting Review
Component:  Rewrite Rules  |    Version:  3.1
 Severity:  normal         |   Keywords:  has-patch
 Possibly related: #16932

 Spec: http://www.w3.org/Protocols/rfc2616/rfc2616-sec5.html#sec5.1.2

 Structure: http://en.wikipedia.org/wiki/URI_scheme#Examples

 The spec for REQUEST_URI:
 Request-URI    = "*" | absoluteURI | abs_path | authority

 The specs for REQUEST_URI in Apache are such that it allows for absolute
 paths to a given resource.

 Given that throughout WordPress there are concatenations like:

 These are intended to generate "mysite.com/resources"

 But in certain cases will generated "mysite.com/mysite.com/resources"

 Case Study:
 GET http://subdomain.mydomain.com/ HTTP/1.1

 This should be allowed.

 Apache in this case sets the URI to

 Solution: Do not assume that URI is not an absolute path.

 A quick fix is something like the patch attached.

Ticket URL: <http://core.trac.wordpress.org/ticket/17047>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list