[wp-trac] [WordPress Trac] #37670: wp_validate_redirect fails when running WordPress on a port

WordPress Trac noreply at wordpress.org
Mon Aug 15 15:21:53 UTC 2016 

#37670: wp_validate_redirect fails when running WordPress on a port
--------------------------+------------------------------
 Reporter:  raptor235     |       Owner:
     Type:  defect (bug)  |      Status:  new
 Priority:  normal        |   Milestone:  Awaiting Review
Component:  Security      |     Version:  4.5.3
 Severity:  normal        |  Resolution:
 Keywords:                |     Focuses:
--------------------------+------------------------------
Description changed by ocean90:

Old description:

> $allowed_hosts is checking againts host value the parsed host value
> doesn't contain the port number and $wpp does. Thereror hosts aren't
> matched and wp_validate_redirect fails.
>
>     $lp = @parse_url($test);
>
> equals
>
> array (size=4)
>   'scheme' => string 'http' (length=4)
>   'host' => string 'localhost' (length=9)
>   'port' => int 3002
>   'path' => string '/project/xactly-com/insights/' (length=29)
>
> where
>
>     $wpp = parse_url(home_url());
>
> equals
>
> array (size=2)
>   'scheme' => string 'http' (length=4)
>   'host' => string 'localhost:3002' (length=23)
>

> will result in
>
>     if (isset($lp['host']) && (!in_array($lp['host'], $allowed_hosts) &&
> $lp['host'] != strtolower($wpp['host']))) {
>

> failing
>
> The server is running on a local proxy.

New description:

 $allowed_hosts is checking againts host value the parsed host value
 doesn't contain the port number and $wpp does. Thereror hosts aren't
 matched and wp_validate_redirect fails.


 {{{
 $lp = @parse_url($test);
 }}}


 equals


 {{{
 array (size=4)
   'scheme' => string 'http' (length=4)
   'host' => string 'localhost' (length=9)
   'port' => int 3002
   'path' => string '/project/xactly-com/insights/' (length=29)
 }}}


 where


 {{{
 $wpp = parse_url(home_url());
 }}}


 equals


 {{{
 array (size=2)
   'scheme' => string 'http' (length=4)
   'host' => string 'localhost:3002' (length=23)
 }}}


 will result in


 {{{
 if (isset($lp['host']) && (!in_array($lp['host'], $allowed_hosts) &&
 $lp['host'] != strtolower($wpp['host']))) {
 }}}


 failing

 The server is running on a local proxy.

--

--
Ticket URL: <https://core.trac.wordpress.org/ticket/37670#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list