[wp-trac] [WordPress Trac] #34683: Default .htaccess config creates rewrite infinite loops for path-based multisite installations

WordPress Trac noreply at wordpress.org
Thu Sep 22 20:55:45 UTC 2016


#34683: Default .htaccess config creates rewrite infinite loops for path-based
multisite installations
---------------------------------------+------------------------------
 Reporter:  rob006                     |       Owner:
     Type:  defect (bug)               |      Status:  new
 Priority:  normal                     |   Milestone:  Awaiting Review
Component:  Rewrite Rules              |     Version:  4.3.1
 Severity:  normal                     |  Resolution:
 Keywords:  needs-patch needs-testing  |     Focuses:  multisite
---------------------------------------+------------------------------

Comment (by johnjamesjacoby):

 Hey everyone!

 IIRC, the reason these rules are lenient is because of TinyMCE, namely
 `wp-includes/js/tinymce/wp-tinymce.php`. This file is requested directly
 by the browser via an iframe, hence it needs to be open-world executable.

 If not for that, I believe all of `wp-includes` could be denied
 completely, which would simplify these rules a bit, and allow them to be
 more specific.

 I agree that the solution for #20746 looks like it would address this
 issue, too, but I'm afraid to close this ticket without a more confident
 fix on that one. And, if it turns out the fix is somewhat unrelated, we've
 accidentally confused our future selves, so I'm in favor of leaving this
 ticket open, at least until we've more deeply confirmed the relationship
 between them.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/34683#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list