[wp-trac] [WordPress Trac] #41766: Infinite redirection loop on accessing wp-admin/user/

Tue Sep 5 11:00:37 UTC 2017

#41766: Infinite redirection loop on accessing wp-admin/user/
-------------------------------+----------------------------------------
 Reporter:  Butuzov            |       Owner:
     Type:  defect (bug)       |      Status:  closed
 Priority:  normal             |   Milestone:  Awaiting Review
Component:  Users              |     Version:  3.1
 Severity:  normal             |  Resolution:  invalid
 Keywords:  reporter-feedback  |     Focuses:  administration, multisite
-------------------------------+----------------------------------------
Changes (by Butuzov):

 * status:  new => closed
 * resolution:   => invalid

Comment:

 Thank you so much for testing of what I called "a bug". I also have a
 chance to test all of my assumptions in "clean install test". I was able
 to reproduce "bug" (in quotes because now I am not sure this is a bug at
 all after `test case`...).

 Steps to repeat "bug":

 1) Create `cms` directory in server root.
 2) Create `wp-config.php` (or copy) with default install values (DB_*
 constants and AUTH salts contacts).
 3) Move WordPress code into `cms` directory.
 4) Proceed to install. At this step, we have a normal WordPress install in
 the custom directory.
 5) Change Site Adress URL in Settings->General->Site Address (URL) to
 point to server home directory (https://example.org), while WP Adress will
 point to https://example.org/cms/

 7) Prepare to Multidomain install. Add `WP_ALLOW_MULTISITE` to wp-
 config.php  and setup wildcard domain .

 {{{#!php
 define('WP_ALLOW_MULTISITE', true);
 }}}

 8) Open Tools->Network Setup and Pick "Sub-domains", then proceed to
 "Install".
 9) Copy Contants to wp-config.php (except `PATH_CURRENT_SITE` and
 `SUBDOMAIN_INSTALL`)

 Now I am able to log example.org/cms/wp-admin and use example.org. But
 because $current_blog->path isn't same as $current_site->path (1st is '/'
 and 2nd one is '/cms/'), it's impossible to use user admin and network
 admin without infinite redirection loop. I still struggling to understand
 a meaning of redirection to `network_admin_url()` and `user_admin_url()`
 in `(network|user)/admin.php` but I guess, it's my messed up settings
 brought a problem I am describing.

 notes:

 1) None of .htaccess contents isn't copied, so we can't disclose wp-admin
 directory to attackers (ones that trying to break-in backend using
 dictionaries ).

 2) Defining `PATH_CURRENT_SITE` to '/' require also rewrite rules, from
 note 1

 3) Constants  `PATH_CURRENT_SITE` and `SUBDOMAIN_INSTALL` are defined in
 wp-config later based on requested domain (some of the websites are
 allowed to be installed in "sub-directories")

 '''I am really sorry for your wasted time and hope never repeat myself on
 "false bug reporting" again.''' In anycase thank you for your time.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/41766#comment:8>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform