[wp-trac] [WordPress Trac] #43745: (Yet another ; -) Redirect loop with encoded query keys
WordPress Trac
noreply at wordpress.org
Thu Apr 12 11:11:34 UTC 2018
#43745: (Yet another ;-) Redirect loop with encoded query keys
--------------------------+-----------------------------
Reporter: wrwrwr0 | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Canonical | Version: trunk
Severity: minor | Keywords:
Focuses: |
--------------------------+-----------------------------
Some live examples:
https://news.microsoft.com/?%C2%A2 [[br]]
https://newsroom.fb.com/?%C2%A2 [[br]]
https://www.thewaltdisneycompany.com/?%C2%A2
(At the time of writing these show "page isn't redirecting properly" /
"redirected you too many times" notice.)
To reproduce on a fresh install set some permalink structure and put a
static page on front, for convenience:
{{{#!bash
wp rewrite structure '/%year%/%monthnum%/%postname%/'
wp option update show_on_front page
wp option update page_on_front 2
}}}
Observe a 301 with the location exactly matching the request:
{{{#!bash
curl -I http://test.local/?%C2%A2
}}}
(Query with any character in a key matching
[https://core.trac.wordpress.org/browser/tags/4.9.5/src/wp-
includes/pluggable.php#L1232 the first regex] in
wp_sanitize_redirect().)
[https://core.trac.wordpress.org/browser/tags/4.9.5/src/wp-
includes/canonical.php#L42 redirect_canonical()] is hooked by default to
`template_redirect`. Under some circumstances `$redirect_url` can be set
to more or less the same as `$requested_url` in the somewhat lengthy "is
404" conditional. The code that readds additional query args, around
[https://core.trac.wordpress.org/browser/tags/4.9.5/src/wp-
includes/canonical.php#L360 line 360] of the function, uses
[https://core.trac.wordpress.org/browser/tags/4.9.5/src/wp-
includes/formatting.php#L2475 rawurlencode_deep()], which leaves keys
unencoded. In consequence, `$requested_url` and `$redirect_url` around
[https://core.trac.wordpress.org/browser/tags/4.9.5/src/wp-
includes/canonical.php#L490 line 490] may differ only in query encoding.
Further, `wp_sanitize_request()`, applied after the chained redirects
check, reencodes some multibyte characters.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/43745>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list