[wp-trac] [WordPress Trac] #21602: redirect_canonical can lead to infinite loop on index navigation if site url is not all lower case

WordPress Trac noreply at wordpress.org
Mon Sep 3 15:39:55 UTC 2018 

#21602: redirect_canonical can lead to infinite loop on index navigation if site
url is not all lower case
-------------------------------------------------+-------------------------
 Reporter:  sreedoap                             |       Owner:  (none)
     Type:  defect (bug)                         |      Status:  assigned
 Priority:  normal                               |   Milestone:  Future
                                                 |  Release
Component:  Canonical                            |     Version:
 Severity:  blocker                              |  Resolution:
 Keywords:  needs-unit-tests has-patch           |     Focuses:
  4.6-early                                      |
-------------------------------------------------+-------------------------

Comment (by niceguyit):

 I ran into this today and narrowed it down to how `redirect_canonical()`
 handles mixed-case domains. The first time through, `$requested_url` is
 `NULL` and the URL is built from `$_SERVER['HTTP_HOST']` which will always
 be lowercase.

 Line 63: wp-includes/canonical.php
 {{{#!php
     if ( ! $requested_url && isset( $_SERVER['HTTP_HOST'] ) ) {
         // build the URL in the address bar
         $requested_url  = is_ssl() ? 'https://' : 'http://';
         $requested_url .= $_SERVER['HTTP_HOST'];
         $requested_url .= $_SERVER['REQUEST_URI'];
     }
 }}}

 As it goes through the checks, this section is called and the
 `$redirect_url` is pulled from `home_url('/')`. @nacin mentioned this
 above. What isn't made clear is that it uses the site address setting
 which could be mixed case.

 Line 177: wp-includes/canonical.php
 {{{#!php
         } elseif ( is_page() && !is_feed() && 'page' ==
 get_option('show_on_front') && get_queried_object_id() ==
 get_option('page_on_front')  && ! $redirect_url ) {
             $redirect_url = home_url('/');
 }}}

 For me, the solution was to make the `home_url('/')` lowercase to match
 `$_SERVER['HTTP_HOST']`.

 {{{#!php
         } elseif ( is_page() && !is_feed() && 'page' ==
 get_option('show_on_front') && get_queried_object_id() ==
 get_option('page_on_front')  && ! $redirect_url ) {
             $redirect_url = strtolower(home_url('/'));
 }}}

 Before the actual redirect is called, a recursive call to
 `redirect_canonical()` is made except this time `$redirect_url` is not
 `NULL` and could be mixed case. The second time though all the checks seem
 to be accurate/work.

 Line 678: wp-includes/canonical.php
 {{{#!php
     if ( $do_redirect ) {
         // protect against chained redirects
         if ( !redirect_canonical($redirect_url, false) ) {
             wp_redirect($redirect_url, 301);
             exit();
 }}}

 The line numbers correspond to WordPress 4.9.8.

 I'm using the enigma theme, version 4.6, which makes use of
 `is_front_page()`.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/21602#comment:34>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list