[wp-trac] [WordPress Trac] #49510: Regular expression metacharacters in category and tag base lead rewrite rules to fail.
WordPress Trac
noreply at wordpress.org
Tue Feb 25 11:05:59 UTC 2020
#49510: Regular expression metacharacters in category and tag base lead rewrite
rules to fail.
---------------------------+------------------------------
Reporter: raaaahman | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Rewrite Rules | Version: 5.3.2
Severity: normal | Resolution:
Keywords: | Focuses: administration
---------------------------+------------------------------
Description changed by SergeyBiryukov:
Old description:
> Steps to reproduce (theme Twenty Twenty):
>
> 1. Go to ''Settings > Permalinks'', search for the ''Category base''
> and/or a ''Tag base'' with some [RegExp meta-
> characters](https://www.php.net/manual/en/regexp.reference.meta.php), for
> example:
>
> [[Image(set-permalinks.png)]]
>
> 2. Try to access a category archive page, either by typing its URL
> directly in your web browser, or by clicking on a generated link for this
> category:
>
> [[Image(category-page.png)]]
>
> 3. Same for tag archive page:
>
> [[Image(category-base.png)]]
>
> I've done some research, and it seems that a similar bug happen with
> feeds URL: https://core.trac.wordpress.org/ticket/43571
>
> The proposed solution in the above patch is to escape the rewrite rules
> with PHP built in function `preg_quote()`, which would solve this problem
> too if we apply it in the correct location. But what is the correct
> location? And could other parts of the rewrite rules
> generation/evaluation benefits of escaping too?
>
> I don't know if it should be discussed in the same ticket, but after
> solving this issue, this would allow WordPress administrators to use
> reserved characters (as defined in [RFC
> 3986](https://tools.ietf.org/html/rfc3986#section-2.2) in their URLs...
New description:
Steps to reproduce (theme Twenty Twenty):
1. Go to ''Settings > Permalinks'', search for the ''Category base''
and/or a ''Tag base'' with some [RegExp meta-
characters](https://www.php.net/manual/en/regexp.reference.meta.php), for
example:
[[Image(permalinks.png)]]
2. Try to access a category archive page, either by typing its URL
directly in your web browser, or by clicking on a generated link for this
category:
[[Image(category-page.png)]]
3. Same for tag archive page:
[[Image(tag-page.png)]]
I've done some research, and it seems that a similar bug happen with feeds
URL: #43571
The proposed solution in the above patch is to escape the rewrite rules
with PHP built in function `preg_quote()`, which would solve this problem
too if we apply it in the correct location. But what is the correct
location? And could other parts of the rewrite rules generation/evaluation
benefits of escaping too?
I don't know if it should be discussed in the same ticket, but after
solving this issue, this would allow WordPress administrators to use
reserved characters (as defined in [RFC
3986](https://tools.ietf.org/html/rfc3986#section-2.2) in their URLs...
--
--
Ticket URL: <https://core.trac.wordpress.org/ticket/49510#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list