[wp-trac] [WordPress Trac] #62355: WP sets REQUEST_URI to an invalid value if it's not set
WordPress Trac
noreply at wordpress.org
Thu Dec 19 14:29:32 UTC 2024
#62355: WP sets REQUEST_URI to an invalid value if it's not set
--------------------------+------------------------------
Reporter: kkmuffme | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version:
Severity: normal | Resolution:
Keywords: has-patch | Focuses:
--------------------------+------------------------------
Comment (by siliconforks):
Yes, I saw the PR - that's what motivated me to comment on this issue in
the first place: the PR doesn't make any sense. It sets the value of
`$_SERVER['REQUEST_URI']` to a URL which was never actually requested. I
see at least 3 problems with this:
1. Setting `$_SERVER['REQUEST_URI']` to `/` will break any code which
checks `$_SERVER['REQUEST_URI']` to determine whether WordPress is running
from the command-line (e.g., in WP-CLI).
2. The URL `/` will be nonsensical for WordPress installations that are
not in the server document root - e.g., a WordPress installation at
`http://example.com/blog/`. This could confuse any code which is
attempting to parse the URL.
3. If WordPress is installed in the server document root, that may be even
worse - `$_SERVER['REQUEST_URI']` is getting set to a valid URL that was
not actually requested. This may result in false positives for any code
attempting to identify which URL was requested (for example, consider an
analytics plugin which counts requests to each URL - setting
`$_SERVER['REQUEST_URI']` to `/` may result in an inflated count for the
home page).
--
Ticket URL: <https://core.trac.wordpress.org/ticket/62355#comment:6>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list