[wp-trac] [WordPress Trac] #49369: redirect_canonical() should strip trailing protocols

WordPress Trac noreply at wordpress.org
Wed Feb 4 06:08:09 UTC 2026 

#49369: redirect_canonical() should strip trailing protocols
----------------------------------------+------------------------------
 Reporter:  onlyonemj                   |       Owner:  (none)
     Type:  defect (bug)                |      Status:  new
 Priority:  normal                      |   Milestone:  Awaiting Review
Component:  Canonical                   |     Version:  5.3.2
 Severity:  major                       |  Resolution:
 Keywords:  needs-unit-tests has-patch  |     Focuses:
----------------------------------------+------------------------------
Changes (by huzaifaalmesbah):

 * keywords:  needs-unit-tests has-patch needs-testing => needs-unit-tests
     has-patch


Comment:

 === Patch Testing Report

 Patch Tested: https://github.com/WordPress/wordpress-develop/pull/9194

 === Environment
 - WordPress: 7.0-alpha-61215-src
 - PHP: 8.2.30
 - Server: nginx/1.29.4
 - Database: mysqli (Server: 9.5.0 / Client: mysqlnd 8.2.30)
 - Browser: Chrome 144.0.0.0
 - OS: macOS
 - Theme: Twenty Twenty-Five 1.4
 - MU Plugins: None activated
 - Plugins:
   * Classic Editor 1.6.7
   * Hello Dolly 1.7.2
   * Test Reports 1.2.1

 === Steps taken

 1. Started with a clean WordPress trunk install.
 2. Tested URLs containing mid-path protocols directly in the browser:
 {{{
    /http://
    /https://
    /https://example.com
    /abc/http://test
    /xyz//https:///abcd
 }}}

 3. Observed behavior before applying the patch.

 4. Before applying the patch:
 - redirect_canonical() attempts to normalize slashes
 - leaves broken fragments like:
   http:/
 - results in redirects between invalid/nonexistent URLs
 - produces malformed canonical URLs
 - crawlers may follow incorrect 301s
         - Example:
         https://domain.com/http://
         → redirects to
         https://domain.com/http:/

 5. Applied PR.
 6. Repeated the same tests.

 7. After applying the patch:
 - protocol fragments inside the path are stripped correctly
 - redirects resolve to clean canonical URLs
 - no malformed http:/ or https:/ remains
 - no redirect loops
 - correct 301 behavior
         - Example:
         https://domain.com/http://
         → redirects to
         https://domain.com/
         - Example:
         https://domain.com/http://test
         → redirects to
         https://domain.com/test


 === Expected result
 - redirect_canonical() should remove protocol-prefixed substrings
 appearing mid-path
 - URLs should resolve to a valid canonical path
 - No malformed http:/ or https:/ fragments

 === Screenshots/Screencast with results
 Video demonstration (before vs after):
 https://files.catbox.moe/fkpkae.mp4

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/49369#comment:7>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list