WordPress.org

Make WordPress Core

Opened 6 months ago

Closed 6 months ago

Last modified 6 months ago

#22899 closed defect (bug) (fixed)

Don't use arrays when passing to load-scripts.php

Reported by: georgestephanis Owned by: nacin
Priority: normal Milestone: 3.5.1
Component: General Version: 3.5
Severity: normal Keywords: has-patch
Cc:

Description

A semi-revert of #22757 to take the path less traveled.

Arrays are breaking some installs, let's stop doing it and try a different way.

Attachments (3)

22899.diff (1.8 KB) - added by georgestephanis 6 months ago.
22899.2.diff (604 bytes) - added by nacin 6 months ago.
22899.3.diff (595 bytes) - added by nacin 6 months ago.
Testing without chunking

Download all attachments as: .zip

Change History (10)

georgestephanis6 months ago

comment:1 Otto426 months ago

The problem isn't the use of the arrays, I think. The problem is really that the brackets of [ ] are not URL encoded.

What's happening most often is that there are rules in an .htaccess file that's directly blocking square brackets in requests. If these were properly URL encoded, then they wouldn't be hitting these rules and PHP would still be treating them properly.

You have to encode & as & , and you have to brackets as %5B and %5D to be correct with the spec.

Version 0, edited 6 months ago by Otto42 (next)

comment:2 cnorris236 months ago

This was my exact issue earlier, and Otto is correct. There were rules specifically blocking the square brackets. Encoding them, which is technically correct as Otto stated, fixes the issue.

comment:3 nacin6 months ago

  • Milestone changed from Awaiting Review to 3.5.1

Darn it. I was really close to encoding these, too.

comment:4 markjaquith6 months ago

Let's get confirmation that encoding does or does not fix the issue on mod_pagespeed systems, as well as whether georgestephanis' patch does or does not fix the issue on mod_pagespeed systems. I think we've confirmed that either solves the issue for Bulletproof Security systems.

nacin6 months ago

nacin6 months ago

Testing without chunking

comment:5 nacin6 months ago

I did quite a number of tests on a box set up with pagespeed (courtesy of ipstenu) and found that pagespeed is overall very finicky when files change, but that it worked (or didn't) with load=, load[]=, and load%5B%5D=.

According to ipstenu, Dreamhost got maybe a half-dozen of these reports, and whether they break is intermittent at best. A site on DH that I tested worked fine. I suggest they move forward with excluding wp-admin for now.

So, moving forward with 22899.2.diff.

comment:6 nacin6 months ago

  • Owner set to nacin
  • Resolution set to fixed
  • Status changed from new to closed

In 23201:

Encode brackets in the load-scripts.php URL, as these are considered unsafe characters and can be misunderstood. (See RFC 1738.) In particular, a "security" rewrite rule from a plugin blocked URLs with unencoded brackets. fixes #22899 for trunk.

comment:7 nacin6 months ago

In 23202:

Encode brackets in the load-scripts.php URL, as these are considered unsafe characters and can be misunderstood. (See RFC 1738.) In particular, a "security" rewrite rule from a plugin blocked URLs with unencoded brackets. fixes #22899 for the 3.5 branch.

--Thia and those below, will be ignored--

M script-loader.php

Note: See TracTickets for help on using tickets.