#14062 closed defect (bug) (fixed)
some Location headers are using relative url's
Reported by: |
|
Owned by: |
|
---|---|---|---|
Milestone: | 3.1 | Priority: | normal |
Severity: | normal | Version: | 3.0 |
Component: | Administration | Keywords: | has-patch |
Focuses: | Cc: |
Description
While being on my HTTP related work lately I came over another issue. Many Redirects are violating the HTTP RFC in a way that the Location header is not containing an absolute URI as of which is to be used:
The Location response-header field is used to redirect the recipient
to a location other than the Request-URI for completion of the
request or identification of a new resource. For 201 (Created)
responses, the Location is that of the new resource which was created
by the request. For 3xx responses, the location SHOULD indicate the
server's preferred URI for automatic redirection to the resource. The
field value consists of a single absolute URI.
Location = "Location" ":" absoluteURI
An example is:
Location: http://www.w3.org/pub/WWW/People.html
14.30 Location/RFC 2616; HTTP/1.1; June 1999
When I analyze the output, I get the following location header line:
Location: plugins.php?deactivate=true&plugin_status=active&paged=1
This is a relative URI, not a absolute one.
Attachments (3)
Change History (23)
#2
@
15 years ago
- Component changed from HTTP to Administration
- Owner set to dd32
- Status changed from new to accepted
- Summary changed from plugins.php violates Location Header HTTP 1.1 Specification to some Location headers are using relative url's
#5
@
15 years ago
One way would be to check each call of wp_redirect()
. Another idea I have is to integreate a warning inside my better redirects plugin that does throw warnings if WP_DEBUG is enabled. Can help with plugin development as well.
#6
@
14 years ago
Cross reference to a problem caused by this: #14904 (Install page not redirecting to wp-admin/ on IIS6)
#9
@
14 years ago
I'm considering what we should accept for wp_redirect();
Right now, I'm thinking that the addition of a wp_admin_redirect() which wraps the url with admin_url() before passing into wp_redirect() would be useful.
The other possibility is something such as this in wp_redirect:
if ( ! is a absolute url starting with a scheme ) { $url = is_admin() ? admin_url($url) : site_url($url); }
That will catch more faulty redirects - but may break some plugins. In core it's mainly admin redirects which do not specify a full url, and wp-login.php.
#10
@
14 years ago
- Keywords needs-patch added
If someone wants to do something about this for 3.1, it needs a patch to be posted now, or be punted to 3.2, as we are coming up on freeze.
#16
@
14 years ago
attachment:ticket:14062:14062.patch
Use self_admin_url() in class-wp-plugin-install-list-table.php.
Related: #13909