Make WordPress Core

Opened 13 years ago

Closed 13 years ago

#16837 closed defect (bug) (wontfix)

New sanitize_option siteurl breaks https, cookies, sessions, load balancing, moves, devel etc.

Reported by: raymor's profile raymor Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Formatting Keywords: dev-feedback
Focuses: Cc:

Description (last modified by scribu)

In wp-includes/formatting.php, function wp-includes/formatting.php,
the following code has been added:

		case 'siteurl':
			if ( (bool)preg_match( '#http(s?)://(.+)#i', $value) ) {
				$value = esc_url_raw($value);
			} else {
				$value = get_option( $option ); // Resets option to stored value in the case of failed sanitization
				if ( function_exists('add_settings_error') )
					add_settings_error('siteurl', 'invalid_siteurl', __('The WordPress address you entered did not appear to be a valid URL. Please enter a valid URL.'));

		case 'home':
			if ( (bool)preg_match( '#http(s?)://(.+)#i', $value) ) {
				$value = esc_url_raw($value);

Forcing qualified URLs breaks a LOT of things.
Some of the bigger problems you see on all browsers

Breaks if your site is accessible via https as well as http.
Breaks anything that uses cookies and is accessible as and
Breaks PHP sessions in many cases.
Breaks load balancing such as
Makes moves, renames, and devel sites a real pain
For more on these problems and more, see for example:

I could go on and on, requiring the use of fully qualified
URLs via the new "validation" of the base URL, or doing
the same thing with "canonical redirects" just really
screws up a lot of things.

On the other hand, it does help your Google rank, but only
in the land of fairy tales. In the real world, Google already
assumes that and are the normally the same.
So the actual benefit is .. nothing.

Suggested action:
Remove the check which forces fully qualified URLs in formatting.php

Change History (2)

#1 @scribu
13 years ago

  • Component changed from General to Formatting
  • Description modified (diff)
  • Keywords dev-feedback added

#2 @nacin
13 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to wontfix
  • Status changed from new to closed

It doesn't break anything, unless you're doing something weird, in which case you can work around it. On the other hand, changing this, can break things. Known knowns better than known unknowns.

This is a design decision and not something we plan to change.

Note: See TracTickets for help on using tickets.