Opened 14 years ago
Closed 13 years ago
#16837 closed defect (bug) (wontfix)
New sanitize_option siteurl breaks https, cookies, sessions, load balancing, moves, devel etc.
Reported by: | raymor | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | |
Component: | Formatting | Keywords: | dev-feedback |
Focuses: | Cc: |
Description (last modified by )
In wp-includes/formatting.php, function wp-includes/formatting.php,
the following code has been added:
case 'siteurl': if ( (bool)preg_match( '#http(s?)://(.+)#i', $value) ) { $value = esc_url_raw($value); } else { $value = get_option( $option ); // Resets option to stored value in the case of failed sanitization if ( function_exists('add_settings_error') ) add_settings_error('siteurl', 'invalid_siteurl', __('The WordPress address you entered did not appear to be a valid URL. Please enter a valid URL.')); } break; case 'home': if ( (bool)preg_match( '#http(s?)://(.+)#i', $value) ) { $value = esc_url_raw($value);
Forcing qualified URLs breaks a LOT of things.
Some of the bigger problems you see on all browsers
are:
Breaks if your site is accessible via https as well as http.
Breaks anything that uses cookies and is accessible as
www.site.com and site.com.
Breaks PHP sessions in many cases.
Breaks load balancing such as www1.site.com
and www2.site.com
Makes moves, renames, and devel sites a real pain
For more on these problems and more, see for example:
- http://codex.wordpress.org/Changing_The_Site_URL
- http://wordpress.org/support/topic/dont-save-fully-qualified-domains-in-the-database
- http://wordpress.org/support/topic/htaccess-038-wordpress
- http://wordpress.org/support/topic/site-in-a-infinite-loop
I could go on and on, requiring the use of fully qualified
URLs via the new "validation" of the base URL, or doing
the same thing with "canonical redirects" just really
screws up a lot of things.
On the other hand, it does help your Google rank, but only
in the land of fairy tales. In the real world, Google already
assumes that www.site.com and site.com are the normally the same.
So the actual benefit is .. nothing.
Suggested action:
Remove the check which forces fully qualified URLs in formatting.php
It doesn't break anything, unless you're doing something weird, in which case you can work around it. On the other hand, changing this, can break things. Known knowns better than known unknowns.
This is a design decision and not something we plan to change.