WordPress.org

Make WordPress Core

Opened 4 years ago

Closed 4 months ago

#16909 closed defect (bug) (wontfix)

some Location headers are using relative url's (2)

Reported by: hakre Owned by:
Milestone: Priority: normal
Severity: normal Version: 3.1
Component: HTTP API Keywords:
Focuses: Cc:

Description

I started this in #14062 and already did some fixes for 3.1.

Just collecting some more and providing patches.

Attachments (5)

16909.patch (9.9 KB) - added by hakre 4 years ago.
Some leftover
16909.2.patch (841 bytes) - added by hakre 4 years ago.
those two
16909.3.patch (635 bytes) - added by hakre 4 years ago.
referer field
16909.4.patch (1012 bytes) - added by hakre 4 years ago.
Triggered by logout of the admin bar on frontend
16909.5.patch (545 bytes) - added by hakre 4 years ago.
Triggered by dashboard.php

Download all attachments as: .zip

Change History (16)

@hakre4 years ago

Some leftover

comment:1 @hakre4 years ago

Fix strategy: admin_url -> self_admin_url as we did in first round as well.

comment:2 @voyagerfan57614 years ago

  • Cc WordPress@… added

comment:3 @dd324 years ago

  • Keywords has-patch removed

admin_url will return a absolute URL. self_admin_url() is only needed for pages accessible from both the Network admin (or users admin) as well as the normal admin.

comment:4 @hakre4 years ago

Replying to dd32:

admin_url will return a absolute URL. self_admin_url() is only needed for pages
accessible from both the Network admin (or users admin) as well as the normal
admin.

Ah, okay. Had not thought about that, the first patch was mainly a regex search, so I assume most of it does not apply any longer.

what about /wp-admin/network/edit.php and /wp-amin/user/admin.php? Is it the same?

@hakre4 years ago

those two

@hakre4 years ago

referer field

comment:5 @hakre4 years ago

Found it via the options page. A _wp_http_referer is placed in there and later used in options.php to redirect to (/wp-admin/options.php:161). It was no full absolute location.

@hakre4 years ago

Triggered by logout of the admin bar on frontend

comment:6 @hakre4 years ago

Better HTTP Redirects now supports WB_DEBUG and displays extensive information about the redirect.

comment:7 @hakre4 years ago

Related: #16907

comment:8 @hakre4 years ago

/wp-admin/includes/dashboard.php:127 creates a redirect w/o an absolute URI.

@hakre4 years ago

Triggered by dashboard.php

comment:9 @hakre4 years ago

/wp-admin/user-new.php:100, /wp-admin/users.php:131

Related: #17018

Last edited 4 years ago by hakre (previous) (diff)

comment:10 @nacin14 months ago

  • Component changed from General to HTTP

comment:11 @dd324 months ago

  • Milestone Awaiting Review deleted
  • Resolution set to wontfix
  • Status changed from new to closed

Location headers may contain relative paths. All browsers support this.

Early revisions of the HTTP/1.1 specification specified absolute URI's only (ie. RFC2616) however later revisions allow for a relative URI as all browsers handle it and it matches the usage in the wild RFC7231.

Note: See TracTickets for help on using tickets.