Make WordPress Core

Opened 13 years ago

Closed 10 years ago

#18685 closed defect (bug) (duplicate)

GET Requests with hostname in them causes wrong redirect

Reported by: ueland's profile Ueland Owned by:
Milestone: Priority: normal
Severity: normal Version: 3.2.1
Component: Bootstrap/Load Keywords: has-patch
Focuses: Cc:

Description

Hi!

I have noticed that my Android phone when using Cyanogenmod with default browser does some "special" things when on 3G. (It does not happend via WiFi)

It appears that the hostname is sent with every GET-request. Its common to only send the path in a GET-request but the HTTP secification also allows for the use of hostname within a GET-request.

My test page ( http://h3x.no/dump/test.php ) shows the hostname in the REQUEST_URI via 3G, and skips the hostname when on WiFi.

This causes Wordpress(i suspect) to redirect me to the wrong page.

Example:

I want the page:
http://h3x.no/2011/09/12/getting-windows-2008-server-uptime-via-the-command-line

My phone sends me to:
http://h3x.no/2011/09/12/getting-windows-2008-server-uptime-via-the-command-line/http/h3x.no/2011/09/12/getting-windows-2008-server-uptime-via-the-command-line

Attachments (1)

18685.diff (652 bytes) - added by solarissmoke 13 years ago.
Fix REQUEST_URI when HTTP request contains an absolute URI

Download all attachments as: .zip

Change History (5)

#1 @solarissmoke
13 years ago

  • Keywords has-patch dev-feedback added; needs-patch removed

Confirmed that this happens when you use an absolute URI in the GET request. WordPress assumes (incorrectly it seems) that REQUEST_URI will never contain a hostname.

POC patch attached - although this issue has never come up before (probably because most clients are HTTP/1.1 compliant in this regard and send proper requests - the requirement to accept a fully qualified address is only for backward compatibility with HTTP/1.0), so I'm not sure whether the real bug lies with the client.

@solarissmoke
13 years ago

Fix REQUEST_URI when HTTP request contains an absolute URI

#2 @dd32
11 years ago

I have noticed that my Android phone when using Cyanogenmod with default browser does some "special" things when on 3G. (It does not happend via WiFi)

FWIW, this is probably due to a ISP-level proxy which passes the request on as a full url.

I tried to duplicate this, but it appears that Nginx sanitizes it to /request-uri/ before passing it to PHP, so wasn't easily able to test locally.

#3 @nacin
11 years ago

  • Component changed from General to Bootstrap/Load

#4 @jeremyfelt
10 years ago

  • Keywords dev-feedback removed
  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed

I'm going to close this as a duplicate of #17047, which is the root cause of this issue.

Note: See TracTickets for help on using tickets.