WordPress.org

Make WordPress Core

Opened 4 years ago

Closed 2 months ago

#18685 closed defect (bug) (duplicate)

GET Requests with hostname in them causes wrong redirect

Reported by: Ueland Owned by:
Milestone: Priority: normal
Severity: normal Version: 3.2.1
Component: Bootstrap/Load Keywords: has-patch
Focuses: Cc:

Description

Hi!

I have noticed that my Android phone when using Cyanogenmod with default browser does some "special" things when on 3G. (It does not happend via WiFi)

It appears that the hostname is sent with every GET-request. Its common to only send the path in a GET-request but the HTTP secification also allows for the use of hostname within a GET-request.

My test page ( http://h3x.no/dump/test.php ) shows the hostname in the REQUEST_URI via 3G, and skips the hostname when on WiFi.

This causes Wordpress(i suspect) to redirect me to the wrong page.

Example:

I want the page:
http://h3x.no/2011/09/12/getting-windows-2008-server-uptime-via-the-command-line

My phone sends me to:
http://h3x.no/2011/09/12/getting-windows-2008-server-uptime-via-the-command-line/http/h3x.no/2011/09/12/getting-windows-2008-server-uptime-via-the-command-line

Attachments (1)

18685.diff (652 bytes) - added by solarissmoke 4 years ago.
Fix REQUEST_URI when HTTP request contains an absolute URI

Download all attachments as: .zip

Change History (5)

comment:1 @solarissmoke4 years ago

  • Keywords has-patch dev-feedback added; needs-patch removed

Confirmed that this happens when you use an absolute URI in the GET request. WordPress assumes (incorrectly it seems) that REQUEST_URI will never contain a hostname.

POC patch attached - although this issue has never come up before (probably because most clients are HTTP/1.1 compliant in this regard and send proper requests - the requirement to accept a fully qualified address is only for backward compatibility with HTTP/1.0), so I'm not sure whether the real bug lies with the client.

@solarissmoke4 years ago

Fix REQUEST_URI when HTTP request contains an absolute URI

comment:2 @dd3220 months ago

I have noticed that my Android phone when using Cyanogenmod with default browser does some "special" things when on 3G. (It does not happend via WiFi)

FWIW, this is probably due to a ISP-level proxy which passes the request on as a full url.

I tried to duplicate this, but it appears that Nginx sanitizes it to /request-uri/ before passing it to PHP, so wasn't easily able to test locally.

comment:3 @nacin15 months ago

  • Component changed from General to Bootstrap/Load

comment:4 @jeremyfelt2 months ago

  • Keywords dev-feedback removed
  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed

I'm going to close this as a duplicate of #17047, which is the root cause of this issue.

Note: See TracTickets for help on using tickets.