WordPress.org

Make WordPress Core

Opened 17 months ago

Last modified 17 months ago

#22798 new enhancement

Invalid URLs not giving 404 with "Default" permalink settings

Reported by: vanchuck Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 3.4.2
Component: Rewrite Rules Keywords:
Focuses: Cc:

Description

Steps to reproduce:

Expected Behaviour:

  • 404 page is displayed

Observed Behaviour:

  • No 404 page is ever shown, no matter what the request string is
  • Instead, Wordpress behaves as if no path was requested, eg displaying the homepage/posts lists.
  • If requested url has any of the standard params in it, those params ARE executed, eg http://blogroot.com/foo?paged=2 would properly show the 2nd page of the posts.

Suspected cause:

In line 620 of wp-includes/class-wp.php (in WP->parse_request), there is a conditional which means the only time the request can be marked as a 404 error is if the array of rewrite rules is NOT empty:

        $rewrite = $wp_rewrite->wp_rewrite_rules();

        if ( ! empty($rewrite) ) {
           ...

If the "Default" permalink is selected, and no other rewrite rules are set up elsewhere (for reasons I didn't investigate, adding a add_rewrite_rule to the theme didn't affect anything), then the $rewrite array IS empty and the request can not be checked to see if it's a 404. Therefore, execution of the request continues as if no path info were submitted.

This prevents the showing of the theme's 404 page, and can get a website flagged as spam/exploitative in Google's index.

Workaround:

Define a permalink redirect (eg pick one of the options other than Default).

Server info:

Apache/2.2.16 (Debian) (w/ mod_rewrite)
PHP Version 5.3.3-7+squeeze3 (mod_php5)

.htaccess contents:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

Change History (6)

comment:1 follow-up: nacin17 months ago

and can get a website flagged as spam/exploitative in Google's index.

At this point, I lost you. Huh?

comment:2 in reply to: ↑ 1 vanchuck17 months ago

Replying to nacin:

and can get a website flagged as spam/exploitative in Google's index.

At this point, I lost you. Huh?

It's a side-effect of having a website that redirects a number of pages to the same content, without a proper redirect HTTP Response Code (eg 301, 304). It's a technique spam/link farms use a lot so Google basically outlaws it (they call it Cloaking). I found out about the issue I'm reporting in this ticket, because Google sent me an email saying my blog had been flagged as Malware because of this behaviour. Here's the link they provided with more info:

https://support.google.com/webmasters/bin/answer.py?hl=en&answer=66355

Last edited 17 months ago by vanchuck (previous) (diff)

comment:4 knutsp17 months ago

  • Cc knut@… added

comment:5 follow-up: dd3217 months ago

The rewrite rules is what's causing the problem here I believe.

If you're using the Default Permalinks, that is, ?p=123, then you don't need the .htaccess rewrite rules.. when running "without pretty url's" WordPress doesn't parse the request uri and only looks for the $_GET variables (as that's all that concerns it).

I would argue this is a incorrect server setup.

Version 0, edited 17 months ago by dd32 (next)

comment:6 in reply to: ↑ 5 vanchuck17 months ago

  • Type changed from defect (bug) to enhancement

Replying to dd32:

I would argue this is a incorrect server setup.

Aha. How this came about for my install was that I manually updated my .htaccess at some point, and when moving back to Default permalink option, the rewrites stayed, which as you point out, shouldn't be that way.

However, if this is really an unhandled/unsupported config, two things would be helpful in this situation to avoid problems for others:

  • If .htaccess is not writeable by WP, there should be a warning message displayed when switching back to Default permalinks option, providing the user with the new updated .htaccess file contents (in this case, with no rewrite directives), as is done when you select a non-Default permalinks option
  • If Default permalinks option is enabled, .htaccess should be automatically (or user should be prompted to update it manually) to include a 404 handler to ensure wayward URLs still get sent to the WP error page. eg:

ErrorDocument 404 /index.php?error=404

Changing to Enhancement, will let you pros determine whether the above are worthwhile suggestions.

Note: See TracTickets for help on using tickets.