WordPress.org

Make WordPress Core

Opened 16 months ago

Closed 16 months ago

Last modified 16 months ago

#22899 closed defect (bug) (fixed)

Don't use arrays when passing to load-scripts.php

Reported by: georgestephanis Owned by: nacin
Milestone: 3.5.1 Priority: normal
Severity: normal Version: 3.5
Component: General Keywords: has-patch
Focuses: Cc:

Description

A semi-revert of #22757 to take the path less traveled.

Arrays are breaking some installs, let's stop doing it and try a different way.

Attachments (3)

22899.diff (1.8 KB) - added by georgestephanis 16 months ago.
22899.2.diff (604 bytes) - added by nacin 16 months ago.
22899.3.diff (595 bytes) - added by nacin 16 months ago.
Testing without chunking

Download all attachments as: .zip

Change History (10)

georgestephanis16 months ago

comment:1 Otto4216 months ago

The problem isn't the use of the arrays, I think. The problem is really that the brackets of [ ] are not URL encoded.

What's happening most often is that there are rules in an .htaccess file that's directly blocking square brackets in requests. If these were properly URL encoded, then they wouldn't be hitting these rules and PHP would still be treating them properly.

You have to encode & as & , and you have to brackets as %5B and %5D to be correct with the spec.

Version 0, edited 16 months ago by Otto42 (next)

comment:2 cnorris2316 months ago

This was my exact issue earlier, and Otto is correct. There were rules specifically blocking the square brackets. Encoding them, which is technically correct as Otto stated, fixes the issue.

comment:3 nacin16 months ago

  • Milestone changed from Awaiting Review to 3.5.1

Darn it. I was really close to encoding these, too.

comment:4 markjaquith16 months ago

Let's get confirmation that encoding does or does not fix the issue on mod_pagespeed systems, as well as whether georgestephanis' patch does or does not fix the issue on mod_pagespeed systems. I think we've confirmed that either solves the issue for Bulletproof Security systems.

nacin16 months ago

nacin16 months ago

Testing without chunking

comment:5 nacin16 months ago

I did quite a number of tests on a box set up with pagespeed (courtesy of ipstenu) and found that pagespeed is overall very finicky when files change, but that it worked (or didn't) with load=, load[]=, and load%5B%5D=.

According to ipstenu, Dreamhost got maybe a half-dozen of these reports, and whether they break is intermittent at best. A site on DH that I tested worked fine. I suggest they move forward with excluding wp-admin for now.

So, moving forward with 22899.2.diff.

comment:6 nacin16 months ago

  • Owner set to nacin
  • Resolution set to fixed
  • Status changed from new to closed

In 23201:

Encode brackets in the load-scripts.php URL, as these are considered unsafe characters and can be misunderstood. (See RFC 1738.) In particular, a "security" rewrite rule from a plugin blocked URLs with unencoded brackets. fixes #22899 for trunk.

comment:7 nacin16 months ago

In 23202:

Encode brackets in the load-scripts.php URL, as these are considered unsafe characters and can be misunderstood. (See RFC 1738.) In particular, a "security" rewrite rule from a plugin blocked URLs with unencoded brackets. fixes #22899 for the 3.5 branch.

--Thia and those below, will be ignored--

M script-loader.php

Note: See TracTickets for help on using tickets.