Make WordPress Core

Opened 9 years ago

Closed 9 years ago

Last modified 9 years ago

#2843 closed defect (bug) (fixed)

bad regex pattern in wp-includes/vars.php

Reported by: herr_ernst Owned by:
Milestone: Priority: high
Severity: critical Version: 2.0.4
Component: Administration Keywords: bg|dev-feedback
Focuses: Cc:



Line 4-6 is like:

if (preg_match('#([^/]+.php)#', $PHP_SELF, $self_matches)) {
         $pagenow = $self_matches[1];

which should be more like

if (preg_match('#([^/]+\.php$)#', $PHP_SELF, $self_matches)) {
         $pagenow = $self_matches[1];

because i had "php" in the path, so the variable $pagenow was set wrong and it couldnt find some files

my first bug ever discovered and submitted, so i hope i have not made too many mistakes...

Attachments (1)

2843.diff (462 bytes) - added by skeltoac 9 years ago.

Download all attachments as: .zip

Change History (8)

#1 @error
9 years ago

  • Keywords bg|dev-feedback added
  • Milestone set to 2.0.4
  • Priority changed from normal to high
  • Severity changed from normal to critical

Yeah, that'll mess up anybody whose pathname includes the string "php". The replacement regex looks OK, too.

#2 @skeltoac
9 years ago

  • Version set to 2.0.4

Nice catch! Good first report!

Unified diffs are always appreciated.

#3 @herr_ernst
9 years ago

Why not also add the "$" for the end of the line like "\.php$"? Would be more foolproof.
Very unlikely that somebody has a path like "/web/files.php/wordpress/", but still possible.

But I don't really know what the original author wants to accomplish with the if-else beginning line 4. So I'm not sure if the correction is correct.

#4 @skeltoac
9 years ago

Sorry, I didn't notice the $. That should have been included.

9 years ago

#5 @ryan
9 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [3910]) Fixed pagenow regex. Props herr_ernst. fixes #2843

#6 @ryan
9 years ago

(In [3911]) Fixed pagenow regex. Props herr_ernst. fixes #2843

#7 @anonymous
9 years ago

  • Milestone 2.0.4 deleted

Milestone 2.0.4 deleted

Note: See TracTickets for help on using tickets.