WordPress.org

Make WordPress Core

Opened 5 years ago

Closed 5 years ago

#29170 closed enhancement (duplicate)

Support IDNA(Internationalized Domain Names for Applications, RFC 5890 and 5891)

Reported by: extendwings Owned by:
Milestone: Priority: normal
Severity: normal Version: 4.0
Component: Upgrade/Install Keywords: has-patch
Focuses: administration Cc:
PR Number:

Description

If WordPress is installed on IDN(Internationalized Domain Name) environment, we couldn't login to WordPress dashboard easily.

Reproduce

I set up the site to reproduce.

  1. Visit http://idnテスト.みんな/wp-login.php
  2. Enter the following information and login.
  3. You may redirected to http://idn./wp-admin
  • User: wporg-test
  • Password: NQhA@*c&

This account for test will expired next month automatically.

Cause

wp_sanitize_redirect() calls preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!*]|i', '', $location), this works in most cases.
But if user entered IDN at wp-admin/options-general.php without converting to Punycode, UTF-8(precisely, non-ASCII) characters will be removed by preg_replace.
Ex) http://idnテスト.みんな/ -> http://idn./

Solution

Convert URL to Punycode before sanitizing. I chose PEAR Net_IDNA2, licensed under LGPL.

Attachments (2)

IDN-support.diff (106.7 KB) - added by extendwings 5 years ago.
IDN-support.2.diff (106.6 KB) - added by extendwings 5 years ago.
Remove debug lines

Download all attachments as: .zip

Change History (5)

@extendwings
5 years ago

Remove debug lines

#1 @knutsp
5 years ago

  • Component changed from Login and Registration to Upgrade/Install
  • Type changed from defect (bug) to enhancement

This would be a nice enhancement.

Install: Enter IDN, save punycode. This is the most important feature.
Settings General: Enter IDN, save punycode, show IDN on display.

#2 @extendwings
5 years ago

  • Keywords has-patch added

#3 @SergeyBiryukov
5 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed

If WordPress is installed on IDN(Internationalized Domain Name) environment, we couldn't login to WordPress dashboard easily.

Generally, home and siteurl options are correctly populated in wp_guess_url() during installation. As you noted, the issue happens if the user manually changes them to non-Punycode values later.

This is a duplicate of #10690 and #19279. Could you please add you patch to #10690?

Note: See TracTickets for help on using tickets.