WordPress.org

Make WordPress Core

Opened 3 years ago

Last modified 20 months ago

#33821 new defect (bug)

redirect_canonical does not consider port in $compare_original

Reported by: willshouse Owned by:
Milestone: Future Release Priority: normal
Severity: normal Version: 2.3
Component: Canonical Keywords: has-patch needs-unit-tests needs-testing
Focuses: Cc:

Description (last modified by johnbillion)

In the wp-includes/canonical.php file the $requested_url is built starting at line 64. It combines is_ssl() for protocol, $_SERVER['HTTP_HOST'], and $_SERVER['REQUEST_URI'] - but it does not consider $_SERVER['SERVER_PORT']

This causes a redirect loop for us because we run HTTPS on port 8443.

I suggest checking to see if a port other than 80 or 443 is being used and adding that as part of the comparison - suggested patch attached.

Attachments (1)

add_canonical_port_check.patch (1.1 KB) - added by willshouse 3 years ago.
add canonical port check

Download all attachments as: .zip

Change History (8)

@willshouse
3 years ago

add canonical port check

#1 @johnbillion
3 years ago

  • Component changed from General to Canonical
  • Description modified (diff)
  • Keywords has-patch needs-unit-tests added
  • Milestone changed from Awaiting Review to Future Release
  • Version changed from 4.3 to 2.3

Thanks for the patch, willshouse.

This will need some unit tests.

#2 @swissspidy
3 years ago

#34672 was marked as a duplicate.

#3 @AbdealiJK
3 years ago

As previously mentioned in #34672 I find the following issue :

I am able to open wp-admin and everything works well. When I open my home page, I get a redirect loop. On further investigation, it seems redirect_canonical() in wp-includes/canonical.php is the culprit. It finds the :

And the extra :80 causes the condition $redirect_url == $requested_url to be false - causing the infinite redirect.

I tried the above patch for this issue, and it didn't seem to solve this issue.

#4 @johnbillion
2 years ago

#26625 was marked as a duplicate.

#5 @johnbillion
2 years ago

  • Keywords https added

This ticket was mentioned in Slack in #core-http by johnbillion. View the logs.


20 months ago

#7 @johnbillion
20 months ago

  • Keywords needs-testing added; https removed
Note: See TracTickets for help on using tickets.