Opened 10 years ago
Last modified 2 months ago
#33821 new defect (bug)
redirect_canonical does not consider port in $compare_original
Reported by: |
|
Owned by: | |
---|---|---|---|
Milestone: | Future Release | Priority: | normal |
Severity: | normal | Version: | 2.3 |
Component: | Canonical | Keywords: | has-patch needs-unit-tests needs-testing |
Focuses: | Cc: |
Description (last modified by )
In the wp-includes/canonical.php
file the $requested_url
is built starting at line 64. It combines is_ssl()
for protocol, $_SERVER['HTTP_HOST']
, and $_SERVER['REQUEST_URI']
- but it does not consider $_SERVER['SERVER_PORT']
This causes a redirect loop for us because we run HTTPS on port 8443.
I suggest checking to see if a port other than 80 or 443 is being used and adding that as part of the comparison - suggested patch attached.
Attachments (1)
Change History (11)
#1
@
10 years ago
- Component changed from General to Canonical
- Description modified (diff)
- Keywords has-patch needs-unit-tests added
- Milestone changed from Awaiting Review to Future Release
- Version changed from 4.3 to 2.3
Thanks for the patch, willshouse.
This will need some unit tests.
#3
@
9 years ago
As previously mentioned in #34672 I find the following issue :
I am able to open wp-admin and everything works well.
When I open my home page, I get a redirect loop.
On further investigation, it seems redirect_canonical() in wp-includes/canonical.php is the culprit. It finds the :
$redirect_url
as 'http://localhost:80/ajk/' and$requested_url
as 'http://localhost/ajk/'
And the extra :80
causes the condition $redirect_url == $requested_url
to be false - causing the infinite redirect.
I tried the above patch for this issue, and it didn't seem to solve this issue.
This ticket was mentioned in Slack in #core-http by johnbillion. View the logs.
9 years ago
#10
@
2 months ago
I spotted a similar issue today. Doesn't the following code cause it?
/* * Ignore differences in host capitalization, as this can lead to infinite redirects. * Only redirect no-www <=> yes-www. */ if ( $original_host_low === $redirect_host_low || ( 'www.' . $original_host_low !== $redirect_host_low && 'www.' . $redirect_host_low !== $original_host_low ) ) { $redirect['host'] = $original['host']; }
Let's assume the hosts look as follows:
Requested: http://localhost:8888
Canonical: http://some.custom.domain.dev
The variables look as follows:
$original_host_low = 'localhost'; $redirect_host_low = 'some.custom.domain.dev';
How conditions resolve:
- 'localhost' === 'some.custom.domain.dev' -> false
- 'www.' . 'localhost' !== 'some.custom.domain.dev' -> true
- 'www.' . 'some.custom.domain.dev' !== 'localhost' -> true
As the second and third parts resolve to true, the whole condition resolves, and the redirect host is replaced with the original host.
Then, later in the flow, the user is redirected to http://localhost (without port) instead of http://some.custom.domain.dev.
add canonical port check