WordPress.org
Get WordPress

Make WordPress Core

Opened 9 years ago

Last modified 6 years ago

#35437 new enhancement

dot in permalinks

Reported by: vk_code's profile vk_code Owned by:
Milestone: Future Release Priority: normal
Severity: normal Version:
Component: Canonical Keywords: needs-patch
Focuses: Cc:

Description

Just try to add dot in request uri (begin or end of any part) – it will return status 200, but should 404 or may be it should redirect to url without dots, otherwise it generates duplicate pages that is not so good.

For example.
Correct url is http://site.com/some/url/
Let's try: http://site.com/.some/url/ – will return status 200 and open the correct page.

The same behavior if:
http://site.com/some./url/
http://site.com/some/.url/
http://site.com/some/url./

Temporary solution in functions.php helpful for me:

<?php
function clear_uri($var) {
    global $clear_processed;

    $clear_processed = true;
    $str = trim($var, '.');

    if( $str[0] == '.' || $str[strlen($str)-1] == '.' )
        $str = clear_uri($str, '.');

    return $str;
}

$clear_processed = false;
$parts = explode('/', trim($_SERVER['REQUEST_URI'], '/'));

foreach($parts as $k => $s) {
    if( $s[0] == '.' || $s[strlen($s)-1] == '.' )
        $parts[$k] = clear_uri($s);
}

if( $clear_processed ) {
    $location = '/' . implode('/', $parts) . '/';
    header("Location: " . $location, true, 301);
    exit;
}

Change History (6)

#1 @swissspidy
9 years ago

  • Component changed from Permalinks to Canonical

#2 @ericlewis
9 years ago

  • Keywords needs-patch added
  • Milestone changed from Awaiting Review to Future Release

Can reproduce.

#3 follow-up: @ericlewis
9 years ago

If someone could first dig into why this is working as such, that'd be a great start.

#4 in reply to: ↑ 3 @swissspidy
9 years ago

Replying to ericlewis:

If someone could first dig into why this is working as such, that'd be a great start.

Looks like the WP class just passes whatever it gets to WP_Query (which seems legit). In WP_Query::get_posts(), sanitize_title_for_query is used, which strips off those characters

So when you open https://make.wordpress.org/core/2016/01/13/feature-plugin-chat-notes-for-jan-12... (someone may have typed the URL wrong), you still get to the right post. That only works for post names though, i.e. https://make.wordpress.org/core/2016... does not work.

#6 @cleancoded
6 years ago

Here is a trick. You can add these line to your index.php file

$URL = $_SERVER['REDIRECT_URL'];
if (strpos($URL, '.') !== false) {
	$newURl = str_replace('.', '', $URL);
	header('Location: '.$newURl);	
	$redirect = '<html><head><title>Redirecting</title><meta http-equiv="refresh" content="0; url='.$newURl.'" /></head><a href="'.$newURl.'">Redirect</a></html>';
	die($redirect);	
}

now index.php file looks like

<?php
/**
 * Front to the WordPress application. This file doesn't do anything, but loads
 * wp-blog-header.php which does and tells WordPress to load the theme.
 *
 * @package WordPress
 */

/**
 * Tells WordPress to load the WordPress theme and output it.
 *
 * @var bool
 */
define('WP_USE_THEMES', true);

$URL = $_SERVER['REDIRECT_URL'];
if (strpos($URL, '.') !== false) {
	$newURl = str_replace('.', '', $URL);
	header('Location: '.$newURl);	
	$redirect = '<html><head><title>Redirecting</title><meta http-equiv="refresh" content="0; url='.$newURl.'" /></head><a href="'.$newURl.'">Redirect</a></html>';
	die($redirect);	
}

/** Loads the WordPress Environment and Template */
require( dirname( __FILE__ ) . '/wp-blog-header.php' );
Note: See TracTickets for help on using tickets.