WordPress.org

Make WordPress Core

Opened 2 years ago

Last modified 2 years ago

#35437 new enhancement

dot in permalinks

Reported by: vk_code Owned by:
Milestone: Future Release Priority: normal
Severity: normal Version:
Component: Canonical Keywords: needs-patch
Focuses: Cc:

Description

Just try to add dot in request uri (begin or end of any part) – it will return status 200, but should 404 or may be it should redirect to url without dots, otherwise it generates duplicate pages that is not so good.

For example. Correct url is http://site.com/some/url/ Let's try: http://site.com/.some/url/ – will return status 200 and open the correct page.

The same behavior if: http://site.com/some./url/ http://site.com/some/.url/ http://site.com/some/url./

Temporary solution in functions.php helpful for me:

<?php
function clear_uri($var) {
    global $clear_processed;

    $clear_processed = true;
    $str = trim($var, '.');

    if( $str[0] == '.' || $str[strlen($str)-1] == '.' )
        $str = clear_uri($str, '.');

    return $str;
}

$clear_processed = false;
$parts = explode('/', trim($_SERVER['REQUEST_URI'], '/'));

foreach($parts as $k => $s) {
    if( $s[0] == '.' || $s[strlen($s)-1] == '.' )
        $parts[$k] = clear_uri($s);
}

if( $clear_processed ) {
    $location = '/' . implode('/', $parts) . '/';
    header("Location: " . $location, true, 301);
    exit;
}

Change History (4)

#1 @swissspidy
2 years ago

  • Component changed from Permalinks to Canonical

#2 @ericlewis
2 years ago

  • Keywords needs-patch added
  • Milestone changed from Awaiting Review to Future Release

#3 follow-up: @ericlewis
2 years ago

If someone could first dig into why this is working as such, that'd be a great start.

#4 in reply to: ↑ 3 @swissspidy
2 years ago

Replying to ericlewis:

If someone could first dig into why this is working as such, that'd be a great start.

Looks like the WP class just passes whatever it gets to WP_Query (which seems legit). In WP_Query::get_posts(), sanitize_title_for_query is used, which strips off those characters

So when you open https://make.wordpress.org/core/2016/01/13/feature-plugin-chat-notes-for-jan-12... (someone may have typed the URL wrong), you still get to the right post. That only works for post names though, i.e. https://make.wordpress.org/core/2016... does not work.

Note: See TracTickets for help on using tickets.