Make WordPress Core

Opened 5 years ago

Last modified 3 years ago

#37670 new defect (bug) (maybelater)

wp_validate_redirect fails when running WordPress on a port

Reported by: raptor235 Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 4.5.3
Component: Security Keywords: reporter-feedback
Focuses: Cc:

Description (last modified by ocean90)

$allowed_hosts is checking againts host value the parsed host value doesn't contain the port number and $wpp does. Thereror hosts aren't matched and wp_validate_redirect fails.

$lp = @parse_url($test);


array (size=4)
  'scheme' => string 'http' (length=4)
  'host' => string 'localhost' (length=9)
  'port' => int 3002
  'path' => string '/project/xactly-com/insights/' (length=29)


$wpp = parse_url(home_url());


array (size=2)
  'scheme' => string 'http' (length=4)
  'host' => string 'localhost:3002' (length=23)

will result in

if (isset($lp['host']) && (!in_array($lp['host'], $allowed_hosts) && $lp['host'] != strtolower($wpp['host']))) {


The server is running on a local proxy.

Change History (3)

#1 @ocean90
5 years ago

  • Description modified (diff)

#2 in reply to: ↑ description @dd32
5 years ago

  • Keywords reporter-feedback added

Replying to raptor235:


$wpp = parse_url(home_url());


array (size=2)
  'scheme' => string 'http' (length=4)
  'host' => string 'localhost:3002' (length=23)

Hi @raptor235 and welcome back to Trac :)

Can you do some extra debugging around this line and let us know the exact inputs and versions of PHP which you're running?

PHP specifically specifically separates out the port, in all versions of PHP when using the input http://localhost:3002. The only time

Version 0, edited 5 years ago by dd32 (next)

#4 @iandunn
3 years ago

  • Resolution set to maybelater

Switching from wontfix to maybelater, since that's more accurate.

xref: https://make.wordpress.org/core/2019/01/14/follow-up-on-recent-trac-bulk-edit/

Note: See TracTickets for help on using tickets.