#37733 closed defect (bug) (fixed)
`cURL error 3: malformed` for remote requests since 4.6
Reported by: | flixos90 | Owned by: | flixos90 |
---|---|---|---|
Milestone: | 4.6.1 | Priority: | normal |
Severity: | normal | Version: | 4.6 |
Component: | HTTP API | Keywords: | has-patch has-unit-tests fixed-major |
Focuses: | Cc: |
Description (last modified by )
Since 4.6, one of my plugins has a problem with making a remote request. I get the error cURL error 3: malformed
. The underlying codebase can be found here: https://github.com/felixarntz/wp-encrypt/blob/master/inc/WPENC/Core/Client.php#L384
This has worked correctly in previous WordPress versions, but fails now. The person who reported this bug to me (in the plugin support forums) notified me that other plugins see similar problems (for example https://wordpress.org/support/topic/curl-error-3-malformed-error?replies=3).
Attachments (1)
Change History (20)
#3
@
8 years ago
@swissspidy: I thought I didn't, but now after some investigation I found out I indeed did. :)
For this ticket: there shouldn't be double slashes in URLs, but was that stated in dev notes? I guess this doesn't need to be changed on the Core side, but if it hasn't been posted yet, a note would be helpful.
Otherwise this can be closed.
#4
@
8 years ago
Looks like @dd32 already filed an issue upstream: https://github.com/rmccue/Requests/issues/231.
#5
follow-up:
↓ 6
@
8 years ago
- Milestone changed from Awaiting Review to 4.6.1
I'm considering that for 4.6.1 we might want to normalize the URLs to remove double slashes within WP_HTTP.
I feel that there are enough plugins affected by incorrect url concatenation to fix this.
I don't think the upstream issue will be fixed in time, nor do I personally understand what the upstream undocumented logic is supposed to be.
#6
in reply to:
↑ 5
@
8 years ago
- Keywords needs-patch added
Replying to dd32:
I'm considering that for 4.6.1 we might want to normalize the URLs to remove double slashes within WP_HTTP.
I think this makes sense.
We already parse the URL in WP_Http::request()
and can act directly on the path there. Or - would it make sense to have a static normalize_url
or similar method available for use elsewhere?
This ticket was mentioned in Slack in #core by jeremyfelt. View the logs.
8 years ago
#8
@
8 years ago
- Keywords needs-unit-tests added
- Owner set to flixos90
- Status changed from new to assigned
#9
@
8 years ago
- Keywords has-patch has-unit-tests dev-feedback added; needs-patch needs-unit-tests removed
37733.diff replaces double slashes at the begin of the URL path by a single slash to fix this issue. A unit test is included.
#11
@
8 years ago
- Keywords fixed-major added
- Resolution fixed deleted
- Status changed from closed to reopened
I took a slightly different route, as this is only going to be a temporary measure (hopefully).
re-opening for 4.6.1 merge
#14
@
8 years ago
I was going to hold off on a 4.6.1 commit here, as we might be able to just fix it properly within Requests, however it looks like that fix may not drop until next week now, so I expect trunk will get a proper fix for this, but 4.6.x can just keep this regex.
#15
@
8 years ago
I believe the goal here was to strip //
from the path of URLs down to a single /
however, it's also affecting any query string parameters, as seen in this example from the EDD Software Licensing parameters sent:
/app/public/wp-includes/class-http.php:368:string 'https://www.example.com?edd_action=activate_license&license=<redacted>&item_name=<redacted>&url=http:/one.submulti.dev' (length=151)
The Domain requesting the activation is http://one.submulti.dev
, but the regex is stripping the additional slash here.
#16
@
8 years ago
@cklosows Thanks for the report. You're correct in that other double slashes should not be stripped. As this ticket is closed against the 4.6.1 milestone, can you open a new ticket with that information so we can target for 4.6.2?
From that support thread:
Do you perhaps have double slashes in your URLs (except for the protocol part, of course)?