WordPress.org

Make WordPress Core

Opened 9 months ago

Closed 9 months ago

Last modified 9 months ago

#38070 closed defect (bug) (fixed)

RegEx to remove double slashes affects query strings as well.

Reported by: cklosows Owned by: dd32
Milestone: 4.7.1 Priority: normal
Severity: normal Version: 4.6.1
Component: HTTP API Keywords: has-patch has-unit-tests
Focuses: Cc:

Description

In #37733 a RegEx was applied that was overreaching the 'path' of the URL and is affecting the query string parameters as well. There is an upstream fix in the Requests library (https://github.com/rmccue/Requests/issues/231) but not sure if that's something wanted to be done in a point release, so the attached patch fixes this overstep as suggested by @rmccue in the Make Slack.

Attachments (1)

38070.patch (1.2 KB) - added by cklosows 9 months ago.
Applies a restriction to avoid the query string, and a unit test.

Download all attachments as: .zip

Change History (5)

@cklosows
9 months ago

Applies a restriction to avoid the query string, and a unit test.

#1 @DrewAPicture
9 months ago

  • Keywords has-patch has-unit-tests added
  • Milestone changed from Awaiting Review to 4.6.2

Definitely seems like a regression. Moving to 4.6.2 for investigation.

#2 @Collizo4sky
9 months ago

Will this be included in 4.6.2? We are having trouble with customer unable to communicate with our API endpoints.

#3 @dd32
9 months ago

  • Owner set to dd32
  • Resolution set to fixed
  • Status changed from new to closed

In 38727:

HTTP: Update Requests to master (0048f3c) which fixes a number of outstanding issues.

Fixes #38070, #37733 by reverting part of [38429] and using the fix in Requests.
Fixes #37992 allowing for connecting to SSL resources on ports other than 443.
Fixes #37991 by not sending default ports in the Host: header.
Fixes #37839 to match and decode Chunked responses correctly.
Fixes #38232 allowing a SSL connection to ignore the hostname of the certificate when verification is disabled.

#4 @dd32
9 months ago

In 38728:

HTTP: Update Requests to master (0048f3c) which fixes a number of outstanding issues.

Merges [38727] to the 4.6 branch.

Fixes #38070, #37733 by reverting part of [38429] and using the fix in Requests.
Fixes #37992 allowing for connecting to SSL resources on ports other than 443.
Fixes #37991 by not sending default ports in the Host: header.
Fixes #37839 to match and decode Chunked responses correctly.
Fixes #38232 allowing a SSL connection to ignore the hostname of the certificate when verification is disabled.

Note: See TracTickets for help on using tickets.