Make WordPress Core

Opened 8 years ago

Closed 8 years ago

#38414 closed defect (bug) (duplicate)

class-wp-list-table.php generating wrong URL

Reported by: tnash's profile tnash Owned by:
Milestone: Priority: normal
Severity: normal Version: 4.7
Component: Administration Keywords:
Focuses: Cc:

Description

Line 768 within class-wp-list-table.php in the pagination function is:

$current_url = set_url_scheme( 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );

This can result in some very weird anomalies if the HTTP_HOST is being mapped in a weird way (for example behind a proxy, the result can be instead of the domain, an IP is returned).

A simple fix is to use the home_url as the substitute for the HTTP_HOST but probably better to guarantee it's returning the correct data would be to use site_url as it's calling a specific file within the site_url structure.

Change History (2)

#1 in reply to: ↑ description @nigel2
8 years ago

+1 I've hit this one too. When behind a CDN, using $_SERVER returns the name of the origin server, not the site url (ie when the CDN/proxy passes the request to the origin/backend server, it is the hostname used to make that backend request that is used). As suggested below modifying to use site_url() instead of $_SERVER fixes this.

The symtpom of this issue is that pressing the pagination buttons "<" ">" in an admin screen (page list for example) logs you out, as you are now directed to a URL that is not associated with the session cookie.

Replying to tnash:

Line 768 within class-wp-list-table.php in the pagination function is:

$current_url = set_url_scheme( 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );

This can result in some very weird anomalies if the HTTP_HOST is being mapped in a weird way (for example behind a proxy, the result can be instead of the domain, an IP is returned).

A simple fix is to use the home_url as the substitute for the HTTP_HOST but probably better to guarantee it's returning the correct data would be to use site_url as it's calling a specific file within the site_url structure.

#2 @johnbillion
8 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed

Duplicate of #36201.

Note: See TracTickets for help on using tickets.