Make WordPress Core

Opened 3 years ago

Last modified 3 years ago

#40573 new defect (bug)

Problem with wp_guess_url() during installation

Reported by: pavelevap Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 4.8
Component: General Keywords: reporter-feedback
Focuses: Cc:


After uploading installation files, I went to http://domain.cz and then I was redirected to http://domain.cz/domains/domain.cz/wp-admin/setup-config.php, but it should be http://domain.cz/wp-admin/setup-config.php. URL http://domain.cz/readme.html works well. When I manually changed URL to http://domain.cz/wp-admin/setup-config.php then everything worked well but initial redirect caused problems for many users which did not notice that and installed WP with this URL.

Popular webhoster is using .htaccess to allow installation more sites into subdirectories, but problem is probably inside wp_guess_url() function here: https://core.trac.wordpress.org/browser/tags/4.7.4/src/wp-includes/functions.php#L4306

$script_filename_dir . '/' == $abspath_fix == /data/web/virtuals/160423/virtual/www/domains/domain.cz/

But $_SERVER['PHP_SELF'] is /domains/domain.cz/index.php

There should be $_SERVER['REQUEST_URI'] or $_SERVER['REQUEST_URI'] . 'index.php' instead?

Change History (1)

#1 in reply to: ↑ description @dd32
3 years ago

  • Keywords reporter-feedback added

Replying to pavelevap:

$script_filename_dir . '/' == $abspath_fix == /data/web/virtuals/160423/virtual/www/domains/domain.cz/

But $_SERVER['PHP_SELF'] is /domains/domain.cz/index.php

It looks like your host has an invalid value in PHP_SELF - based on your description of the URLs it should only contain /index.php according to the PHP Documentation: http://php.net/manual/en/reserved.variables.server.php#refsect1-reserved.variables.server-indices

Ideally this should be brought to the attention of the web-host before WordPress attempts any form of work around here, as it's common practice for other PHP scripts to use something similar to <form action="<?php echo $_SERVER['PHP_SELF']; ?>"> (please don't do that kids, I'm fairly sure that'll introduce security implications)

Have you contacted your web-host about this yet? What did they say?

Note: See TracTickets for help on using tickets.