#4732 closed defect (bug) (wontfix)
Standardize REQUEST_URI, was: $guessurl wrong in install.php
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Priority: | normal | |
| Severity: | major | Version: | 2.2 |
| Component: | Permalinks | Keywords: | has-patch reporter-feedback |
| Focuses: | Cc: |
Description
Apache >1.3 has a function implemented that gets the real uri named original_uri() (util_script.c).
Let's say wordpress is located at http://example.com/wordpress .
A standard request looks like this:
GET /wordpress/wp-admin/install.php HTTP/1.1
Okey ... now apache original_uri(r) returns /wp-admin/index.php
So PHP global variable $_SERVER[ 'REQUEST_URI' ]; looks like "/wp-admin/index.php"
upgrade-functions.php , upgrade-schema.php:
$guessurl = preg_replace('|/wp-admin/.*|i', '', $schema . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
$guessurl is "http://example.com/wordpress" cool :)
But what if the request is forwarded by squid with default config in accel vhost mode.
Here goes ...
The request is:
GET http:///example.com/wordpress/wp-admin/install.php HTTP/1.1
Apache original_uri(r) returns http:///example.com/wordpress/wp-admin/install.php which is legal.
PHP global variable $_SERVERREQUEST_URI? is "http:///example.com/wordpress/wp-admin/install.php"
upgrade-functions.php , upgrade-schema.php:
$guessurl = preg_replace('|/wp-admin/.*|i', '', $schema . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
$guessurl is "http://example.comhttp://example.com/wordpress" not cool :(
The problem with this that values 'siteurl' and 'home' will be wrong in the options table.
This code solves the problem (replaceing it in both places):
$guessurl = eregi($schema . $_SERVER['HTTP_HOST'], $_SERVER['REQUEST_URI']) ? preg_replace('|/wp-admin/.*|i', '', $_SERVER['REQUEST_URI']) : preg_replace('|/wp-admin/.*|i', '', $schema . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
APACHE: v2.2.4
OS: BSD
PHP: 5.2.4RC1-dev
SQUID: 2.6
Yours,
Aron Szabo
Attachments (4)
Change History (23)
#3
@
19 years ago
If this is a problem we should probably just standardize $_SERVER['REQUEST_URI'] early on in WP load.
#4
@
19 years ago
- Keywords needs-patch added; has-patch removed
- Milestone changed from 2.2.3 to 2.3 (trunk)
#6
@
18 years ago
- Keywords has-patch needs-testing added; needs-patch removed
Patched with rev. 6568 (latest ATM).
#7
@
18 years ago
- Cc sciolizer@… added
I ran into the same problems with squid changing the REQUEST_URI, but I found that if you have access to the squid.conf file, you can workaround the problem (until the patch becomes mainstream) by changing the cache_peer line to include the "originserver" option. You must have the rproxy patch, or be using Squid v3.
For example:
cache_peer 127.0.0.1 parent 80 7 no-query round-robin no-digest originserver
This will prevent squid from altering the REQUEST_URI, and is probably a good idea regardless of whether Wordpress uses REQUEST_URI or not, since other sites might be depending on it.
My workaround only works if you are using one squid server. If you are using multiple squid servers, then there is the possibility that the REQUEST_URI will be changed at the first one and not reverted at the last one. (I'm no squid expert, and I haven't tried this setup.)
Also, I would like to point out that the use of REQUEST_URI in the Wordpress source is much more systemic than just schema.php and upgrade.php. An rgrep on my copy returns 33 hits (version 2.3 of Wordpress).
#8
@
18 years ago
- Keywords $guessurl install.php needs-testing removed
- Summary changed from $guessurl wrong in install.php to Standardize REQUEST_URI, was: $guessurl wrong in install.php
Not sure how often this can happen but when it happens, it's probably a show stopper. Like markjaquith, I think it's best to standardize it early as at last count REQUEST_URI is used 43 times.
#9
@
18 years ago
Issues discussed here will be impacted by the implementation of #7129, which proposes to move the discussed regular expressions to a single function.
#12
follow-up:
↓ 15
@
17 years ago
- Keywords needs-testing added
@ar0n: Can you test this latest patch against trunk?
#13
@
17 years ago
- Keywords reporter-feedback added; needs-testing removed
@sciolizer - can you check if this is still needed and confirm the patch works if it is?
#15
in reply to:
↑ 12
@
17 years ago
I just tested the latest patch againt trunk, still applies clean.
/me wonders out loud ...
Are there any other places where we assume the string we recieve via the GET request has had the http://domain.name stripped from the front?
Should we also move the duplicated code to a function rather than copy and pasting the fix into two places maybe something like:
guess_blog_root_urlin wp-admin/includes/upgrade.php that returns the full root url for us.