Opened 5 years ago
Last modified 3 months ago
#48328 new defect (bug)
IIS 7+ with standard FCGI an URL_REWRITE mangles REQUEST_URI
Reported by: | Andy Schmidt | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | major | Version: | 5.2.3 |
Component: | Bootstrap/Load | Keywords: | needs-patch needs-testing |
Focuses: | Cc: |
Description
Currently, line 65 in load.php will ONLY recover the original URL, IF IIS is still run in the outdated ISAPI mode, and using third-party Rewrites.
<?php // Fix for IIS when running with PHP ISAPI if ( empty( $_SERVER['REQUEST_URI'] ) || ( PHP_SAPI != 'cgi-fcgi' && preg_match( '/^Microsoft-IIS\//', $_SERVER['SERVER_SOFTWARE'] ) ) ) { // IIS Mod-Rewrite if ( isset( $_SERVER['HTTP_X_ORIGINAL_URL'] ) ) {
However, if IIS is run with the now-standard FASTCGI, and IIS' own URL-REWRITE module, then the original URL is NOT recovered from IIS' URL-REWRITE module.
URLs like:
www.wordpress.site/somepath/ferrari-166-mm-0308m-%e2%8b%9f-0328m/?queryparameters=something
are mangled to:
www.wordpress.site/somepath/ferrari-166-mm-0308m-?-0328m/?queryparameters=something
resulting in multiple "?" occurrences in the URL.
The following patch at line 93 in wp-includes/load.php will add compatibility with the IIS versions of the past 10 years:
<?php } // PATCH STARTS HERE *** Fix for IIS when running URL_REWRITE elseif ( ( PHP_SAPI == 'cgi-fcgi' ) and isset( $_SERVER['IIS_UrlRewriteModule'] ) and isset( $_SERVER['UNENCODED_URL'] ) ) { $_SERVER['REQUEST_URI'] = $_SERVER['UNENCODED_URL']; // Note: 'HTTP_X_ORIGINAL_URL' actually holds an encoded (non-original) version. } // Fix for PHP as CGI hosts that set SCRIPT_FILENAME to something ending in php.cgi for all requests
Change History (5)
#3
follow-up:
↓ 4
@
3 months ago
- Keywords needs-patch needs-testing added
Sorry it has taken so long for there to be a response @andy-schmidt.
It would be great for this to be tested but I don't have access to an IIS server and this also needs to be converted to a proper patch to make it easier to do so.
#4
in reply to:
↑ 3
@
3 months ago
Replying to jorbin:
Sorry it has taken so long for there to be a response @andy-schmidt.
It would be great for this to be tested but I don't have access to an IIS server and this also needs to be converted to a proper patch to make it easier to do so.
#5
@
3 months ago
Hi @jorbin,
I'd be happy to install a test-build on one of my IIS servers, once you have one ready to download - or just that load.php if you want. (Since I already had used the above fix half a decade ago, I know it works.)
I'm just not a "formal" developer with a whole WordPress/GIT/...-whatever build environments, who remotely knows anything about checking-out/checking-in/patching etc. I just know how to native-code in various iterations of programming languages.
Best,
Andy
PS - here the URL REWRITE documentation on how to obtain the original URL as the browser had sent it:
https://docs.microsoft.com/en-us/iis/extensions/url-rewrite-module/url-rewrite-module-configuration-reference
Preserving Original URL
The URL Rewrite Module preserves the original requested URL path in the following server variables:
...
UNENCODED_URL – this server variable contains the original URL exactly as it was requested by a Web client, with all original encoding preserved.