Make WordPress Core

Opened 4 years ago

Last modified 4 years ago

#48328 new defect (bug)

IIS 7+ with standard FCGI an URL_REWRITE mangles REQUEST_URI

Reported by: andy-schmidt's profile Andy Schmidt Owned by:
Milestone: Awaiting Review Priority: normal
Severity: major Version: 5.2.3
Component: Bootstrap/Load Keywords:
Focuses: Cc:

Description

Currently, line 65 in load.php will ONLY recover the original URL, IF IIS is still run in the outdated ISAPI mode, and using third-party Rewrites.

<?php
        // Fix for IIS when running with PHP ISAPI
        if ( empty( $_SERVER['REQUEST_URI'] ) || ( PHP_SAPI != 'cgi-fcgi' && preg_match( '/^Microsoft-IIS\//', $_SERVER['SERVER_SOFTWARE'] ) ) ) {

                // IIS Mod-Rewrite
                if ( isset( $_SERVER['HTTP_X_ORIGINAL_URL'] ) ) {

However, if IIS is run with the now-standard FASTCGI, and IIS' own URL-REWRITE module, then the original URL is NOT recovered from IIS' URL-REWRITE module.

URLs like:
www.wordpress.site/somepath/ferrari-166-mm-0308m-%e2%8b%9f-0328m/?queryparameters=something
are mangled to:
www.wordpress.site/somepath/ferrari-166-mm-0308m-?-0328m/?queryparameters=something
resulting in multiple "?" occurrences in the URL.

The following patch at line 93 in wp-includes/load.php will add compatibility with the IIS versions of the past 10 years:

<?php
        }
        // PATCH STARTS HERE *** Fix for IIS when running URL_REWRITE
        elseif ( ( PHP_SAPI == 'cgi-fcgi' ) and isset( $_SERVER['IIS_UrlRewriteModule'] ) and isset( $_SERVER['UNENCODED_URL'] ) ) {
                $_SERVER['REQUEST_URI'] = $_SERVER['UNENCODED_URL'];    // Note: 'HTTP_X_ORIGINAL_URL' actually holds an encoded (non-original) version.
        }

        // Fix for PHP as CGI hosts that set SCRIPT_FILENAME to something ending in php.cgi for all requests

Change History (2)

#1 @Andy Schmidt
4 years ago

PS - here the URL REWRITE documentation on how to obtain the original URL as the browser had sent it:
https://docs.microsoft.com/en-us/iis/extensions/url-rewrite-module/url-rewrite-module-configuration-reference

Preserving Original URL

The URL Rewrite Module preserves the original requested URL path in the following server variables:
...
UNENCODED_URL – this server variable contains the original URL exactly as it was requested by a Web client, with all original encoding preserved.

#2 @Andy Schmidt
4 years ago

#48327 was marked as a duplicate.

Note: See TracTickets for help on using tickets.