Make WordPress Core

Opened 5 years ago

Last modified 3 months ago

#48328 new defect (bug)

IIS 7+ with standard FCGI an URL_REWRITE mangles REQUEST_URI

Reported by: andy-schmidt's profile Andy Schmidt Owned by:
Milestone: Awaiting Review Priority: normal
Severity: major Version: 5.2.3
Component: Bootstrap/Load Keywords: needs-patch needs-testing
Focuses: Cc:

Description

Currently, line 65 in load.php will ONLY recover the original URL, IF IIS is still run in the outdated ISAPI mode, and using third-party Rewrites.

<?php
        // Fix for IIS when running with PHP ISAPI
        if ( empty( $_SERVER['REQUEST_URI'] ) || ( PHP_SAPI != 'cgi-fcgi' && preg_match( '/^Microsoft-IIS\//', $_SERVER['SERVER_SOFTWARE'] ) ) ) {

                // IIS Mod-Rewrite
                if ( isset( $_SERVER['HTTP_X_ORIGINAL_URL'] ) ) {

However, if IIS is run with the now-standard FASTCGI, and IIS' own URL-REWRITE module, then the original URL is NOT recovered from IIS' URL-REWRITE module.

URLs like:
www.wordpress.site/somepath/ferrari-166-mm-0308m-%e2%8b%9f-0328m/?queryparameters=something
are mangled to:
www.wordpress.site/somepath/ferrari-166-mm-0308m-?-0328m/?queryparameters=something
resulting in multiple "?" occurrences in the URL.

The following patch at line 93 in wp-includes/load.php will add compatibility with the IIS versions of the past 10 years:

<?php
        }
        // PATCH STARTS HERE *** Fix for IIS when running URL_REWRITE
        elseif ( ( PHP_SAPI == 'cgi-fcgi' ) and isset( $_SERVER['IIS_UrlRewriteModule'] ) and isset( $_SERVER['UNENCODED_URL'] ) ) {
                $_SERVER['REQUEST_URI'] = $_SERVER['UNENCODED_URL'];    // Note: 'HTTP_X_ORIGINAL_URL' actually holds an encoded (non-original) version.
        }

        // Fix for PHP as CGI hosts that set SCRIPT_FILENAME to something ending in php.cgi for all requests

Change History (5)

#1 @Andy Schmidt
5 years ago

PS - here the URL REWRITE documentation on how to obtain the original URL as the browser had sent it:
https://docs.microsoft.com/en-us/iis/extensions/url-rewrite-module/url-rewrite-module-configuration-reference

Preserving Original URL

The URL Rewrite Module preserves the original requested URL path in the following server variables:
...
UNENCODED_URL – this server variable contains the original URL exactly as it was requested by a Web client, with all original encoding preserved.

#2 @Andy Schmidt
5 years ago

#48327 was marked as a duplicate.

#3 follow-up: @jorbin
3 months ago

  • Keywords needs-patch needs-testing added

Sorry it has taken so long for there to be a response @andy-schmidt.

It would be great for this to be tested but I don't have access to an IIS server and this also needs to be converted to a proper patch to make it easier to do so.

#4 in reply to: ↑ 3 @Andy Schmidt
3 months ago

Replying to jorbin:

Sorry it has taken so long for there to be a response @andy-schmidt.

It would be great for this to be tested but I don't have access to an IIS server and this also needs to be converted to a proper patch to make it easier to do so.

#5 @Andy Schmidt
3 months ago

Hi @jorbin,

I'd be happy to install a test-build on one of my IIS servers, once you have one ready to download - or just that load.php if you want. (Since I already had used the above fix half a decade ago, I know it works.)

I'm just not a "formal" developer with a whole WordPress/GIT/...-whatever build environments, who remotely knows anything about checking-out/checking-in/patching etc. I just know how to native-code in various iterations of programming languages.

Best,
Andy

Note: See TracTickets for help on using tickets.