Make WordPress Core

Opened 5 years ago

Closed 5 years ago

#48972 closed defect (bug) (duplicate)

Improper handling of page number in URL

Reported by: hronak's profile hronak Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Canonical Keywords:
Focuses: Cc:

Description

If you append numbers in any post/page URL (after a slash) it still returns a valid HTTP 200 even if there are no pages. The limit is 9223372036854775807 page number.

If you append anything above 9223372036854775807 (like 9223372036854775808) then it automatically redirects to 9223372036854775807.

9223372036854775807 happens to be the limit of a signed 64-bit integer.

Example URLs to test:

  1. https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/9223372036854775807
  2. https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/9223372036854775808

You can try this with any WordPress based website with any theme. This issue also happens with WooCommerce product pages. I've tested it with 5.2.x, 5.3, and 5.3.1 but further testing is required to know how many WordPress versions have the same issue.

Expected result should be an error message (like 404) if the page number doesn't exist.

Change History (3)

This ticket was mentioned in Slack in #core by audrasjb. View the logs.


5 years ago

#2 @audrasjb
5 years ago

  • Keywords reporter-feedback removed
  • Version 5.3.1 deleted

Hi @hronak thank you for opening this ticket and welcome to WordPress Core Trac!

Let's remove 5.3.1 as it looks like the issue is not related to version 5.3.1.

#3 @SergeyBiryukov
5 years ago

  • Component changed from General to Canonical
  • Keywords needs-patch needs-testing removed
  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed

Hi there, welcome to WordPress Trac!

Thanks for the report, we're already tracking this issue in #45337 and #28081.

Note: See TracTickets for help on using tickets.