WordPress.org

Make WordPress Core

Opened 5 years ago

Closed 5 years ago

Last modified 5 years ago

#8965 closed defect (bug) (wontfix)

Infinite Redirection in Bogus Namespace

Reported by: miqrogroove Owned by:
Milestone: Priority: normal
Severity: major Version: 2.7
Component: Plugins Keywords:
Focuses: Cc:

Description

On my WordPress blog, anyone who hits a path like /&a=a= will get locked into an infinite namespace. :(

On wordpress.com, what I get is, "If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header." :o

Should I attach my resume? _

Change History (9)

comment:2 miqrogroove5 years ago

http://blogyul.miqrogroove.com/&a=a=
http://blogyul.miqrogroove.com/&a=a%3D/
http://blogyul.miqrogroove.com/&a=a%3D%2F/
http://blogyul.miqrogroove.com/&a=a%3D%2F%2F/
http://blogyul.miqrogroove.com/&a=a%3D%2F%2F%2F/

comment:3 GamerZ5 years ago

I can't seem to reproduce this, my site loads fine with the query string

comment:4 miqrogroove5 years ago

This is interesting. I stubbed in a logging command directly above the line " trailing slashes" in canonical.php.

//debug
error_log('rpath:'.$redirect['path']);

	// trailing slashes

It should write one line to the log for my eyes only. But look at the output for a single hit to /&a=a=

[26-Jan-2009 02:09:33] rpath:/&a=a%3D
[26-Jan-2009 02:09:33] rpath:/&a=a%3D/

comment:5 miqrogroove5 years ago

Okay, I think that second line is a result of the " protect against chained redirects". Now I just need to figure out why the hell that trailing slash is being urlescaped when the client hits /&a=a%3D/

comment:6 miqrogroove5 years ago

Curiouser and curiouser... When I stubbed in

//debug
error_log('ruri:'.$_SERVER['REQUEST_URI']);

the output was

[26-Jan-2009 02:26:42] ruri:/&a=a%3D%2F

So who's messing with mah superglobals?

comment:7 miqrogroove5 years ago

  • Resolution set to wontfix
  • Status changed from new to closed

qTranslate appears to be the culprit.

comment:8 miqrogroove5 years ago

  • Component changed from General to Plugins
  • Milestone 2.7.1 deleted

comment:9 miqrogroove5 years ago

Fixed for qTranslate v2.2.2 and patch available at http://plugins.trac.wordpress.org/changeset/89547/qtranslate

Note: See TracTickets for help on using tickets.