Make WordPress Core

Opened 7 years ago

Closed 7 years ago

Last modified 7 years ago

#8965 closed defect (bug) (wontfix)

Infinite Redirection in Bogus Namespace

Reported by: miqrogroove Owned by:
Milestone: Priority: normal
Severity: major Version: 2.7
Component: Plugins Keywords:
Focuses: Cc:


On my WordPress blog, anyone who hits a path like /&a=a= will get locked into an infinite namespace. :(

On wordpress.com, what I get is, "If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header." :o

Should I attach my resume? _

Change History (9)

#2 @miqrogroove
7 years ago


#3 @GamerZ
7 years ago

I can't seem to reproduce this, my site loads fine with the query string

#4 @miqrogroove
7 years ago

This is interesting. I stubbed in a logging command directly above the line " trailing slashes" in canonical.php.


	// trailing slashes

It should write one line to the log for my eyes only. But look at the output for a single hit to /&a=a=

[26-Jan-2009 02:09:33] rpath:/&a=a%3D
[26-Jan-2009 02:09:33] rpath:/&a=a%3D/

#5 @miqrogroove
7 years ago

Okay, I think that second line is a result of the " protect against chained redirects". Now I just need to figure out why the hell that trailing slash is being urlescaped when the client hits /&a=a%3D/

#6 @miqrogroove
7 years ago

Curiouser and curiouser... When I stubbed in


the output was

[26-Jan-2009 02:26:42] ruri:/&a=a%3D%2F

So who's messing with mah superglobals?

#7 @miqrogroove
7 years ago

  • Resolution set to wontfix
  • Status changed from new to closed

qTranslate appears to be the culprit.

#8 @miqrogroove
7 years ago

  • Component changed from General to Plugins
  • Milestone 2.7.1 deleted

#9 @miqrogroove
7 years ago

Fixed for qTranslate v2.2.2 and patch available at http://plugins.trac.wordpress.org/changeset/89547/qtranslate

Note: See TracTickets for help on using tickets.