WordPress.org

Ready to get started?Download WordPress

Forums

Better HTTP Redirects
This plugin is looking at and URL encoding internal URLs in the admin area? (4 posts)

  1. AITpro
    Member
    Posted 2 years ago #

    This plugin is interfering with other plugins that are using the WordPress Settings API in a form to save options to the WP DB. Example: The form action is action="options.php". When clicking a save / update button this php error is generated below. This is issue is occurring on every single form that is using the WordPress Settings API and within several different plugins as well.

    [20-Aug-2011 05:46:51] PHP Warning: Redirect location "/wp-admin/admin.php?page=bulletproof-security%2Fadmin%2Fphp%2Fphp-options.php&settings-updated=true" does not look like an absolute URL as requested by RFC 2616; 14.30 Location. in /home1/xxxxx/public_html/wp-content/plugins/better-http-redirects/better-http-redirects.php on line 82

    URL encoding replaces unsafe ASCII characters with a "%" followed by two hexadecimal digits. %2F is the URL encoded forward slash.

    So I'm not sure why the forward slash is being URL encoded when it is a WordPress dynamically generated URL within the WP Dashboard / admin area. This plugin should not be URL encoding other plugins admin options or any other URLs in any admin areas at all IMO. URL encoding should only be allowed for external URLs in the public front end of the site.

    Or maybe the issue is that the URL encoding is already occurring but this plugin is generating php errors because of this? Not really totally sure, but either way this should not be happening in the admin areas.

    So this plugin looks good otherwise, just needs these coding corrections. Thanks.

  2. AITpro
    Member
    Posted 2 years ago #

    Ok just adding !is_admin takes care of the issue. Thanks.

    public function wp_redirect($location, $status) {
    // give warning if a redirect is violating the RFC, see #14062
    if (! parse_url($location2 = wp_sanitize_redirect($location), PHP_URL_SCHEME)) {
    // Do not trigger a PHP error if you are in the WP Dashboard / admin areas
    if ( !is_admin ) {
    trigger_error(sprintf('Redirect location "%s" does not look like an absolute URL as requested by RFC 2616; 14.30 Location.', $location2), E_USER_WARNING);
    }
    }

  3. hakre
    Member
    Plugin Author

    Posted 1 year ago #

    That is just a warning, used for debugging purposes. You won't see it if you don't have WP_DEBUG enabled.

    I have used that to fix some HTTP standard violations within wordpress core, it's likely that some plugin authors are also violating the standard (at least the current HTTP 1.1 one).

    This is taking that standard strict, it's just that most browsers are able to deal with relative links, too in location headers. The problem is that location headers have no defined base URI so that relative URIs technically do not work here. That's also why in HTTP 1.1 this is not possible and why the plugin gives notice when you are in development mode (WP_DEBUG).

    See as well: How to Debug Redirect Problems in WordPress (about the debug mode of the plugin)

  4. AITpro
    Member
    Posted 1 year ago #

    Yep just modifying the coding so that it does not interfere with other plugins in the backend admin area worked fine. ;) Thanks.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic