Clash of RewriteRule due to [L] flag
-
Hi folks,
Currently, Adaptive Images has the following RewriteRule:
RewriteRule \.(?:jpe?g|gif|png)$ /wp-content/plugins/adaptive-images/adaptive-images-script.php [L]
Unfortunately, what this means is that the request is basically sent back to mod_rewrite for further processing, now with the new path (which ends in .php). If you have further rules, these are now processed, and a number of hardening tools don’t allow processing of .php files directly, unless they’re from a known list of files under wp-admin.
To fix this on our site, we’ve changed [L] to [END], as detailed in https://httpd.apache.org/docs/current/rewrite/flags.html#flag_l. An alternative could be using [P], but this would require mod_proxy to be installed.
So, the issue is now what will happen when we come to upgrade Adaptive Images. The use of [L] is hard coded in adaptive-images-actions.php, line 185. Additionally, there’s no checking on upgrade if the htaccess has been modified – it simply replaces the whole config between the mark lines with the new one.
Perhaps the flag being used could be added as a config option, or the upgrade processing could be a bit more clever about parsing the .htaccess to look for changes.
- The topic ‘Clash of RewriteRule due to [L] flag’ is closed to new replies.