The Support Forums will be in read-only mode for a scheduled maintenance window on 01 September 2016 14:00 UTC - 20:00 UTC. More information.

htaccess referer output is incorrectly escaped (2 posts)

  1. garethsprice
    Posted 3 years ago #

    Using Redirection in conjunction with WP Super Cache. As WP Super Cache takes over the .htaccess, WordPress-based redirection doesn't work (as it hits the .htaccess first and gets taken over by WP Super Cache) we need to use .htaccess/Apache redirection.

    There seems to be an issue where URLs are escaped before they're written to the .htaccess, which is not correct - this causes the Referer string to never match and Apache's URL output is unpredictable (as it re-escapes some of the characters and strips others).

    To reproduce:

    1. Create a Group that outputs to .htaccess (Apache module)
    2. Add a redirect based on URL + referer
    3. Check .htaccess, both RewriteCond and RewriteRule URLs have been urlencoded. A referer of http%3A//site.com will never match - nor will a referer of "site.com" (as the string contains the http:// prefix).


    Comment out lines 21-25 and lines 31-34 in redirection/models/htaccess.php. This prevents escaping of Referer and target URLs in the .htaccess. There may be security/stability implications here though?


  2. garethsprice
    Posted 3 years ago #

    Noting that with the above workaround you need to leave "Regex" unchecked, as htaccess Regexes are passed straight through to the file.

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • Redirection
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic