htaccess referer output is incorrectly escaped
Using Redirection in conjunction with WP Super Cache. As WP Super Cache takes over the .htaccess, WordPress-based redirection doesn’t work (as it hits the .htaccess first and gets taken over by WP Super Cache) we need to use .htaccess/Apache redirection.
There seems to be an issue where URLs are escaped before they’re written to the .htaccess, which is not correct – this causes the Referer string to never match and Apache’s URL output is unpredictable (as it re-escapes some of the characters and strips others).
1. Create a Group that outputs to .htaccess (Apache module)
2. Add a redirect based on URL + referer
3. Check .htaccess, both RewriteCond and RewriteRule URLs have been urlencoded. A referer of http%3A//site.com will never match – nor will a referer of “site.com” (as the string contains the http:// prefix).
Comment out lines 21-25 and lines 31-34 in redirection/models/htaccess.php. This prevents escaping of Referer and target URLs in the .htaccess. There may be security/stability implications here though?
- The topic ‘htaccess referer output is incorrectly escaped’ is closed to new replies.