Support » Plugin: Redirection » htaccess referer output is incorrectly escaped

  • Using Redirection in conjunction with WP Super Cache. As WP Super Cache takes over the .htaccess, WordPress-based redirection doesn’t work (as it hits the .htaccess first and gets taken over by WP Super Cache) we need to use .htaccess/Apache redirection.

    There seems to be an issue where URLs are escaped before they’re written to the .htaccess, which is not correct – this causes the Referer string to never match and Apache’s URL output is unpredictable (as it re-escapes some of the characters and strips others).

    To reproduce:

    1. Create a Group that outputs to .htaccess (Apache module)
    2. Add a redirect based on URL + referer
    3. Check .htaccess, both RewriteCond and RewriteRule URLs have been urlencoded. A referer of http%3A// will never match – nor will a referer of “” (as the string contains the http:// prefix).


    Comment out lines 21-25 and lines 31-34 in redirection/models/htaccess.php. This prevents escaping of Referer and target URLs in the .htaccess. There may be security/stability implications here though?

Viewing 1 replies (of 1 total)
  • Noting that with the above workaround you need to leave “Regex” unchecked, as htaccess Regexes are passed straight through to the file.

Viewing 1 replies (of 1 total)
  • The topic ‘htaccess referer output is incorrectly escaped’ is closed to new replies.