Support » Plugin: BBQ: Block Bad Queries » Redirection blocked

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Jeff Starr

    (@specialk)

    Hi, yes that is a bug that will be fixed in the next update. If you want to contact me directly, I can send a simple whitelist plugin that will resolve the issue in the current version. To get it, reach me via my contact form: https://perishablepress.com/contact/

    Plugin Author Jeff Starr

    (@specialk)

    This issue is resolved in the latest version of BBQ, v20160328. Thanks for reporting.

    Explanation

    It turns out that certain WordPress functions such as wp_lostpassword_url() fail to encode URLs properly. Specifically, this function and possibly others include reserved characters, : (colon) and / (forward slash), in the query string, for example:

    http://example.com/wp-login.php?action=lostpassword&redirect_to=http://example.com/

    Because of this, security plugins and firewalls no longer can block a wide range of malicious requests without also interfering with WP’s unencoded URLs.

    Thus the pattern \:\/\/ was removed in BBQ version 20160328.

    Learn more about encoding characters in URLs

    Thanks a lot

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Redirection blocked’ is closed to new replies.