From 65e057daa25fdaed35dc7dd3d0642b112334f383 Mon Sep 17 00:00:00 2001 From: Gary Pendergast Date: Mon, 8 Apr 2019 01:09:01 +0000 Subject: [PATCH] Canonical: Ensure redirect query keys are URL encoded. This prevents an infinite redirect loop when a request containing URL-encoded characters triggers `is_404()`. Props soulseekah, wrwrwr0. Fixes #43745. git-svn-id: https://develop.svn.wordpress.org/trunk@45133 602fd350-edb4-49c9-b593-d223f7449a82 --- src/wp-includes/canonical.php | 5 ++++- tests/phpunit/tests/canonical.php | 20 ++++++++++++++++++++ 2 files changed, 24 insertions(+), 1 deletion(-) diff --git a/src/wp-includes/canonical.php b/src/wp-includes/canonical.php index 36ff32053b..3bf9b452a7 100644 --- a/src/wp-includes/canonical.php +++ b/src/wp-includes/canonical.php @@ -388,7 +388,10 @@ function redirect_canonical( $requested_url = null, $do_redirect = true ) { } } - $_parsed_query = rawurlencode_deep( $_parsed_query ); + $_parsed_query = array_combine( + rawurlencode_deep( array_keys( $_parsed_query ) ), + rawurlencode_deep( array_values( $_parsed_query ) ) + ); $redirect_url = add_query_arg( $_parsed_query, $redirect_url ); } diff --git a/tests/phpunit/tests/canonical.php b/tests/phpunit/tests/canonical.php index a2bbc0636a..53d666e59c 100644 --- a/tests/phpunit/tests/canonical.php +++ b/tests/phpunit/tests/canonical.php @@ -213,4 +213,24 @@ class Tests_Canonical extends WP_Canonical_UnitTestCase { // Todo: Endpoints (feeds, trackbacks, etc), More fuzzed mixed query variables, comment paging, Home page (Static) ); } + + /** + * @ticket 43745 + */ + public function test_utf8_query_keys_canonical() { + $p = self::factory()->post->create( + array( + 'post_type' => 'page', + ) + ); + update_option( 'show_on_front', 'page' ); + update_option( 'page_on_front', $p ); + + $this->go_to( get_permalink( $p ) ); + + $url = redirect_canonical( add_query_arg( '%D0%BA%D0%BE%D0%BA%D0%BE%D0%BA%D0%BE', 1, site_url( '/' ) ), false ); + $this->assertNull( $url ); + + delete_option( 'page_on_front' ); + } }