htaccess referer output is incorrectly escaped

  • Using Redirection in conjunction with WP Super Cache. As WP Super Cache takes over the .htaccess, WordPress-based redirection doesn’t work (as it hits the .htaccess first and gets taken over by WP Super Cache) we need to use .htaccess/Apache redirection.

    There seems to be an issue where URLs are escaped before they’re written to the .htaccess, which is not correct – this causes the Referer string to never match and Apache’s URL output is unpredictable (as it re-escapes some of the characters and strips others).

    To reproduce:

    1. Create a Group that outputs to .htaccess (Apache module)
    2. Add a redirect based on URL + referer
    3. Check .htaccess, both RewriteCond and RewriteRule URLs have been urlencoded. A referer of http%3A//site.com will never match – nor will a referer of “site.com” (as the string contains the https:// prefix).

    Workaround:

    Comment out lines 21-25 and lines 31-34 in redirection/models/htaccess.php. This prevents escaping of Referer and target URLs in the .htaccess. There may be security/stability implications here though?

    https://www.ads-software.com/extend/plugins/redirection/

Viewing 1 replies (of 1 total)
  • Thread Starter garethsprice

    (@garethsprice)

    Noting that with the above workaround you need to leave “Regex” unchecked, as htaccess Regexes are passed straight through to the file.

Viewing 1 replies (of 1 total)
  • The topic ‘htaccess referer output is incorrectly escaped’ is closed to new replies.