[2.1.1 CE] Search Terms, Contact Us, Orders and Returns, Advanced Search also loading with "/index"

[azeemism]

When .html suffix is disabled Search Terms, Contact Us, Orders and Returns, Advanced Search

1. load with .html suffix
2. can load with two "//" after the domain
3. still load if the url ends with /index and possibly '/index/' as well
4. the url location after the domain can also repeated

   Preconditions

5. Magento 2.1.1 CE - clean install with composer
6. php bin/magento setup:install --backend-frontname="123adcd"
7. php bin/magento deploy:mode:set developer
8. php bin/magento maintenance:enable
9. php bin/magento setup:di:compile
10. php bin/magento --ansi setup:static-content:deploy en_CA
11. php bin/magento indexer:reindex
12. mariadb

root@skynet:~# dpkg -l | grep mariadb
ii  libmariadbclient18                   10.1.17+maria-1~jessie               amd64        MariaDB database client library
ii  mariadb-client                       10.1.17+maria-1~jessie               all          MariaDB database client (metapackage depending on the latest version)
ii  mariadb-client-10.1                  10.1.17+maria-1~jessie               amd64        MariaDB database client binaries
ii  mariadb-client-core-10.1             10.1.17+maria-1~jessie               amd64        MariaDB database core client binaries
ii  mariadb-common                       10.1.17+maria-1~jessie               all          MariaDB database common files (e.g. /etc/mysql/conf.d/mariadb.cnf)
ii  mariadb-server                       10.1.17+maria-1~jessie               all          MariaDB database server (metapackage depending on the latest version)
ii  mariadb-server-10.1                  10.1.17+maria-1~jessie               amd64        MariaDB database server binaries
ii  mariadb-server-core-10.1             10.1.17+maria-1~jessie               amd64        MariaDB database core server files

1. php7.0

root@skynet:~# dpkg -l | grep php7
ii  libapache2-mod-php7.0                7.0.10-1~dotdeb+8.1                  amd64        server-side, HTML-embedded scripting language (Apache 2 module)
ii  php7.0                               7.0.10-1~dotdeb+8.1                  all          server-side, HTML-embedded scripting language (metapackage)
ii  php7.0-bcmath                        7.0.10-1~dotdeb+8.1                  amd64        Bcmath module for PHP
ii  php7.0-cli                           7.0.10-1~dotdeb+8.1                  amd64        command-line interpreter for the PHP scripting language
ii  php7.0-common                        7.0.10-1~dotdeb+8.1                  amd64        documentation, examples and common module for PHP
ii  php7.0-curl                          7.0.10-1~dotdeb+8.1                  amd64        CURL module for PHP
ii  php7.0-dev                           7.0.10-1~dotdeb+8.1                  amd64        Files for PHP7.0 module development
ii  php7.0-fpm                           7.0.10-1~dotdeb+8.1                  amd64        server-side, HTML-embedded scripting language (FPM-CGI binary)
ii  php7.0-gd                            7.0.10-1~dotdeb+8.1                  amd64        GD module for PHP
ii  php7.0-igbinary                      1.2.1-1~2b7c703-1~dotdeb+8.2         amd64        igbinary serializer for PHP
ii  php7.0-imagick                       3.4.2-1~dotdeb+8.2                   amd64        Provides a wrapper to the ImageMagick library
ii  php7.0-intl                          7.0.10-1~dotdeb+8.1                  amd64        Internationalisation module for PHP
ii  php7.0-json                          7.0.10-1~dotdeb+8.1                  amd64        JSON module for PHP
ii  php7.0-mbstring                      7.0.10-1~dotdeb+8.1                  amd64        MBSTRING module for PHP
ii  php7.0-mcrypt                        7.0.10-1~dotdeb+8.1                  amd64        libmcrypt module for PHP
ii  php7.0-mysql                         7.0.10-1~dotdeb+8.1                  amd64        MySQL module for PHP
ii  php7.0-opcache                       7.0.10-1~dotdeb+8.1                  amd64        Zend OpCache module for PHP
ii  php7.0-pspell                        7.0.10-1~dotdeb+8.1                  amd64        pspell module for PHP
ii  php7.0-readline                      7.0.10-1~dotdeb+8.1                  amd64        readline module for PHP
ii  php7.0-redis                         3.0.0~rc1-1~dotdeb+8.2               amd64        PHP extension for interfacing with Redis
ii  php7.0-soap                          7.0.10-1~dotdeb+8.1                  amd64        SOAP module for PHP
ii  php7.0-xml                           7.0.10-1~dotdeb+8.1                  amd64        DOM, SimpleXML, WDDX, XML, and XSL module for PHP
ii  php7.0-xmlrpc                        7.0.10-1~dotdeb+8.1                  amd64        XMLRPC-EPI module for PHP
ii  php7.0-xsl                           7.0.10-1~dotdeb+8.1                  all          XSL module for PHP (dummy)
ii  php7.0-zip                           7.0.10-1~dotdeb+8.1                  amd64        Zip module for PHP

1. Debian

root@skynet:~# cat /proc/version
Linux version 3.16.0-4-amd64 (debian-kernel@lists.debian.org) (gcc version 4.8.4 (Debian 4.8.4-1) ) #1 SMP Debian 3.16.7-ckt25-2+deb8u3 (2016-07-02)

root@skynet:~# lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description:    Debian GNU/Linux 8.5 (jessie)
Release:        8.5
Codename:       jessie

1. Composer version 1.2.1 2016-09-12 11:27:19
2. Disable .html suffix
3. Nginx

root@skynet:~# dpkg -l | grep nginx
ii  libnginx-mod-http-auth-pam           1.10.1-1~dotdeb+8.2                  amd64        PAM authentication module for Nginx
ii  libnginx-mod-http-geoip              1.10.1-1~dotdeb+8.2                  amd64        GeoIP HTTP module for Nginx
ii  libnginx-mod-http-image-filter       1.10.1-1~dotdeb+8.2                  amd64        HTTP image filter module for Nginx
ii  libnginx-mod-http-lua                1.10.1-1~dotdeb+8.2                  amd64        LUA module for Nginx
ii  libnginx-mod-http-ndk                1.10.1-1~dotdeb+8.2                  amd64        Nginx Development Kit module
ii  libnginx-mod-http-perl               1.10.1-1~dotdeb+8.2                  amd64        Perl module for Nginx
ii  libnginx-mod-http-xslt-filter        1.10.1-1~dotdeb+8.2                  amd64        XSLT Transformation module for Nginx
ii  libnginx-mod-mail                    1.10.1-1~dotdeb+8.2                  amd64        Mail module for Nginx
ii  libnginx-mod-stream                  1.10.1-1~dotdeb+8.2                  amd64        Stream module for Nginx
ii  nginx-common                         1.10.1-1~dotdeb+8.2                  all          small, powerful, scalable web/proxy server - common files
ii  nginx-extras                         1.10.1-1~dotdeb+8.2                  amd64        nginx web/proxy server (extended version)

Steps to reproduce

Load the following the following pages Search Terms, Contact Us, Orders and Returns, Advanced Search then remove index.html if it is present and add /index. Also try adding /index/.

Expected result

Pages should load as:

https://example.com/search/term/popular
https://example.com/contact
https://example.com/sales/guest/form
https://example.com/catalogsearch/advanced

Actual result

1. Pages can be loaded as below when "/index.html" is removed and "/index" is added to the url

https://example.com/search/term/popular/index
https://example.com/contact/index
https://example.com/sales/guest/form/index
https://example.com/catalogsearch/advanced/index

1. Pages can also load as follows when "/index.html" is removed and "/index" is added to the url

https://example.com//search/term/popular
https://example.com//contact
https://example.com/sales/guest/form/sales/guest/form
https://example.com/catalogsearch/advanced/index

1. The above pages may still load with index.html, through their link on the main page, even though .html suffix is disabled.

[azeemism]

Please note the following additional related issue observations:

NOTE 1: https://example.com/contact reloads as https://example.com/contact/index/ when a comment is submitted.

NOTE 2: Also note that if multiple comments are sent or if the captcha is incorrect when sending a comment additional index/ may be added or subtracted from the page url when it reloads again. For example https://example.com/contact/index/index/

NOTE 3: If the captcha is incorrectly entered, when the message is submitted all the text fields are reset. This will more than likely cause customer frustration and will likely lead to contact us message abandonment. I am not sure if this is the expected behavior or not, but if it is the expected behavior, I request your review not resetting the text fields--if the capture is incorrect when a message is submitted--as a new feature update to magento 2.

NOTE 4: Using nginx rewrites as a band-aid solution for this issue ticket

    location / {
        try_files $uri $uri/ /index.php?$args;
        rewrite ^/(.+)(/index\.html)$ /$1 permanent;
        rewrite ^/(catalogsearch/advanced)(/index)$ /$1 permanent;
        rewrite ^/(.*)/$ /$1 permanent;
   }

Result in

1. No message being emailed when a user submits a message and no notice to the user that the message has been submitted
2. If reload captcha is pressed, the captcha reloads indefinitely without displaying a new captcha
3. Even if the captcha is correct an incorrect captcha message is displayed

Further: It is possible that captcha will not reload or work on other forms (where captcha can be used) as well if, for captcha to work properly, it requires the form to be loaded with a forward-slash / at the end of the url or index/

[magento-engcom-team]

@azeemism, thank you for your report. We were not able to reproduce this issue by following the steps you provided. If you'd like to update it, please reopen the issue. We tested the issue on 2.1.9