Open raamdev opened 8 years ago
%%$_GET['url']%%
regex:/^/go.php.*/
example.com
http://example.com/go.php?url=http://google.com/
I would expect the Target URL to get the value of $_GET['url'] (in this case http://google.com/) and then redirect me to that URL.
$_GET['url']
http://google.com/
I am redirected to http://example.com/ (i.e., WP Redirects is not picking up the value of $_GET['url'] and redirecting me to http://google.com/).
http://example.com/
After some debugging, I narrowed the bug down to two Regular Expressions.
The first bug is in redirect_redirects():
redirect_redirects()
$to = preg_replace_callback('/%%\\\$([^\[]+?)(.+?)%%/i', 'wp_redirects\plugin::_url_e_gprcs_value', $to);
which should be:
$to = preg_replace_callback('/%%\$(\_[a-zA-Z]+)(.+?)%%/i', 'wp_redirects\plugin::_url_e_gprcs_value', $to);
and the second is in _url_e_gprcs_value():
_url_e_gprcs_value()
if(strlen($element_w_brackets = $m[2]) && preg_match('/^(?:(?:\[(["\'])[a-z0-9 \._\-]+?\\1\])|(?:\[[0-9]+\]))+$/i', $element_w_brackets))
if(strlen($element_w_brackets = $m[2]) && preg_match('/^(?:(?:\[(["\'])[a-z0-9\._\-]+?\1\])|(?:\[[0-9]+\]))+$/i', $element_w_brackets))
You can see a diff of these changes here.
Additionally, it is necessary to urldecode() the value of $_GET['url'] before redirecting to it; I added the following on this line and that did the job:
urldecode()
$to = urldecode($to);
@jaswsinc I could use a second set of eyes on the proposed fixes above. 😄
It looks like this is a duplicate of https://github.com/websharks/wp-redirects/issues/18, which has been fixed in the trunk.
Steps to reproduce
%%$_GET['url']%%
regex:/^/go.php.*/
example.com
with your domain):http://example.com/go.php?url=http://google.com/
Expected Behavior
I would expect the Target URL to get the value of
$_GET['url']
(in this casehttp://google.com/
) and then redirect me to that URL.Observed Behavior
I am redirected to
http://example.com/
(i.e., WP Redirects is not picking up the value of$_GET['url']
and redirecting me tohttp://google.com/
).Debugging Results
After some debugging, I narrowed the bug down to two Regular Expressions.
The first bug is in
redirect_redirects()
:which should be:
and the second is in
_url_e_gprcs_value()
:which should be:
You can see a diff of these changes here.
Additionally, it is necessary to
urldecode()
the value of$_GET['url']
before redirecting to it; I added the following on this line and that did the job: