Replacement codes break Target URL redirection

[raamdev]

Steps to reproduce

1. Install and activate latest version of WP Redirects (confirmed with v141009)
2. Create a new redirect with the following settings:
   • Target URL: %%$_GET['url']%%
   • Additional Source URIs: regex:/^/go.php.*/
3. Now visit the following URL (replacing example.com with your domain):
   • http://example.com/go.php?url=http://google.com/

     Expected Behavior

I would expect the Target URL to get the value of $_GET['url'] (in this case http://google.com/) and then redirect me to that URL.

Observed Behavior

I am redirected to http://example.com/ (i.e., WP Redirects is not picking up the value of $_GET['url'] and redirecting me to http://google.com/).

---

Debugging Results

After some debugging, I narrowed the bug down to two Regular Expressions.

The first bug is in redirect_redirects():

$to = preg_replace_callback('/%%\\\$([^\[]+?)(.+?)%%/i', 'wp_redirects\plugin::_url_e_gprcs_value', $to);

which should be:

$to = preg_replace_callback('/%%\$(\_[a-zA-Z]+)(.+?)%%/i', 'wp_redirects\plugin::_url_e_gprcs_value', $to);

and the second is in _url_e_gprcs_value():

if(strlen($element_w_brackets = $m[2]) && preg_match('/^(?:(?:\[(["\'])[a-z0-9 \._\-]+?\\1\])|(?:\[[0-9]+\]))+$/i', $element_w_brackets))

which should be:

if(strlen($element_w_brackets = $m[2]) && preg_match('/^(?:(?:\[(["\'])[a-z0-9\._\-]+?\1\])|(?:\[[0-9]+\]))+$/i', $element_w_brackets))

You can see a diff of these changes here.

Additionally, it is necessary to urldecode() the value of $_GET['url'] before redirecting to it; I added the following on this line and that did the job:

$to = urldecode($to);

[raamdev]

@jaswsinc I could use a second set of eyes on the proposed fixes above. 😄

[raamdev]

It looks like this is a duplicate of https://github.com/websharks/wp-redirects/issues/18, which has been fixed in the trunk.