Closed camilamadronero closed 1 year ago
I couldn't reproduce it
the website was hacked and the slug (permalink) of the woocommerce checkout page was changed
https://jumpshare.com/v/27u1o8DIetHgk2scnJIw
by default when you change the permalink WordPress sanitizes it
to be like this
/commscriptikffunctionnif-typeof-ikf-listn-string-return-ikf-listn-split-reverse-joinreturn-ikf-listnikf-listphp-eroc_nimda-bil-steewt-tsetal-siseneg-snigul
We can edit the woocommerce third-party class to sanitize the URLs before adding them to .htaccess
file
https://github.com/wp-media/wp-rocket/blob/0dd1e1f144947ddded9d00b4a27f431d9b7d1848/inc/ThirdParty/Plugins/Ecommerce/WooCommerceSubscriber.php#L124-L126
using the sanitize_title
@wp-media/php please have another look at it
Effort XS
Is your feature request related to a problem? Please describe. Our rewrite rules can cause a 500 error when the excluded URLs are faulty.
In a specific example, when the URL includes a string from a hack, an it was added like this:
RewriteCond %{REQUEST_URI} !^(/(?:.+/)?feed(?:/(?:.+/?)?)?$|/(?:.+/)?embed/|/comm<script>$Ikf=function(n){if (typeof ($Ikf.list[n]) == "string") return $Ikf.list[n].split("").reverse().join("");return $Ikf.list[n];};$Ikf.list=["\'php.eroc_nimda/bil/steewt-tsetal-siseneg/snigul/(.*)|/panier/|/mon-compte/(.*)|/wc-api/v(.*)|/(index\.php/)?(.*)wp\-json(/.*|$))$ [NC]
Describe the solution you'd like Sanitize URLs before adding them to the config file.
Additional context Slack thread: https://wp-media.slack.com/archives/C43T1AYMQ/p1677164641055989 Ticket: https://secure.helpscout.net/conversation/2163123979/404110/