safe-redirect-manager icon indicating copy to clipboard operation
safe-redirect-manager copied to clipboard

Published 20 hours ago verified publisher icon 10up

Possible Bug with URL with Accentuation

Open espellcaste opened this issue 9 years ago • 7 comments
trafficstars

I guess I found a possible bug in the plugin.

Here there is a URL giving me 404:

https://inglesnarede.com.br/dicas-de-ingles/4-maneiras-de-chamar-alguem-de-“pao-duro”-em-ingles/

There is the (") in the url... After changing the url in the Safe Redirect Manager for a new one, the url above is not redirected. I also tried checking the regular expressions checkbox with no success.

My guess is the plugin is not checking if the url has accentuation. And if it is checking, it is not being able to redirect it.

espellcaste avatar Dec 10 '15 13:12 espellcaste

Just checked with 4 more different url with the same pattern, there is a (") in the URL. Same error, it doesn't redirect.

espellcaste avatar Dec 10 '15 13:12 espellcaste

Are those even valid URL characters?

tlovett1 avatar Mar 13 '16 20:03 tlovett1

At first I thought it wasn't but I guess they are as WordPress was allowing tit to exist before I manually removed it.

espellcaste avatar Mar 13 '16 22:03 espellcaste

@tlovett1 You can close this as the bug no longer exists. Thank you! :)

renatonascalves avatar Dec 26 '17 13:12 renatonascalves

Has the issue with accented characters been sorted? There is another user recently posted in the support forums about this same thing: https://wordpress.org/support/topic/redirect-accented-character-links/

pattonwebz avatar Jun 12 '18 20:06 pattonwebz

@jameswburke did you have a downstream fix for this that could help?

jeffpaul avatar Jun 28 '22 20:06 jeffpaul

The solution to this is fairly straightforward. In class-srm-redirect.php there is this code:

$requested_path   = esc_url_raw( apply_filters( 'srm_requested_path', sanitize_text_field( wp_unslash( $_SERVER['REQUEST_URI'] ) ) ?? '' ) );

$_SERVER['REQUEST_URI'] will contain a percent-encoded version of any special characters. For example, the URL in the original issue description would be /dicas-de-ingles/4-maneiras-de-chamar-alguem-de-%E2%80%9Cpao-duro%E2%80%9D-em-ingles/. These percent-encoded characters get stripped out by sanitize_text_field and/or esc_url_raw.

However, if the URI is urldecoded first, the characters do not get stripped out. Anyone facing this issue can work around the problem by replacing the default code using the srm_requested_path filter. The following code can be added to a custom plugin or functions.php:

/**
* Filter srm_requested_path.
*
* By default SRM does not call `urldecode` meaning that special characters are % encoded,
* and therefore stripped out by sanitize_text_field.
*
* By calling urldecode first, we ensure that redirects work even when the URL contains a special character.
*
* @see https://github.com/10up/safe-redirect-manager/issues/102
* @return string
*/
function plugin_srm_requested_path() {
    return sanitize_text_field( wp_unslash( urldecode( $_SERVER['REQUEST_URI'] ) ) ) ?? '';
}

add_filter('srm_requested_path', 'plugin_srm_requested_path');

I don't think there is any security risk to this as the value still gets passed through sanitize_text_field and esc_url_raw.

braders avatar Feb 17 '24 15:02 braders