Ticket #540 (closed defect: wontfix)

Opened 1 year ago

Last modified 1 year ago

Tighten 'files/' RewriteRule

Reported by: jdub Assigned to: donncha
Priority: normal Milestone:
Component: component1 Version:
Severity: normal Keywords:
Cc:

Description

If a plugin includes a 'files/' directory, the current 'files/' RewriteRule? is loose enough to munge those URLs, leading to lots of 404s and unexpected behaviour.

Fixing this, at least in WPMU's htaccess.dist, is desireable because plugin authors might use a 'files/' directory, and it would thoroughly discombobulate users if files from a plugin appeared to 404 for no good reason.

The fix is relatively simple. We just tighten the RewriteRule? match like so (see 3rd line): 

#uploaded files
RewriteRule ^(.*/)?files/$ index.php [L]
RewriteRule ^(.*/)?files/([0-9]{4}/[0-9]{2}/.*) wp-content/blogs.php?file=$2 [L]

Change History

01/10/08 07:53:16 changed by jdub

Oh man! This actually breaks one of my plugins, which puts user-editable files in the upload directory (blogs.dir/N), but not in the YYYY/MM structure. I break my own heart.

Another option, and my first solution: 

RewriteCond %{REQUEST_URI} !^.*plugins/.*$
RewriteRule ^(.*/)?files/(.*) wp-content/blogs.php?file=$2 [L]

01/11/08 16:50:45 changed by donncha

  • owner changed from somebody to donncha.
  • status changed from new to assigned.

Maybe we should not try to fix this. It's probably easier for plugins to be modified than messing with mod_rewrite rules.

01/15/08 15:53:20 changed by drmiketemp

+1 for leaving it be. I hate rewrite rules.

01/23/08 17:48:44 changed by donncha

  • status changed from assigned to closed.
  • resolution set to wontfix.

Yes, I think it's safer to leave it the way it was before.