problem with special characters in generated htaccess

[AITpro Admin]

Ok so you are saying that after you click the Activate buttons the code that is created in your root .htaccess file from your saved Custom Code code is being converted to its ASCII equivalent?  Is that what is occurring?

[silas88]

Yes!

[AITpro Admin]

Ok this is not coming from BPS.  The Custom Code text areas and the functions that handle them will create and copy exactly what is in the Custom Code text boxes to your root .htaccess file and not do any conversion of the code.  The htmlspecialchars_decode function is used in the write process from Custom Code to .htaccess files and this has not changed since BPS and BPS Pro were created years ago.  So maybe there is some sort of new issue with PHP5.4.x on your particular Server that is causing this issue.  On my testing site I am running PHP5.4.7 and this problem does not occur when I use your code above in Custom Code and Activate Root Folder BulletProof Mode.

Maybe this is just a visual thing that is occurring in the htaccess File Editor window itself and the code is actually not being converted to the ASCII equivalent. Use FTP and physically check your root .htaccess file to see if the code is intact and the problem is only what you are seeing in the htaccess File Editor window.
http://www.php.net/manual/en/function.htmlspecialchars-decode.php

[AITpro Admin]

Hmm I just thought of something really obvious.  Delete and retype in all the single quotes and double quotes and resave your Custom Code.  If you copied the original code from a Word or WordPad or other application then a hidden format is in that code and will cause this problem.  The only ASCII editor that should ever be used is either Notepad or Notepad++.  Everything else will produce a hidden format / corrupt / invalid .htaccess code.

[silas88]

I have been doing some more research and I don’t think it’s a magic_quote issue as that is auto-escaping certain charachters. There are however several posts going back a a couple of years ago in the support section of wordpress.org regarding ascii &#039. If it was a live WP issue I would have imagined that there would be recent reports of problems but Google didn’t find any so I am stumped.  It maybe that I still need to escape these characters in my code and I guess that’s the next thing that I need to try.

[AITpro Admin]

Nope.  Escaping any code will only result in the slashes being written to your root .htaccess file code.  The Custom Code text boxes are specially designed to NOT convert code.  Whatever is in the Custom Code text boxes is what is written to the root .htaccess file.  With the exception of invalid code.  Characters with Windows hidden formatting is invalid .htaccess code.

[silas88]

Re Notepad / Word – the only editor that I use for htaccess / php etc is Notepad++.  I will try that anyway and see if it fixes the problem.

[AITpro Admin]

What encoding are you using on this site?  UTF-8? http-equiv="Content-Type" content="text/html; charset=UTF-8"

In PHP5.4.0 these constants were added so maybe this has something to do with out – grasping at straws – everything works fine on my PHP5.4.7 test site so probably has nothing at all to do with anything. 5.4.0 The constants ENT_HTML401, ENT_XML1, ENT_XHTML and ENT_HTML5 were added.

[AITpro Admin]

LOL yeah I was able to reproduce this issue.  I checked the root .htaccess file physically on my test site and see the ASCII characters.  So yep the htmlspecialchars_decode function is converted single quotes.  I will need to look at this further to decide what the best approach would be for this issue.  For now you will have to add any code with single quotes in it directly into your .htaccess file and cannot use Custom Code for this code.

Header set X-Content-Security-Policy "default-src 'self'; img-src 'self' analytics.mydomain.com; \
script-src 'self' analytics.mydomain.com ajax.googleapis.com; font-src 'self' data:" env=ie

[AITpro Admin]

Looks like the simple solution is to add ENT_NOQUOTES.  ENT_NOQUOTES Will leave both double and single quotes unconverted.

[silas88]

Well I am glad you were able to reproduce it! I thought I was going mad 😉  I take it that’s a fix that you will add i.e. it’s not something I can do other than using the work around that I have been doing so far (making the changes in the htaccess directly)?

[AITpro Admin]

Yeah I took my own advice and looked at the root .htaccess file physically.  LOL  In the htaccess File Editor window the code looked fine because it is converted.  Yep, I will need to do testing to make sure this does not mess with other things, but it seems like a fairly straight forward fix that I will add in BPS Pro 8.1.  So yeah unfortunately for now do a direct edit in the root .htaccess file for this particular code.  Odd that this has never come up before, but adding single quotes in .htaccess code is a very unusual thing.

[silas88]

OK, well thanks for getting to the route cause.

[silas88]

In the BPS QUERY STRING section is this string correct or has it been affected by a similar issue

RewriteCond %{QUERY_STRING} (\.\./|%2e%2e%2f|%2e%2e/|\.\.%2f|%2e\.%2f|%2e\./|\.%2e%2f|\.%2e/) [NC,OR]

I noticed that 0.49 I had the following instead

RewriteCond %{QUERY_STRING} (\.\./|\.\.) [OR]
Or perhaps it's just escaping, should it be this...
RewriteCond %{QUERY_STRING} (\.\./|\.\.\\|\.\./|\.\.\\|\.\.\\|\.\./|\.\.\\|\.\./) [NC,OR]

[silas88]

I just reread the change list for .49.6 and I see that the use of ASCII was intentional here so ignore my post above.

[Author]

Posts