Rejected URL strings case sensitive, created cache directory lowercase #43206
Description
Impacted plugin
Super Cache
Quick summary
WP Super Cache has "Rejected URL strings" feature, and the description for it is:
Add here strings (not a filename) that forces a page not to be cached. For example, if your URLs include year and you dont want to cache last year posts, it’s enough to specify the year, i.e. ’/2004/’. WP-Cache will search if that string is part of the URI and if so, it will not cache that page.
The problem with this is that it is case sensitive, and created cache directory is lowercased - this makes this feature far less useful (and arguably problematic), because it becomes super easy to bypass it.
For example, adding a string like a "register" in it prevents WPSC from caching domain.com/register/ - however, if someone accesses domain.com/Register/, WPSC will create /register/ cache version.
I think this should be changed to either lowercase all entered reject strings (which makes sense, as WPSC explicitly lowercases created cache directory), or at least changing the description to warn users of this issue.
Steps to reproduce
- Enter any lowercase string (example) in Rejected URL strings
- Visit uppercased version of the string, example: domain.com/EXAMPLE/
domain.com/example/ is now cached, I would not have expected this.
Site owner impact
More than 60% of the total website/platform users
Severity
Major
What other impact(s) does this issue have?
No response
If a workaround is available, please outline it here.
No response
Platform (Simple and/or Atomic)
No response