Opened 20 months ago
Closed 20 months ago
#18818 closed defect (bug) (invalid)
wp_sanitize_redirect() kills "@" in URL's
| Reported by: |
|
Owned by: |
|
|---|---|---|---|
| Priority: | normal | Milestone: | |
| Component: | General | Version: | 3.2.1 |
| Severity: | normal | Keywords: | |
| Cc: |
Description
We had a URL like:
http://site.com/path/to/page?email=theandystratton@gmail.com
WP 301's to
http://site.com/path/to/page/?email=theandystratton@gmail.com
But wp_redirect()'s call to wp_sanitize_redirect() kills the "@" symbol. The reason for this being that a theme/plugin could be using query string arguments for something (i.e. form that accepts pre-populated input via query string, like an email address or arbitrary text).
This could have been an oversight OR it could be on purpose, if so, would like to know (I'd assume a security reason).
Attachments (1)
Change History (4)
theandystratton — 20 months ago
The @ symbol is a reserved character in URLs. It's for separating the username from the host. You need to encode it.
As stated in #18814, it may be possible to encode it in query strings only, but I don't think we should.
comment:2
follow-up:
↓ 3
theandystratton — 20 months ago
Gotcha, makes sense. For some reason I was getting a similar behavior with encoding (%40) but not now. I figured there was probably something I was overlooking in terms of URL structure as reason for why it wasn't there. Thankyasir.
At least I'm 1 step closer to being able to submit a true patch that gets accepted ;]
- Milestone Awaiting Review deleted
- Resolution set to invalid
- Status changed from new to closed
Replying to theandystratton:
At least I'm 1 step closer to being able to submit a true patch that gets accepted ;]
Indeed! :)
Allows @ symbol in wp_sanitize_redirect