home_url() malfunctions when the passed URL contains two dots in a row ("..")
|Reported by:||markjaquith||Owned by:||markjaquith|
home_url() (and a bunch of other similar functions) will spit back your WordPress Site URL if the URL/path you pass in to it has two dots ("..") in a row. It was an unexplained addition to the original code that has persisted.
echo home_url( '/foo-bar/elipsis...no-work/' );
It is due to this:
if ( !empty( $path ) && is_string( $path ) && strpos( $path, '..' ) === false ) $url .= '/' . ltrim( $path, '/' );
We should just remove that part of the condition. It doesn't serve any legitimate purpose that Nacin or I can tell, and it makes legitimate URLs with two (or more) dots fail in a very unexpected way.
Change History (14)
comment:1 markjaquith — 2 years ago
- Keywords has-patch 2nd-opinion needs-unit-tests added
- Owner set to markjaquith
- Status changed from new to accepted