id,summary,reporter,owner,description,type,status,priority,milestone,component,version,severity,resolution,keywords,cc
22666,"When evaluating path in get_*_url(), '..' can match the query string",wonderboymusic,,"http://nacins-beard.com/gallery/?s=... is a valid URL. A common way to generate it and URLs like it is:

{{{
home_url( '/gallery/?s=..' )
}}}

This will return:

{{{
http://nacins-beard.com
}}}

Why? Because most of the get_*_url functions check for .. on the entire URI, not limited to the path. My patch fixes this and uses a function that all of the url functions share, eliminating a bunch of dupe'd code.",defect (bug),closed,normal,3.6,Permalinks,,normal,fixed,has-patch,xoodrew@…