Ticket #4411 (closed defect (bug): fixed)

Opened 5 years ago

Last modified 4 years ago

clean_url() should not encode ampersands on the way to the db

Reported by: ryan Owned by: ryan
Priority: normal Milestone: 2.3.1
Component: Administration Version: 2.2
Severity: normal Keywords: has-patch
Cc:

Description

clean_url() replaces ampersands with &. This is fine when the url is being echoed, but not when the url is being saved to the db. If the encoded url is fetched from the db and passed to parse_url(), parse_url() will think the # denotes a fragment. clean_url() needs context to know whether the url should be prepared for display or save. Attached patch adds a context arg to clean_url() and uses it in widgets. We'll probably need to have a separate function to clean urls for the db so that it can be used in filters that expect the callback function to take one argument. clean_url calls for author, link, and link RSS urls need to be audited.

Attachments

clean_url.diff Download (1.7 KB) - added by ryan 5 years ago.
sanitize_url.diff Download (3.0 KB) - added by ryan 4 years ago.

Change History

ryan5 years ago

comment:1   foolswisdom5 years ago

  • Keywords has-patch added

ryan4 years ago

comment:2   ryan4 years ago

New patch introduces sanitize_url for sanitizing on the way to the DB. Default filters for URLs use sanitize_url() when saving to DB and clean_url() when displaying.

comment:3   ryan4 years ago

  • Status changed from new to closed
  • Resolution set to fixed

(In [6182]) Add sanitize_url. Don't convert ampersands in URLs when saving to DB. fixes #4411 for trunk

comment:4   ryan4 years ago

(In [6183]) Add sanitize_url. Don't convert ampersands in URLs when saving to DB. fixes #4411 for 2.3

comment:5   ryan4 years ago

  • Milestone changed from 2.4 to 2.3.1
Note: See TracTickets for help on using tickets.