WordPress.org

Make WordPress Core

Ticket #13051: patch2.diff

File patch2.diff, 1.1 KB (added by alexkingorg, 8 years ago)

Unescape encoded ampersands in wp_sanitize_redirect

  • pluggable.php

     
    904904        // remove %0d and %0a from location
    905905        $strip = array('%0d', '%0a', '%0D', '%0A');
    906906        $location = _deep_replace($strip, $location);
     907        // convert any & to &
     908        $location = str_replace(array('&', '#038;'), '&', $location);
    907909        return $location;
    908910}
    909911endif;
  • functions.php

    
            
     
    18681868 * @return string URL with nonce action added.
    18691869 */
    18701870function wp_nonce_url( $actionurl, $action = -1 ) {
    1871         $actionurl = str_replace( '&', '&', $actionurl );
    1872         return esc_html( add_query_arg( '_wpnonce', wp_create_nonce( $action ), $actionurl ) );
     1871        // $actionurl = str_replace( array('&', '&038;'), '&', $actionurl );
     1872        return esc_html( wp_sanitize_redirect( add_query_arg( '_wpnonce', wp_create_nonce( $action ), $actionurl ) ) );
    18731873}