WordPress.org

Make WordPress Core

Ticket #13051: patch2.diff

File patch2.diff, 1.1 KB (added by alexkingorg, 5 years ago)

Unescape encoded ampersands in wp_sanitize_redirect

  • pluggable.php

     
    904904        // remove %0d and %0a from location 
    905905        $strip = array('%0d', '%0a', '%0D', '%0A'); 
    906906        $location = _deep_replace($strip, $location); 
     907        // convert any & to & 
     908        $location = str_replace(array('&', '#038;'), '&', $location); 
    907909        return $location; 
    908910} 
    909911endif; 
  • functions.php

    
            
     
    18681868 * @return string URL with nonce action added. 
    18691869 */ 
    18701870function wp_nonce_url( $actionurl, $action = -1 ) { 
    1871         $actionurl = str_replace( '&', '&', $actionurl ); 
    1872         return esc_html( add_query_arg( '_wpnonce', wp_create_nonce( $action ), $actionurl ) ); 
     1871        // $actionurl = str_replace( array('&', '&038;'), '&', $actionurl ); 
     1872        return esc_html( wp_sanitize_redirect( add_query_arg( '_wpnonce', wp_create_nonce( $action ), $actionurl ) ) ); 
    18731873}