WordPress.org

Make WordPress Core

Opened 4 years ago

Closed 4 years ago

#10991 closed defect (bug) (fixed)

wp_loginout() encoding problem

Reported by: neoxx Owned by: westi
Milestone: 2.9 Priority: normal
Severity: normal Version: 2.8.4
Component: General Keywords: wp_loginout, encoding, user-feedback
Focuses: Cc:

Description

Hi,

Just a quick note: URLs containing a '+' (e.g. representing an and in a chain of tags) fail as redirect in wp_loginout() in Firefox. If tested the behavior in IE8 and Opera 10 and there it seems to work. Maybe the latter two are doing automatic url-encoding?

Anyway, I've used

str_replace('+', '%2B', $_SERVER['REQUEST_URI']);

as a quick-and-dirty fix but - if I'm right - I think we need something more decent.

greetz,
berny

Attachments (1)

10991.patch (479 bytes) - added by Utkarsh 4 years ago.

Download all attachments as: .zip

Change History (6)

comment:1 dwright4 years ago

  • Keywords user-feedback added

Can you list how to recreate this bug?

Demonstrate, 'fail as redirect'

comment:2 neoxx4 years ago

Sure, using wp_loginout to redirect to /tags/tag1+tag2+tag3/ results in

http://www.mydomain.com/wp-login.php?redirect_to=http%3A%2F%2Fwww.mydomain.com%2Ftags%2Ftag1+tag2+tag3%2F&_wpnonce=xxx

Firefox (3.5.5) removes the + and redirects to /tags/tag1tag2tag3/ which results in a 404.

When using the str_replace as mentioned above to replace the + with %2B prior to processing the link with wp_loginout, the function will produce the link below.

http://www.mydomain.com/wp-login.php?redirect_to=http%3A%2F%2Fwww.mydomain.com%2Ftags%2Ftag1%252Btag2%252Btag3%2F&_wpnonce=xxx

This will generate a working redirect link like

http://www.mydomain.com/tags/tag1%2Btag2%2Btag3/

Utkarsh4 years ago

comment:3 Utkarsh4 years ago

The patch should fix this.
Pardon me if anything is wrong, it's my first patch for WP core. Not used to the procedure here.

comment:4 westi4 years ago

  • Owner set to westi
  • Status changed from new to accepted

Welcome and thank you for the patch.

This looks like the correct solution here as we do urlencode the redirect url in wp_login_url but not wp_logout_url.

comment:5 westi4 years ago

  • Resolution set to fixed
  • Status changed from accepted to closed

(In [12340]) Urlencode the redirect url for the logout links as well as login in links. Fixes #10991 props Utkarsh.

Note: See TracTickets for help on using tickets.