WordPress.org

Make WordPress Core

Opened 4 years ago

Closed 4 years ago

#12126 closed defect (bug) (fixed)

XHTML well-formedness: ampersand in building query

Reported by: brettz95 Owned by:
Milestone: 3.0 Priority: normal
Severity: minor Version:
Component: General Keywords: has-patch
Focuses: Cc:

Description

In /wp-admin/edit-form-advanced.php, after making a submission, preview=true was set (line 48), but its unescaped ampersand caused an error in application/xhtml+xml . Following add_query_arg(), to /wp-includes/functions.php, and in turn to build_query() where the ampersand is added (and which goes to _http_build_query in /wp-includes/compat.php where the separator argument, here the ampersand, is used (unmodified) as the glue in an implode). XML requires ampersands to be escaped, so changing "&" to "&" (as in the patch) fixes the issue.

Attachments (1)

includes_functions.patch (828 bytes) - added by brettz95 4 years ago.
Patch fixes application/xhtml+xml issue

Download all attachments as: .zip

Change History (4)

brettz954 years ago

Patch fixes application/xhtml+xml issue

comment:1 scribu4 years ago

  • Keywords has-patch added
  • Milestone changed from Unassigned to 3.0

comment:2 scribu4 years ago

  • Severity changed from normal to minor

comment:3 nacin4 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [14137]) Escape some permalinks. add_query_arg will &, not &, so we need to use esc_url those when used in an attribute. fixes #12126.

Note: See TracTickets for help on using tickets.