WordPress.org
Get WordPress

Make WordPress Core

Opened 13 years ago

Closed 13 years ago

#22666 closed defect (bug) (fixed)

When evaluating path in get_*_url(), '..' can match the query string

Reported by: wonderboymusic's profile wonderboymusic Owned by:
Milestone: 3.6 Priority: normal
Severity: normal Version:
Component: Permalinks Keywords: has-patch
Focuses: Cc:

Description

http://nacins-beard.com/gallery/?s=... is a valid URL. A common way to generate it and URLs like it is:

home_url( '/gallery/?s=..' )

This will return:

http://nacins-beard.com

Why? Because most of the get_*_url functions check for .. on the entire URI, not limited to the path. My patch fixes this and uses a function that all of the url functions share, eliminating a bunch of dupe'd code.

Attachments (1)

dot-dot.diff (6.5 KB) - added by wonderboymusic 13 years ago.

Download all attachments as: .zip

Change History (8)

@wonderboymusic
13 years ago

#1 @nacin
13 years ago

add_to_path() sounds a bit like join_with_slashes(), see #19796 for patches.

#2 @wonderboymusic
13 years ago

  • Milestone changed from Awaiting Review to 3.6

join_with_slashes never made it into 3.5 - add_path_to_url works generically with any URL that already has a path or not and the passed path. The main point of it: it condenses code that is repeated all over the place (10 other functions!), and join_with_slashes does not.

#3 @wonderboymusic
13 years ago

#23098 was marked as a duplicate.

#4 @DrewAPicture
13 years ago

  • Cc xoodrew@… added
Last edited 13 years ago by DrewAPicture (previous) (diff)

#5 @DrewAPicture
13 years ago

Rereading dot-dot.diff, wouldn't you want to require $url? set_url_scheme() is going to return a formed host regardless but the path will only be appended if it both exists and is valid.

#6 @SergeyBiryukov
13 years ago

Related: #19032

Appears to be fixed in [23537].

#7 @nacin
13 years ago

  • Resolution set to fixed
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.