Make WordPress Core

Opened 19 years ago

Closed 19 years ago

Last modified 19 years ago

#2857 closed defect (bug) (fixed)

WP_Scripts->_print_scripts and add_query_arg generate invalid links

Reported by: nazgul's profile Nazgul Owned by:
Milestone: 2.1 Priority: normal
Severity: normal Version: 2.1
Component: Administration Keywords: query arguments bg|has-patch
Focuses: Cc:

Description

When a link with more than 1 parameter is generated by WP_Scripts, it's generated as http://domain.tld/somescript.js?a=1&b=2, which should be http://domain.tld/somescript.js?a=1&b=2, according to the XHTML guidelines.

Same applies to the add_query_arg function.

Attachments (2)

2857.diff (1.1 KB) - added by Nazgul 19 years ago.
2857b.diff (1.2 KB) - added by Nazgul 19 years ago.

Download all attachments as: .zip

Change History (10)

@Nazgul
19 years ago

#1 @Nazgul
19 years ago

  • Keywords bg|has-patch added

Patch which uses & instead of & to concatenate uploaded.

#2 @markjaquith
19 years ago

& should not be used within add_query_arg() function. Rather, the thing that is calling it should run wp_specialchars() on the output. We need non-encoded to be the default.

The Script Loader fix looks good, though.

@Nazgul
19 years ago

#3 @Nazgul
19 years ago

Ok. New Patch.

Instead of changing add_query_arg I changed the calling function in which I noticed the behaviour (wp_nonce_url), as you suggested.

The Script Loader fix is also included, but hasn't changed.

#4 @markjaquith
19 years ago

Looks good to me. The only potential concern is if wp_nonce_url is fed to a redirection script. e.g. wp_redirect(wp_nonce_url($url, $action));

Attn: Owen and Ryan, Is this a plausible scenario?

#5 @ryan
19 years ago

  • Version set to 2.1

[3930] fixes script-loader.

#6 @ryan
19 years ago

wp_nonce_url() is being used on URLs that are already converted, so maybe we should go ahead and specialchars within wp_nonce_url().

#7 @ryan
19 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [3973]) wp_specialchars() within wp_nonce_url(). Props Nazgul. fixes #2857

#8 @ryan
19 years ago

(In [3974]) wp_specialchars() within wp_nonce_url(). Props Nazgul. fixes #2857

Note: See TracTickets for help on using tickets.