Opened 18 years ago
Last modified 23 months ago
#3329 accepted defect (bug)
Need to strip % from the auto-permalink in the editor.
Reported by: | Heyneken | Owned by: | pishmishy |
---|---|---|---|
Milestone: | Future Release | Priority: | normal |
Severity: | normal | Version: | 2.0 |
Component: | Permalinks | Keywords: | has-patch needs-refresh needs-unit-tests 2nd-opinion |
Focuses: | Cc: |
Description
I made an article with "x = 18,98 * y - %10" as title, and this generated http://www.example.com/blog/2006/11/03/x-1898-y-%10/ which doesn't work.
Attachments (1)
Change History (31)
#1
@
18 years ago
- Milestone set to 2.1
- Summary changed from Url wrong generated if topic has % symbol to %postname% permalink wrong generated if title has %[digit][digit]
- Version changed from 2.0.4 to 2.0.5
#4
@
17 years ago
- Owner changed from anonymous to pishmishy
- Status changed from new to assigned
Bug still present. A page called %10 which should have something like
http://www.littledog.org.uk/trunk/2008/01/31/%2510/
as a permalink, has the_permalink() returning
/2008/01/14/x-1898-y-%10/
#5
@
17 years ago
Looking at $rewritereplace it appears that $post->post_name is stored as x-1898-y-%10 in the database and not %10.
#6
@
17 years ago
Problem appears to be rooted in sanitize_title()
sanitize_title("%10") == "x-1898-y-%10"
#7
@
17 years ago
Traced to sanitize_title_with_dashes() - this is the code that causes the bug.
// Preserve escaped octets. $title = preg_replace('|%([a-fA-F0-9][a-fA-F0-9])|', '---$1---', $title); // Remove percent signs that are not part of an octet. $title = str_replace('%', '', $title); // Restore octets. $title = preg_replace('|---([a-fA-F0-9][a-fA-F0-9])---|', '%$1', $title);
We could remove that code and apply urlencode($post->post_name) in get_permalink's $rewritereplace but the permalinks seems to point to an archive page instead of a post. Any ideas?
#10
@
17 years ago
- Keywords has-patch sanitize post_name slug added
The attached patch handles % in post slugs by urlencoding them rather than manually attempting to encode them as sanitize_title_with_dashes() attempted.
#11
@
16 years ago
- Component changed from Administration to JavaScript
- Keywords dev-feedback added; sanitize post_name slug removed
- Summary changed from %postname% permalink wrong generated if title has %[digit][digit] to autosave breaks and %postname% permalink wrong generated if title has %[digit][digit]
still current, and creating a post with such a title will also break the javascript in trunk. It also returns an error when you seek to save the draft.
#13
@
15 years ago
- Component changed from JavaScript to Editor
- Keywords needs-review removed
I am unable to reproduce with default permalink structure (?p=stuff) which is well - actually known I guess. Switching to nicer "Month and name" setting reveals the bug still is in.
It is not possible to modify the permalink with the inplace editor.
It is not possible to fix it manually by adding a percentage sign to the permalik title in the inplace editor.
The cause of the problem is a function called sanitize_title() (called in get_sample_permalink()). Not itself but the filters it calls then:
$title = apply_filters('sanitize_title', $title, $raw_title);
With the current design of wordpress this bug will never be fixed. % is not an allowed char in a slug, it's not filtered out because of some other bug leaving this open for %[0-9]{2,} matches. the slug need propper filtering first.
This is not a javascript related issue firsthand.
The existing patch is misleading IMHO.
My Suggestion: Wontfix.
#17
@
13 years ago
Although I get a weird ? in a black box icon Using a title Test %84 the following worked for me in trunk,
1) Slug was generated.
2) Auto Draft worked.
3) Auto Draft continued to Save.
4) Post published
5) Permalink Worked.
#19
@
13 years ago
- Keywords needs-refresh added; has-patch removed
- Summary changed from autosave breaks and %postname% permalink wrong generated if title has %[digit][digit] to Need to strip % from the auto-permalink in the editor.
Changing Title for better clarity.
#20
@
13 years ago
thee17, if you are still testing, could you also check what happens if you manually edit the slug and put a % in it? Because, if the %2f or %25 or whatever can still be injected, then it is not adequate to just strip in the slug generator, it would also be necessary to either strip or encode the manual inputs for any new slug.
#21
@
13 years ago
From what I am reading is the sanitation for both cases go through the same function.
#30
@
23 months ago
- Keywords 2nd-opinion added
Just to recap all the discussion in those years in this ticket with also https://core.trac.wordpress.org/ticket/25021
- The patch attached use https://www.php.net/manual/en/function.urlencode.php to generate the permalink and also in WP_Query for the
name
search - Remove some sanitization like #25021 patch in
sanitize_title_with_dashes
- The other ticket mention to test if breaks something with
sanitize_title_for_query
So we have 2 issues, one is to sanitize the post title and another one do the same for the permalink.
To proceed, we need to test also the search in the database with this sanitization and probably for backwards compatibility too.
I tested on latest 6.2 alpha and everything is working, the URL is generated http://trunk.wordpress.test/x-1898-y-%10/ in Firefox and Chrome works. Probably because now there is a better support for punycode and unicode also in the URLs?
So I am not sure if this is still an issue after all those years.
Maybe adding just a test to verify if URL with %10
works can simplify everything?
Heyneken thank you for reporting this problem! Thank you for participating in WordPress development!
ENV: WP 2.0.5 reproduced problem
Also WP trunk r4449 repro problem
The bug seems to be caused if the percentage symbol followed by two or more digits.