Opened 9 years ago
Closed 8 years ago
#34352 closed defect (bug) (fixed)
Differences in encoding between wp_login_url and wp_logout_url
Reported by: | akibjorklund | Owned by: | DrewAPicture |
---|---|---|---|
Milestone: | 4.6 | Priority: | normal |
Severity: | normal | Version: | |
Component: | Login and Registration | Keywords: | has-patch |
Focuses: | docs | Cc: |
Description
wp_login_url()
does return a HTML encoded URL, because it uses wp_nonce_url()
, which calls esc_html()
.
wp_logout_url()
on the other hand does return a unencoded URL. You can see that more clearly, if you add a second parameter true
to the function call, which leads to a second URL parameter being added and in practice to a use of unencoded ampersand. This is a less common use of the function, so the problem is not seen that often.
Those two functions are often used together, so the inconsistency between them can easily result in using them wrong.
Since it is not feasible to change wp_logout_url()
to return encoded URLs, the difference should the very least be clearly documented in the doc block of both functions.
Related: #20771