add_query_arg treats slashes inconsistently and tries to do it after urlencoding
|Reported by:||mdawaffe||Owned by:|
parse_str() adds slashes if get_magic_quotes_gpc() is true, so add_query_arg() applies stripslashes() to its output in that case.
However, not all of the query args are run through parse_str(), so add_query_arg() strips slashes from some things it should not.
The problem is magnified by the fact that add_query_arg tries to stripslashes() only after ramurlencoding much of its ouput.