Make WordPress Core

Opened 11 years ago

Closed 10 years ago

Last modified 10 years ago

#4411 closed defect (bug) (fixed)

clean_url() should not encode ampersands on the way to the db

Reported by: ryan Owned by: ryan
Milestone: 2.3.1 Priority: normal
Severity: normal Version: 2.2
Component: Administration Keywords: has-patch
Focuses: Cc:


clean_url() replaces ampersands with &. This is fine when the url is being echoed, but not when the url is being saved to the db. If the encoded url is fetched from the db and passed to parse_url(), parse_url() will think the # denotes a fragment. clean_url() needs context to know whether the url should be prepared for display or save. Attached patch adds a context arg to clean_url() and uses it in widgets. We'll probably need to have a separate function to clean urls for the db so that it can be used in filters that expect the callback function to take one argument. clean_url calls for author, link, and link RSS urls need to be audited.

Attachments (2)

clean_url.diff (1.7 KB) - added by ryan 11 years ago.
sanitize_url.diff (3.0 KB) - added by ryan 10 years ago.

Download all attachments as: .zip

Change History (7)

11 years ago

#1 @foolswisdom
11 years ago

  • Keywords has-patch added

10 years ago

#2 @ryan
10 years ago

New patch introduces sanitize_url for sanitizing on the way to the DB. Default filters for URLs use sanitize_url() when saving to DB and clean_url() when displaying.

#3 @ryan
10 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [6182]) Add sanitize_url. Don't convert ampersands in URLs when saving to DB. fixes #4411 for trunk

#4 @ryan
10 years ago

(In [6183]) Add sanitize_url. Don't convert ampersands in URLs when saving to DB. fixes #4411 for 2.3

#5 @ryan
10 years ago

  • Milestone changed from 2.4 to 2.3.1
Note: See TracTickets for help on using tickets.