WordPress.org

Make WordPress Core

Opened 8 years ago

Closed 8 years ago

Last modified 8 years ago

#4411 closed defect (bug) (fixed)

clean_url() should not encode ampersands on the way to the db

Reported by: ryan Owned by: ryan
Milestone: 2.3.1 Priority: normal
Severity: normal Version: 2.2
Component: Administration Keywords: has-patch
Focuses: Cc:

Description

clean_url() replaces ampersands with &. This is fine when the url is being echoed, but not when the url is being saved to the db. If the encoded url is fetched from the db and passed to parse_url(), parse_url() will think the # denotes a fragment. clean_url() needs context to know whether the url should be prepared for display or save. Attached patch adds a context arg to clean_url() and uses it in widgets. We'll probably need to have a separate function to clean urls for the db so that it can be used in filters that expect the callback function to take one argument. clean_url calls for author, link, and link RSS urls need to be audited.

Attachments (2)

clean_url.diff (1.7 KB) - added by ryan 8 years ago.
sanitize_url.diff (3.0 KB) - added by ryan 8 years ago.

Download all attachments as: .zip

Change History (7)

@ryan8 years ago

comment:1 @foolswisdom8 years ago

  • Keywords has-patch added

@ryan8 years ago

comment:2 @ryan8 years ago

New patch introduces sanitize_url for sanitizing on the way to the DB. Default filters for URLs use sanitize_url() when saving to DB and clean_url() when displaying.

comment:3 @ryan8 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [6182]) Add sanitize_url. Don't convert ampersands in URLs when saving to DB. fixes #4411 for trunk

comment:4 @ryan8 years ago

(In [6183]) Add sanitize_url. Don't convert ampersands in URLs when saving to DB. fixes #4411 for 2.3

comment:5 @ryan8 years ago

  • Milestone changed from 2.4 to 2.3.1
Note: See TracTickets for help on using tickets.