#4884 closed defect (bug) (fixed)
wp_nonce_url() is generating broken URLs
Reported by: | Viper007Bond | Owned by: | markjaquith |
---|---|---|---|
Milestone: | 2.3 | Priority: | highest omg bbq |
Severity: | blocker | Version: | 2.3 |
Component: | General | Keywords: | |
Focuses: | Cc: |
Description
wp_nonce_url()
is generating bad URLs. For example, here is the activation URL for the "Hello Dolly" plugin:
plugins.php?action=activate&amp%3Bplugin=hello.php&_wpnonce=fbb5d56d32
Clicking that link takes you to a nonce confirmation screen which after clicking "Yes", leaves you without the action being taken (in this case, the plugin being activated).
PHP v5.2.1
Latest WP SVN ([6001])
WAMP environment
All plugins disabled
Attachments (1)
Change History (10)
#2
@
17 years ago
If the _http_build_query()
we currently is the problem, I just attached a version from the PHP_Compat project at php.net. It should replicate the PHP5 function perfectly.
#4
follow-up:
↓ 5
@
17 years ago
- Status changed from new to assigned
The PEAR one has issues (don't remember what -- just remember that it give different results than PHP5's function). [6005] should have fixed this, although I might end up moving that fix up the line to wp_nonce_url()
And this issue happens on PHP5 hosts, so it's not an issue with the compat function, but with http_build_query()
's handling of &
At any rate, &
doesn't belong in a URL until we're ready to output it to HTML. I wouldn't expect http_build_query()
to handle that. I'm going to leave this ticket open and track the issue here, as most of the instances I've found are using wp_nonce_url()
#5
in reply to:
↑ 4
@
17 years ago
Replying to markjaquith:
And this issue happens on PHP5 hosts, so it's not an issue with the compat function
Oh, dur. lol
#6
@
17 years ago
Still broken for plugins in subdirectories due to the slash.
plugins.php?action=deactivate&plugin=templatedia%252Ftemplatedia.php&_wpnonce=a1dd0b09dd
[5999] probably is the cause.