WordPress.org

Make WordPress Core

Opened 6 years ago

Closed 6 years ago

Last modified 5 years ago

#5391 closed defect (bug) (invalid)

Anchor tag, href attribute needs entity & convert to & for proper URL

Reported by: johnathan10102 Owned by:
Milestone: Priority: normal
Severity: normal Version: 2.3.1
Component: General Keywords: URL entity amperstand
Focuses: Cc:

Description

When a comment/post is passed through the HTML/XHTML filter, kses.php, the URL of an anchor tag, href attribute needs the HTML entity for the ampersand needs to be converted to character form.

Example, A user posts a comment to a blog post.

Input : Hey check my gallery too! <a href="http://hissite.com/index.php?page=art&work=23">Gallery!</a>
Output : Hey check my gallery too! <a href="http://hissite.com/index.php?page=art&amp;work=23">Gallery!</a>

Now the url to his gallery is broken :/. Its no longer $_GETwork? rather $_GETamp;work?.

I have created a patch for this though.


--- kses.php.old 2007-11-26 18:32:44.000000000 -0500
+++ kses.php 2007-11-26 18:36:57.000000000 -0500
@@ -546,7 +546,8 @@

# fooled by a string like "javascript:javascript:alert(57)".
###############################################################################
{

  • $string = wp_kses_no_null($string);

+ $string = wp_kses_no_null($string);
+ $string = str_replace("&amp;", "&", $string);

$string = preg_replace('/\xad+/', , $string); # deals with Opera "feature"
$string2 = $string.'a';


Change History (2)

comment:1 johnathan101026 years ago

  • Resolution set to invalid
  • Status changed from new to closed

comment:2 lloydbudd6 years ago

  • Milestone 2.5 deleted
Note: See TracTickets for help on using tickets.