#5391 closed defect (bug) (invalid)
Anchor tag, href attribute needs entity & convert to & for proper URL
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Priority: | normal | |
| Severity: | normal | Version: | 2.3.1 |
| Component: | General | Keywords: | URL entity amperstand |
| Focuses: | Cc: |
Description
When a comment/post is passed through the HTML/XHTML filter, kses.php, the URL of an anchor tag, href attribute needs the HTML entity for the ampersand needs to be converted to character form.
Example, A user posts a comment to a blog post.
Input : Hey check my gallery too! <a href="http://hissite.com/index.php?page=art&work=23">Gallery!</a>
Output : Hey check my gallery too! <a href="http://hissite.com/index.php?page=art&work=23">Gallery!</a>
Now the url to his gallery is broken :/. Its no longer $_GETwork? rather $_GETamp;work?.
I have created a patch for this though.
--- kses.php.old 2007-11-26 18:32:44.000000000 -0500
+++ kses.php 2007-11-26 18:36:57.000000000 -0500
@@ -546,7 +546,8 @@
# fooled by a string like "javascript:javascript:alert(57)".
###############################################################################
{
- $string = wp_kses_no_null($string);
+ $string = wp_kses_no_null($string);
+ $string = str_replace("&", "&", $string);
$string = preg_replace('/\xad+/', , $string); # deals with Opera "feature"
$string2 = $string.'a';