Make WordPress Core

Opened 2 years ago

Closed 2 years ago

#54384 closed defect (bug) (invalid)

Hashtags not allowed with wp-login.php?redirect_to

Reported by: artifexmedia's profile artifexmedia Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Login and Registration Keywords: needs-patch close
Focuses: accessibility Cc:



With wp-login.php it is not possible to use an url with an hashtag in it, referring to what possibly would be an HTML section or an anchor tag.

For example:
Referral url:

Gets transformed into:

But all other urls, such as:

Etc., will be kept clean and have no problems at all.

The problem with this might be that you cannot write a function to redirect afterwards, as the ?redirect_to parameter gets writting directly into the hidden redirect_to <input> and will be used with the login_redirect hook.

From there, the url is already misformed.

Solution-wise, I've taken almost all Google now and all solutions have been provided but they are all solutions to redirect or change the URL after it has already been misformed because it is already being misformed while placed into the <input>, so I am out of solutions and I am pretty sure it is in fact a bug?

I do understand this might not be taken as a bug but rather as an enhancement, but I think for user accesibility - it is a bug.

Change History (3)

#1 @henry.wright
2 years ago

A # character in a URL has special meaning. It precedes the fragment component of the URL. If you want to use a # character in a URL and remove the special meaning, you should encode it. For example, # becomes %23

#2 @henry.wright
2 years ago

  • Keywords close added

#3 @johnbillion
2 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from new to closed

@artifexmedia I've tested this with a URL such as wp-login.php?redirect_to=%2Fwp-admin%2Foptions-general.php%23start_of_week (using %23 for the hash as Henry mentions) and the redirect works as expected. If you're using a PHP function to generate the redirect URL you need to use urlencode() as it's a URL query parameter.

Note: See TracTickets for help on using tickets.