WordPress.org

Make WordPress Core

Opened 6 years ago

Closed 5 years ago

#5663 closed defect (bug) (duplicate)

URL sanitization is too restrictive

Reported by: nbachiyski Owned by: ryan
Milestone: Priority: low
Severity: minor Version:
Component: Permalinks Keywords: needs-patch early
Focuses: Cc:

Description

Url sanitization is too strict, it allows only character from the following class: [^a-z0-9-~+_.?#=!&;,/:%@]

A URL can contain every possible character, so we shouldn't strip them, but just escape accordingly.

Change History (3)

comment:1 Denis-de-Bernardy5 years ago

  • Keywords needs-patch early added

See also: #9591

comment:2 Denis-de-Bernardy5 years ago

  • Component changed from General to Permalinks
  • Owner changed from anonymous to ryan
  • Priority changed from normal to low
  • Severity changed from normal to minor

comment:3 ryan5 years ago

  • Milestone 2.9 deleted
  • Resolution set to duplicate
  • Status changed from new to closed

We've opened to many more characters since this ticket was opened. Closing as a dupe.

Note: See TracTickets for help on using tickets.