#8587 closed defect (bug) (fixed)
Wrong redirect after deleting comment...
Reported by: | Caspie | Owned by: | |
---|---|---|---|
Milestone: | 2.8 | Priority: | normal |
Severity: | major | Version: | 2.7 |
Component: | Comments | Keywords: | has-patch developer-feedback |
Focuses: | Cc: |
Description
Only when there are cyrillic letters in the post slug.
- Go to single post and hit Edit link on some comment.
- Delete the comment with the button from the "Status" section in "Edit Comment"
- It redirects but removes all the cyrillic letters from the post slug.
Check out the images.
Attachments (4)
Change History (25)
#3
@
15 years ago
- Milestone changed from 2.7.2 to 2.8
- Severity changed from normal to major
nah, his sounds more like something is getting over-sanitized. It's almost certainly caused by r9592.
#4
@
15 years ago
- Resolution set to fixed
- Status changed from new to closed
Tested. This is not reproduceable with 2.8 bleeding. Looks Fixed to me.
#5
@
15 years ago
I'm definitely getting issues with a post titled:
Quisque общественных Dolor
But it looks more related to international permalink problems (covered in a separate ticket) than anything.
#6
@
15 years ago
my subject line was: the cyrillic І К Л М Н Ѯ О П Ч
text was: make me wonder. the cyrillic І К Л М Н Ѯ О П Ч
will try to reproduce with your code (testing against 2.8 trunk).
#8
@
15 years ago
r9592 is not the problem. testing with that referrer: http://192.168.2.106/worpress-trunk/2009/04/29/quisque-%d0%be%d0%b1%d1%89%d0%b5%d1%81%d1%82%d0%b2%d0%b5%d0%bd%d0%bd%d1%8b%d1%85-dolor/comment-page-1/
and cleanurl and stripslashes do not make any probs with that.
anyway an attr() should be added on that line.
#10
@
15 years ago
- Keywords has-patch developer-feedback added
Found the Bug. Zapped. Tested. Fixed. Please Review.
#13
follow-up:
↓ 21
@
15 years ago
- Resolution fixed deleted
- Status changed from closed to reopened
aren't we double escaping with attr(clean_url($url)) in r11120?
#14
@
15 years ago
I thought that clean_url was turning & into & already. Re-close as fixed if not, else I believe that part needs to be reverted.
#16
follow-up:
↓ 17
@
15 years ago
shure that clean_url properly sanitizes user input injected via the referrer header?
#17
in reply to:
↑ 16
@
15 years ago
Replying to hakre:
shure that clean_url properly sanitizes user input injected via the referrer header?
clean_url outputs what it's name suggests: a cleaned up url. :-)
#18
@
15 years ago
clean_url is a gemischtwarenladen* for "whatever URL". kinda filtering but it does not know for what exactly it is filtering. it even ignores the most basic things of an URL as describben in RFC1738.
within wordpress it is widely used for attribute values but might be unfitting there. normally that means, it needs additional processing, like done with attr(). anyway, it is common sense with wordpress developing not to do so (right now), so please leave this buggy but closed.
*gemischtwarenladen: german metaphor, no idea in english. "pick and mix" attitude maybe?
#19
follow-up:
↓ 20
@
15 years ago
Let's open a separate ticket for that. My personal take would be that it should *not* encode the &. (In which case the attr() call becomes valid.) But it's a personal taste...
#20
in reply to:
↑ 19
@
15 years ago
Replying to Denis-de-Bernardy:
Let's open a separate ticket for that. My personal take would be that it should *not* encode the &. (In which case the attr() call becomes valid.) But it's a personal taste...
yeah nothing to get clear for 2.8. & is already encoded. that is xhtml encoding of an URL.
Step 1