Make WordPress Core

Opened 6 years ago

Closed 6 years ago

#9817 closed defect (bug) (fixed)

wp_login_url() doesn't urlencode() the redirect value

Reported by: Viper007Bond Owned by:
Milestone: 2.8 Priority: normal
Severity: normal Version: 2.8
Component: General Keywords: has-patch needs-testing
Focuses: Cc:


To reproduce:

  1. Log out of your dev blog.
  2. Visit http://yoursite.com/wp-admin/index.php?foo=bar&test=ing&word=press.
  3. You will be redirected to http://yoursite.com/wp-login.php?redirect_to=http://yoursite.com/wp-admin/index.php?foo=bar&test=ing&word=press.
  4. After logging in, you will end up at http://yoursite.com/wp-admin/index.php?foo=bar due to the lack of URL encoding in the redirect_to value.

Attached patch urlencode()'s the value so that the redirect works properly.

Attachments (1)

9817.patch (535 bytes) - added by Viper007Bond 6 years ago.

Download all attachments as: .zip

Change History (4)

@Viper007Bond6 years ago

comment:1 @Viper007Bond6 years ago

Hmm, perhaps add_query_arg() should urlencode() instead...

comment:2 @ryan6 years ago

  • Milestone changed from Unassigned to 2.8

comment:3 @ryan6 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [11328]) urlencode login redirect. Props Viper007Bond. fixes #9817

Note: See TracTickets for help on using tickets.