[wp-trac] [WordPress Trac] #40728: Added urlencode on wp_lostpassword_url()
WordPress Trac
noreply at wordpress.org
Sat May 27 22:25:29 UTC 2017
#40728: Added urlencode on wp_lostpassword_url()
------------------------------------+-----------------------------
Reporter: adhun | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 4.8.1
Component: Login and Registration | Version: trunk
Severity: normal | Resolution:
Keywords: has-patch | Focuses: administration
------------------------------------+-----------------------------
Changes (by jnylen0):
* severity: critical => normal
* milestone: Awaiting Review => 4.8.1
Comment:
Ok, thanks for the clarification. Which shared host is this? It would
help to know how common this problem is.
In any case, I'm setting this ticket back to `normal` as this is a broken
server configuration. `/` characters are specifically allowed in query
strings [https://tools.ietf.org/html/rfc3986#section-3.4 per RFC 3986]:
> The query component is indicated by the first question mark ("?")
character and terminated by a number sign ("#") character or by the end of
the URI.
>
> query = *( pchar / "/" / "?" )
>
> The characters slash ("/") and question mark ("?") may represent data
within the query component. Beware that some older, erroneous
implementations may not handle such data correctly when it is used as the
base URI for relative references (Section 5.1), apparently because they
fail to distinguish query data from path data when looking for
hierarchical separators.
Even though this '''should''' work everywhere, it obviously doesn't work
sometimes, and this is noted in the RFC, so I don't see the harm in adding
`urlencode`. Milestoning for 4.8.1 for discussion.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/40728#comment:8>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list