[wp-trac] [WordPress Trac] #13051: admin_url() and site_url() shouldn't need esc_url()
WordPress Trac
wp-trac at lists.automattic.com
Mon May 3 21:04:15 UTC 2010
#13051: admin_url() and site_url() shouldn't need esc_url()
--------------------------+-------------------------------------------------
Reporter: alexkingorg | Owner: ryan
Type: defect (bug) | Status: new
Priority: normal | Milestone: 3.1
Component: Security | Version: 3.0
Severity: normal | Keywords: needs-patch early
--------------------------+-------------------------------------------------
Comment(by westi):
Replying to [comment:17 alexkingorg]:
> Something seems odd here. In the example above:
>
> {{{http://example.com/wp-admin/edit.php#038;action=edit}}}
>
> That should be a question mark (?), not an ampersand. However the entity
(#038;) is for an ampersand.
>
> When we reviewed the redirects, we saw that none of them actually used
ampersands, though a dozen or so used question marks.
>
> Why would this:
>
> {{{wp_redirect( admin_url( 'edit.php?action=edit' ) );}}}
>
> result in a URL like this:
>
> {{{http://example.com/wp-admin/edit.php#038;action=edit}}}
>
> or, with the entity unencoded:
>
> {{{http://example.com/wp-admin/edit.php&action=edit}}}
>
The url has lost a bit more in the processing too.
The actual stuff passed to admin_url is more like:
{{{edit.php?post_type=post&id=1&action=edit}}}
--
Ticket URL: <http://core.trac.wordpress.org/ticket/13051#comment:22>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list