[wp-hackers] wp_nonce_url and &

DD32 wordpress at dd32.id.au
Mon Aug 20 03:44:39 GMT 2007


Hi all,
Just a question about wp_nonce_url,
I've noticed several places through the sourcecode where & is used  
within urls to make them XHTML compatible i assume.
However, after just noncing my urls for a plugin, i've noticed that &  
doesnt seem to work correctly in a link, yet is used by WP in places, eg:

$activate_link =  
wp_nonce_url("themes.php?action=activate&template=$template&stylesheet=$stylesheet",  
'switch-theme_' . $template);

results in this:
themes.php?action=activate&amp&template=TEST_TEMPLATE&stylesheet=TEST_SHEET&_wpnonce=d1abcfcd17

Which is then interpated as this: (At least in Opera)
http://localhost/themes.php?action=activate&amp&template=TEST_TEMPLATE&stylesheet=TEST_SHEET&_wpnonce=d1abcfcd17

Is it expected behaviour that wp_nonce_url should only accept a string  
line "page.php?a=b&c=d", or should it also be supporting  
"page.php?a=b&c=d"

D
-- 
Using Opera's revolutionary e-mail client: http://www.opera.com/mail/


More information about the wp-hackers mailing list