[wp-trac] [WordPress Trac] #5391: Anchor tag,
href attribute needs entity & convert to & for proper URL
WordPress Trac
wp-trac at lists.automattic.com
Mon Nov 26 23:38:24 GMT 2007
#5391: Anchor tag, href attribute needs entity & convert to & for proper URL
----------------------------+-----------------------------------------------
Reporter: johnathan10102 | Owner: anonymous
Type: defect | Status: new
Priority: normal | Milestone: 2.5
Component: General | Version: 2.3.1
Severity: normal | Keywords: URL entity amperstand
----------------------------+-----------------------------------------------
When a comment/post is passed through the HTML/XHTML filter, kses.php, the
URL of an anchor tag, href attribute needs the HTML entity for the
ampersand needs to be converted to character form.
Example, A user posts a comment to a blog post.
Input : Hey check my gallery too! <a
href="http://hissite.com/index.php?page=art&work=23">Gallery!</a>
Output : Hey check my gallery too! <a
href="http://hissite.com/index.php?page=art&work=23">Gallery!</a>
Now the url to his gallery is broken :/. Its no longer $_GET["work"]
rather $_GET["amp;work"].
I have created a patch for this though.
--------------------------------------
--- kses.php.old 2007-11-26 18:32:44.000000000 -0500
+++ kses.php 2007-11-26 18:36:57.000000000 -0500
@@ -546,7 +546,8 @@
# fooled by a string like "javascript:javascript:alert(57)".
###############################################################################
{
- $string = wp_kses_no_null($string);
+ $string = wp_kses_no_null($string);
+ $string = str_replace("&", "&", $string);
$string = preg_replace('/\xad+/', '', $string); # deals with Opera
"feature"
$string2 = $string.'a';
--------------------------------------------
--
Ticket URL: <http://trac.wordpress.org/ticket/5391>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list