[wp-trac] [WordPress Trac] #34958: esc_url() and parse_url() do not work together.

WordPress Trac noreply at wordpress.org
Wed Dec 9 23:51:13 UTC 2015 

#34958: esc_url() and parse_url() do not work together.
-----------------------------+-----------------------------
 Reporter:  damiankaelgreen  |      Owner:
     Type:  defect (bug)     |     Status:  new
 Priority:  normal           |  Milestone:  Awaiting Review
Component:  General          |    Version:  4.4
 Severity:  normal           |   Keywords:
  Focuses:                   |
-----------------------------+-----------------------------
 Here is a strange anomaly that I just discovered. It seems that WP's
 esc_url() is modifying characters in a stringified url, somehow, ever so
 slightly, such that PHP's parse_url() can not parse it correctly.

 Here's the sample code:
 {{{#!php
 <?php
 echo "PHP version: ".phpversion()."<br>";
 global $wp_version;
 echo "WP version (4.4.0): ".$wp_version."<br>";
 $my_orig_url = '/?empty_username=1&empty_email=1#register';
 echo "-1---------Original URL as str----------:<br>".$my_orig_url."<br>";
 $my_esc_url = esc_url($my_orig_url);
 echo "-2---------Esc_URL as str----------:<br>".$my_esc_url."<br>";
 $query_str_orig = parse_url($my_orig_url);
 echo "-3--------CORRECT (query_str_orig after parse_url)--------:<br>";
 print_r($query_str_orig);
 echo "<br>";
 $query_str_esc = parse_url($my_esc_url);
 echo "-4---------WRONG (query_str_esc after parse_url)---------:<br>";
 print_r($query_str_esc);
 echo "<br>---------------END-----------------<br>";
 }}}

 PRODUCES:

 {{{
 PHP version: 5.6.16
 WP version (4.4.0): 4.4
 -1---------Original URL as str----------:
 /?empty_username=1&empty_email=1#register
 -2---------Esc_URL as str----------:
 /?empty_username=1&empty_email=1#register
 -3--------CORRECT (query_str_orig after parse_url)--------:
 Array ( [path] => / [query] => empty_username=1&empty_email=1 [fragment]
 => register )
 -4---------WRONG (query_str_esc after parse_url)---------:
 Array ( [path] => / [query] => empty_username=1& [fragment] =>
 038;empty_email=1#register )
 ---------------END-----------------
 }}}


 Truthfully, I don't know if this is the fault of the esc_url() or the
 parse_url() function definition, but if it turns out to be a problem with
 the PHP's parse_url, then I think perhaps a possible quick fix might be to
 amend WP's brand new wp_parse_url() function (as of v 4.4.0) which looks
 like it is intended to handle PHP fringe issues with parse_url() just like
 this. On the other hand, it could very well be an esc_url() issue. I
 haven't yet been able to identify what characters have changed...

 Note: This also happened on a previous version of WP 4.3.7 I think it
 was...

--
Ticket URL: <https://core.trac.wordpress.org/ticket/34958>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list