[wp-trac] [WordPress Trac] #58902: add_query_arg() should esc_url_raw() REQUEST_URI
WordPress Trac
noreply at wordpress.org
Tue Jul 25 17:43:33 UTC 2023
#58902: add_query_arg() should esc_url_raw() REQUEST_URI
--------------------------+------------------------------------------
Reporter: jorbin | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: 6.4
Component: Formatting | Version:
Severity: normal | Keywords: needs-patch needs-unit-tests
Focuses: |
--------------------------+------------------------------------------
add_query_arg assumes that the query argument is an acceptable query
argument. In order to help developers from accidently making a URL an
unacceptable URL.
Some related tickets: #16859, #22951, and #22300.
The security team has reviewed this and ok'd it being worked on in public.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/58902>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list