[wp-trac] [WordPress Trac] #13051: admin_url() and site_url() shouldn't need esc_url()

WordPress Trac wp-trac at lists.automattic.com
Mon May 3 21:04:15 UTC 2010


#13051: admin_url() and site_url() shouldn't need esc_url()
--------------------------+-------------------------------------------------
 Reporter:  alexkingorg   |       Owner:  ryan             
     Type:  defect (bug)  |      Status:  new              
 Priority:  normal        |   Milestone:  3.1              
Component:  Security      |     Version:  3.0              
 Severity:  normal        |    Keywords:  needs-patch early
--------------------------+-------------------------------------------------

Comment(by westi):

 Replying to [comment:17 alexkingorg]:
 > Something seems odd here. In the example above:
 >
 > {{{http://example.com/wp-admin/edit.php#038;action=edit}}}
 >
 > That should be a question mark (?), not an ampersand. However the entity
 (#038;) is for an ampersand.
 >
 > When we reviewed the redirects, we saw that none of them actually used
 ampersands, though a dozen or so used question marks.
 >
 > Why would this:
 >
 > {{{wp_redirect( admin_url( 'edit.php?action=edit' ) );}}}
 >
 > result in a URL like this:
 >
 > {{{http://example.com/wp-admin/edit.php#038;action=edit}}}
 >
 > or, with the entity unencoded:
 >
 > {{{http://example.com/wp-admin/edit.php&action=edit}}}
 >

 The url has lost a bit more in the processing too.

 The actual stuff passed to admin_url is more like:

 {{{edit.php?post_type=post&id=1&action=edit}}}

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/13051#comment:22>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list