[wp-trac] [WordPress Trac] #19032: home_url() malfunctions when the passed URL contains two dots in a row ("..")
WordPress Trac
wp-trac at lists.automattic.com
Mon Oct 24 06:49:10 UTC 2011
#19032: home_url() malfunctions when the passed URL contains two dots in a row
("..")
--------------------------+-----------------------------
Reporter: markjaquith | Owner:
Type: defect (bug) | Status: new
Priority: high | Milestone: Awaiting Review
Component: General | Version:
Severity: normal | Keywords:
--------------------------+-----------------------------
{{{home_url()}}} (and a bunch of other similar functions) will spit back
your WordPress Site URL if the URL/path you pass in to it has two dots
("..") in a row. It was an unexplained addition to the original code that
has persisted.
Reproduction:
{{{echo home_url( '/foo-bar/elipsis...no-work/' );}}}
Observed:
{{{http://example.com}}}
Expected:
{{{http://example.com/foo-bar/elipsis...no-work/}}}
It is due to this:
{{{
if ( !empty( $path ) && is_string( $path ) && strpos( $path, '..' ) ===
false )
$url .= '/' . ltrim( $path, '/' );
}}}
We should just remove that part of the condition. It doesn't serve any
legitimate purpose that Nacin or I can tell, and it makes legitimate URLs
with two (or more) dots fail in a very unexpected way.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/19032>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list