[wp-trac] [WordPress Trac] #18818: wp_sanitize_redirect() kills "@" in URL's
WordPress Trac
wp-trac at lists.automattic.com
Thu Sep 29 18:52:36 UTC 2011
#18818: wp_sanitize_redirect() kills "@" in URL's
-----------------------------+-----------------------------
Reporter: theandystratton | Owner: theandystratton
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 3.2.1
Severity: normal | Keywords:
-----------------------------+-----------------------------
We had a URL like:
http://site.com/path/to/page?email=theandystratton@gmail.com
WP 301's to
http://site.com/path/to/page/?email=theandystratton@gmail.com
But wp_redirect()'s call to wp_sanitize_redirect() kills the "@" symbol.
The reason for this being that a theme/plugin could be using query string
arguments for something (i.e. form that accepts pre-populated input via
query string, like an email address or arbitrary text).
This could have been an oversight OR it could be on purpose, if so, would
like to know (I'd assume a security reason).
--
Ticket URL: <http://core.trac.wordpress.org/ticket/18818>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list