[wp-trac] [WordPress Trac] #22666: When evaluating path in get_*_url(), '..' can match the query string
WordPress Trac
noreply at wordpress.org
Sat Dec 1 00:34:36 UTC 2012
#22666: When evaluating path in get_*_url(), '..' can match the query string
-----------------------------+--------------------------
Reporter: wonderboymusic | Type: defect (bug)
Status: new | Priority: normal
Milestone: Awaiting Review | Component: Permalinks
Version: | Severity: normal
Keywords: has-patch |
-----------------------------+--------------------------
http://nacins-beard.com/gallery/?s=... is a valid URL. A common way to
generate it and URLs like it is:
{{{
home_url( '/gallery/?s=..' )
}}}
This will return:
{{{
http://nacins-beard.com
}}}
Why? Because most of the get_*_url functions check for .. on the entire
URI, not limited to the path. My patch fixes this and uses a function that
all of the url functions share, eliminating a bunch of dupe'd code.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/22666>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list