[wp-trac] [WordPress Trac] #34352: Differences in encoding between wp_login_url and wp_logout_url
WordPress Trac
noreply at wordpress.org
Mon Oct 19 05:30:39 UTC 2015
#34352: Differences in encoding between wp_login_url and wp_logout_url
------------------------------------+-----------------------------
Reporter: akibjorklund | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Login and Registration | Version: trunk
Severity: normal | Keywords:
Focuses: docs |
------------------------------------+-----------------------------
`wp_login_url()` does return a HTML encoded URL, because it uses
`wp_nonce_url()`, which calls `esc_html()`.
`wp_logout_url()` on the other hand does return a unencoded URL. You can
see that more clearly, if you add a second parameter `true` to the
function call, which leads to a second URL parameter being added and in
practice to a use of unencoded ampersand. This is a less common use of the
function, so the problem is not seen that often.
Those two functions are often used together, so the inconsistency between
them can easily result in using them wrong.
Since it is not feasible to change `wp_logout_url()` to return encoded
URLs, the difference should the very least be clearly documented in the
doc block of both functions.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/34352>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list