[wp-trac] [WordPress Trac] #36397: add_query_arg doesn't work with numbered html entities
WordPress Trac
noreply at wordpress.org
Fri Apr 1 13:36:26 UTC 2016
#36397: add_query_arg doesn't work with numbered html entities
--------------------------+-----------------------------
Reporter: omarreiss | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Formatting | Version: trunk
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
In #20771 we'd like to use `esc_url` instead of `esc_html` to escape the
url that is generated by `wp_nonce_url`. Unfortunately this is currently
not possible because `add_query_arg` has some buggy behavior with regard
to its dealing with hashes in urls. I am creating this ticket to deal with
that issue separately.
`add_query_arg` searches for the first hash in a url and cuts everything
that comes after it from the url as the hashfragment and appends it back
at the end of the operation. There are two problems with this:
1. No hash found in the url necessarily indicates a hashfragment. It could
also indicate a numbered html entity.
2. If there are multiple hashes in the url, we should probably only look
at the last hash present to find a possible hashfragment.
This can for instance become a problem when we use`esc_url` on a url with
more than one parameter. `esc_url` escapes ampersands by replacing them
with their numbered html entity equivalents; `#038;`
When I now want to use `add_query_arg` on such a url, the parameters get
moved to the end of the url because it thinks everything after the second
parameter is a hashfragment.
I am adding a patch with a some passing and some failing testcases that
cover this issue. I am also adding a patch that takes care of the issue of
multiple hashes in the url and fixes the issue for ampersands, which
should unblock #20771 if it were committed.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/36397>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list