[wp-trac] [WordPress Trac] #40728: Added urlencode on wp_lostpassword_url()
WordPress Trac
noreply at wordpress.org
Sat May 27 02:17:45 UTC 2017
#40728: Added urlencode on wp_lostpassword_url()
------------------------------------+------------------------------
Reporter: adhun | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Login and Registration | Version: trunk
Severity: critical | Resolution:
Keywords: has-patch | Focuses: administration
------------------------------------+------------------------------
Comment (by adhun):
Replying to [comment:6 jnylen0]:
> > not safe on all kind of servers.
>
> On what server setups does this break?
I was working on a shared hosting with Apache Version 2.2.32, PHP Version
5.6.30.
It was throwing 404 error when I tried to access a URL with a slash on GET
parameter list.
When I applied urlencode() for the URL passing through GET parameter it
fixed the issue.
For instance, in a query string, the ampersand (&) is used as a separator
between key-value pairs. If you were to put an ampersand into one of those
values, it would look like the separator between the end of a value and
the beginning of the next key. So for special characters like this, we use
percent encoding so that we can be sure that the data is unambiguously
encoded.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/40728#comment:7>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list