[wp-trac] [WordPress Trac] #58902: add_query_arg() should esc_url_raw() REQUEST_URI
WordPress Trac
noreply at wordpress.org
Tue Oct 10 23:28:19 UTC 2023
#58902: add_query_arg() should esc_url_raw() REQUEST_URI
-------------------------------------------------+-------------------------
Reporter: jorbin | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: 6.4
Component: Formatting | Version:
Severity: normal | Resolution:
Keywords: has-patch has-testing-info has- | Focuses:
unit-tests changes-requested |
-------------------------------------------------+-------------------------
Comment (by ivanzhuck):
@oglekler
1. I moved the checkup for the issue #4903 to the end of the test
function. Now it runs only if URL passed as a parameter to
`add_query_arg()`. And doesn't run for cases when URL was taken from
$_SERVER['REQUEST_URI'] as `sinitize_url()`returns not valid value for the
line 'baz=1'as it is unacceptable URL.
2. I added a separate test case to make sure `add_query_arg()` returns
sanitized URLs
Please review
--
Ticket URL: <https://core.trac.wordpress.org/ticket/58902#comment:13>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list