Ticket #4411 (closed defect: fixed)

Opened 2 years ago

Last modified 1 year ago

clean_url() should not encode ampersands on the way to the db

Reported by: ryan Assigned to: ryan
Priority: normal Milestone: 2.3.1
Component: Administration Version: 2.2
Severity: normal Keywords: has-patch
Cc:

Description

clean_url() replaces ampersands with &. This is fine when the url is being echoed, but not when the url is being saved to the db. If the encoded url is fetched from the db and passed to parse_url(), parse_url() will think the # denotes a fragment. clean_url() needs context to know whether the url should be prepared for display or save. Attached patch adds a context arg to clean_url() and uses it in widgets. We'll probably need to have a separate function to clean urls for the db so that it can be used in filters that expect the callback function to take one argument. clean_url calls for author, link, and link RSS urls need to be audited.

Attachments

clean_url.diff (1.7 kB) - added by ryan on 06/05/07 23:05:54.
sanitize_url.diff (3.0 kB) - added by ryan on 10/02/07 22:02:32.

Change History

06/05/07 23:05:54 changed by ryan

  • attachment clean_url.diff added.

06/06/07 04:57:43 changed by foolswisdom

  • keywords set to has-patch.

10/02/07 22:02:32 changed by ryan

  • attachment sanitize_url.diff added.

10/02/07 22:04:03 changed by ryan

New patch introduces sanitize_url for sanitizing on the way to the DB. Default filters for URLs use sanitize_url() when saving to DB and clean_url() when displaying.

10/03/07 16:16:56 changed by ryan

  • status changed from new to closed.
  • resolution set to fixed.

(In [6182]) Add sanitize_url. Don't convert ampersands in URLs when saving to DB. fixes #4411 for trunk

10/03/07 16:17:54 changed by ryan

(In [6183]) Add sanitize_url. Don't convert ampersands in URLs when saving to DB. fixes #4411 for 2.3

10/03/07 16:18:23 changed by ryan

  • milestone changed from 2.4 to 2.3.1.