#4411 closed defect (bug) (fixed)
clean_url() should not encode ampersands on the way to the db
Reported by: | ryan | Owned by: | ryan |
---|---|---|---|
Milestone: | 2.3.1 | Priority: | normal |
Severity: | normal | Version: | 2.2 |
Component: | Administration | Keywords: | has-patch |
Focuses: | Cc: |
Description
clean_url() replaces ampersands with &. This is fine when the url is being echoed, but not when the url is being saved to the db. If the encoded url is fetched from the db and passed to parse_url(), parse_url() will think the # denotes a fragment. clean_url() needs context to know whether the url should be prepared for display or save. Attached patch adds a context arg to clean_url() and uses it in widgets. We'll probably need to have a separate function to clean urls for the db so that it can be used in filters that expect the callback function to take one argument. clean_url calls for author, link, and link RSS urls need to be audited.
Attachments (2)
Change History (7)
Note: See
TracTickets for help on using
tickets.
New patch introduces sanitize_url for sanitizing on the way to the DB. Default filters for URLs use sanitize_url() when saving to DB and clean_url() when displaying.