“&” in target URL gets encoded as “&” in redirected URL

  • Resolved yshimizu

    (@yshimizu)


    1 month ago

    (I’m using machine translation, so I apologize if this is a strange expression.)

    If you set multiple parameters connected by “&” in the target URL, the “&” characters will be encoded as “&” in the redirected URL after accessing the short link.

    For example:

    1. Set https://example.com?param1=abc&param2=abc as the target URL and save the short link
    2. Access the generated short link
    3. The page displayed is as expected, but the address bar shows https://example.com?param1=abc&param2=abc

    I realize this could be solved by adding the parameters directly to the short link and enabling parameter passing, but I want to shorten URLs that contain long parameters.

    Is there a solution?
    Or is there a planned update to prevent the ‘&’ from being encoded as ‘&’?

    If the encoding is enforced for security reasons, I’ll do my best to convince the operations team.

Viewing 4 replies - 1 through 4 (of 4 total)
  • Thread Starter yshimizu

    (@yshimizu)

    1 month ago

    I found a way to resolve this by modifying a file within the plugin.
    (Of course, this is not the recommended approach.)

    By adding 'sanitize' => 'esc_url_raw' to the definition of the target_url field in includes/classes/class-meta-boxes.php, the & character will not be converted to &.

    I am not an expert, so I cannot determine whether this poses a security risk or will affect other parts of the system.
    However, since the operations team is pressing me, I will proceed with this fix at my own risk for now.

    I’m still waiting for an official response from the developers.

    Plugin Author Steve Burge

    (@stevejburge)

    1 month ago

    Thanks for the feedback, @yshimizu. We’ll include a fix for this in the next release of Shortlinks.

    Thread Starter yshimizu

    (@yshimizu)

    3 weeks ago

    @stevejburge
    I’ve confirmed that the issue was fixed in version 1.5.0.
    Thank you!

    Plugin Author Steve Burge

    (@stevejburge)

    3 weeks ago

    You’re welcome, thanks @yshimizu

    If you appreciate the plugin and support, please leave a 5-stare review to help us grow the plugin: https://ww.wp.xz.cn/support/plugin/tinypress/reviews/

Viewing 4 replies - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.