Sanitize slash problem

  • wesse250

    (@wesse250)


    4 years, 8 months ago

    Hello,

    When i fill in a destination url. Then WP is removing the slashes (%2F) from my url.

    When this happens url’s aren’t working anymore.

    Can somebody help me please?

    In the file form-process.php i find this:

    $destination = sanitize_text_field($_POST['destination']);

    update_post_meta($this_post_id, 'coupon_aff_url', esc_url( $destination) );

    And in template submit i find these code:

    <p><label for="destination"><?php _e('Destination URL', 'junkie'); ?></label><input type="text" name="destination" id="destination" value="<?php echo $destination; ?>" placeHolder="http://www.mysite.com/?affid=123" ></p>

    Example affiliate url = domain.com/markt/?tt=12345_12_123456_&r=%2Fwonen-deco%2Fbloemen-decoratie%2Fkunstbloemen

    • This topic was modified 4 years, 8 months ago by wesse250.
Viewing 3 replies - 1 through 3 (of 3 total)
  • Jacob Peattie

    (@jakept)

    4 years, 8 months ago

    It looks like you’re using a plugin, as WordPress has no fields like this. Therefore it’s the plugin who is sanitising your URL. That being said, removing / characters from the URL and replacing them with %2F is the proper way to sanitise a URL, as / characters are now allowed in query strings in URLs.

    Are you saying that the plugin is removing /, and replacing them with %2F? Or are you saying that the plugin is removing %2F. It’s not clear from your question whether the URL you included is the ‘before’ or ‘after’.

    Thread Starter wesse250

    (@wesse250)

    4 years, 8 months ago

    Hello,

    Thanks for your reaction.

    The plugin is removing %2F.

    When entering this url:

    mydomain.com/markt/?tt=24596_12_168281_&r=%2Fwonen-deco%2Fbloemen-decoratie%2Fkunstbloemen

    After saving the url looks like this:

    mydomain.com/markt/?tt=24596_12_239899_&r=wonen-decobloemen-decoratiekunstbloemen

    Jacob Peattie

    (@jakept)

    4 years, 8 months ago

    So I checked and this appears to be the result of sanitize_text_field(). So the issue is that the original plugin is using an inappropriate function for sanitising URLs. You will need to contact the author about this issue.

    You could edit the plugin to remove that line, as esc_url() should be sufficient, but any changes you make will be erased if the plugin is updated, so the best solution is to get the plugin author to fix it.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Sanitize slash problem’ is closed to new replies.

Tags