Opened 2 years ago
Closed 23 months ago
#2496 closed defect (fixed)
Support slashes in slug settings
Reported by: | mordauk | Owned by: | |
---|---|---|---|
Milestone: | 2.5.4 | Priority: | highest |
Severity: | normal | Version: | 2.1 |
Component: | API - Rewrite Rules | Keywords: | |
Cc: | pippin@… |
Description
Scenario: a site needs to have forum user profiles set to forums/membership-services/view-profile/{username}
Problem: in order to do this (without modifying the URLs via a filter) the user needs to set User Base slug to membership-services/view-profile, except bbPress strips slashes from these fields.
It'd be great to be able to set bbPress URLs that contain an extra level.
Attachments (1)
Change History (10)
#3
@johnjamesjacoby
2 years ago
sanitize_text_field() does not strip enough out. It allows unsafe URL characters, causing 404's.
We need a function that explode()'s by / and calls a number of sanitization's on each chunk in the string.
#4
@johnjamesjacoby
2 years ago
- Milestone changed from Awaiting Review to 2.7
#6
@johnjamesjacoby
23 months ago
- Milestone changed from 2.7 to 2.5.4
- Priority changed from normal to highest
- Type changed from enhancement to defect
- Version changed from trunk to 2.1
Turns out a somewhat urgent fix is necessary here, so moving to 2.5.4.
#7
@johnjamesjacoby
23 months ago
In 5365:
#8
@johnjamesjacoby
23 months ago
In 5366:
#9
@johnjamesjacoby
23 months ago
- Resolution set to fixed
- Status changed from new to closed
Marking as resolved. Will release 2.5.4 later today.
Currently the slugs are all passed through sanitize_title() for the sanitize_callback. We can support slashes by passing it through sanitize_text_field() instead.
I've tested this and it does work by simply changing sanitize_title() to sanitize_text_field(). Are there any draw backs to doing this?