Skip to content

InteractionsController: Remove URL escaping of redirect_url #1819

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
pfefferle merged 3 commits into from
Jun 15, 2025
Merged

InteractionsController: Remove URL escaping of redirect_url #1819

pfefferle merged 3 commits into from
Jun 15, 2025

Conversation

@akirk
Copy link
Member

@akirk akirk commented Jun 15, 2025
edited
Loading

If the redirect URL contains an ampersand, this gets wrongly escaped in the redirect.

Proposed changes:

  • The esc_url is not needed.

Other information:

  • Have you written new tests for your changes, if applicable?

Testing instructions:

Use the Friends plugin with akirk/friends#544 and notice that the redirect URL contains a #038 instead of an ampersand.

Without this fix, the tests fail like this:

1) Activitypub\Tests\Rest\Test_Interaction_Controller::test_get_item_custom_follow_url
Failed asserting that two strings are equal.
--- Expected
+++ Actual
@@ @@
-'https://custom-follow-or-reply-url.com/?a=b&c=d'
+'https://custom-follow-or-reply-url.com/?a=b&c=d'

tests/includes/rest/class-test-interaction-controller.php:114

2) Activitypub\Tests\Rest\Test_Interaction_Controller::test_get_item_custom_reply_url
Failed asserting that two strings are equal.
--- Expected
+++ Actual
@@ @@
-'https://custom-follow-or-reply-url.com/?a=b&c=d'
+'https://custom-follow-or-reply-url.com/?a=b&c=d'

tests/includes/rest/class-test-interaction-controller.php:146

Changelog entry

  • Automatically create a changelog entry from the details below.
InteractionsController: Remove URL escaping of redirect_url

Significance

  • Patch
  • Minor
  • Major

Type

  • Added - for new features
  • Changed - for changes in existing functionality
  • Deprecated - for soon-to-be removed features
  • Removed - for now removed features
  • Fixed - for any bug fixes
  • Security - in case of vulnerabilities

Message

Allow interaction redirect URLs that contain an ampersand.

@akirk akirk mentioned this pull request Jun 15, 2025
Merged
@pfefferle pfefferle merged commit 33c51a0 into trunk Jun 15, 2025
11 checks passed
@pfefferle pfefferle deleted the fix-interaction-redirect branch June 15, 2025 17:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pfefferle pfefferle pfefferle approved these changes

Assignees

No one assigned

Labels

[Feature] REST API

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@akirk @pfefferle @matticbot