Pretty Links Version 3.0.8
Field getting mangled: Target URL
Does changing it to http://www.somesite.com/?hello=%7Bworld%7D&foo=%7Bbar%7D
allow it to work?
Curly braces are considered unsafe characters, and are not valid in URIs (see RFC 3986).
3.0.0 has many security improvements. One of which is to run all URL’s through esc_url() WordPress function.
esc_url() strips out { and } from URL’s.
It does have a filter you could use to restore the URL back to it’s original.
function restore_url_to_original($good_protocol_url, $original_url, $_context) {
return $original_url;
}
add_filter('clean_url', 'restore_url_to_original', 11, 3);
Putting that code in functions.php or in a plugin like My Custom Functions, or Code Snippets should get around it.
The brackets are processed on our end to replace them with values from the originating page’s query string, so they need to be exact.
We can’t change our formatting, as we run a large number of sites, each with thousands of pretty links that we’ve built over many years using this plugin, so we need a future-proof solution.
Any chance of making this a toggleable feature in the plugin settings moving forward? We work with a number of solutions that address dynamic parameters in URLs using french brackets, so this is not really that much of an edge case.
For now I’ll try adding the filter to our new site.
Would adding this filter to sites that are running an older version of your plugin cause any issues? If possible I’d like to update our codebase with the filter prior to updating those plugins. Otherwise we’ll have to time the plugin update with a new build.
Thanks for the help!
@exavior the filter will not affect older versions of pretty links. So that should be just fine.
Thanks, that code did the trick on our new site, so we should be able to launch it without having to roll back the plugin.
I’ll start implementing that snipit on all our production sites on Monday so our maintenance team can move forward with scheduled plugin updates without having our sites stop functioning.
Thanks again for the quick replies and support. Really appreciate it! (can’t possibly stress that enough, we averted a major financial disaster. Had that gone into production )