Login and Registration: Correctly encode the redirect location URL when it's passed as a query parameter to the lost password URL.

Props adhun Fixes #40728 git-svn-id: https://develop.svn.wordpress.org/trunk@41121 602fd350-edb4-49c9-b593-d223f7449a82
2017-07-23 01:05:08 +00:00 · 2017-07-23 01:05:08 +00:00 · 5f9b52df35
commit 5f9b52df35
parent 384ac2a367
1 changed files with 1 additions and 1 deletions
--- a/src/wp-includes/general-template.php
+++ b/src/wp-includes/general-template.php
@ -492,7 +492,7 @@ function wp_login_form( $args = array() ) {
 function wp_lostpassword_url( $redirect = '' ) {
 	$args = array( 'action' => 'lostpassword' );
 	if ( !empty($redirect) ) {
-		$args['redirect_to'] = $redirect;
+		$args['redirect_to'] = urlencode( $redirect );
 	}

 	$lostpassword_url = add_query_arg( $args, network_site_url('wp-login.php', 'login') );