'How to get rid of ampersand using WP Nonce URL and WP Redirect or PHP header

My code was working fine:

$registrado = "no";

$redirect_url = site_url( "/pedido-nao-recebido/?mpms2pagarme=retorno&codigo=nao200&mensagem=oui&registrado=$registrado");      

wp_redirect($redirect_url);

exit;

With this, I was being redirected to

http://s16138.p360.sites.pressdns.com/pedido-nao-recebido/?mpms2pagarme=retorno&codigo=nao200&mensagem=oui&registrado=no.

Exactly what I need.

Then I decided to take a security measure, with wp_nonce_url.

$registrado = "no";

$redirect_url = site_url( "/pedido-nao-recebido/?mpms2pagarme=retorno&codigo=nao200&mensagem=oui&registrado=$registrado");      

//WP Nonce (security measure)
$nonce_redirect_url = wp_nonce_url( $redirect_url, 'pedido-nao-recebido', 'mpms2nonce' );

wp_redirect($nonce_redirect_url);

exit;

Now I get this URL:

http://s16138.p360.sites.pressdns.com/pedido-nao-recebido/?mpms2pagarme=retorno&codigo=nao200&mensagem=oui&registrado=no&mpms2nonce=aeb5ba40d2.

Because of these amp;, my code is broke and browser gives me a The s16138.p360.sites.pressdns.com page isn’t working. There is a script on the redirected page that is not running. It goes like this:

//If it is not a subscription request, abort...  
if ( !isset( $_GET['mpms2pagarme'] ) || 'retorno' != $_GET['mpms2pagarme'] || !isset( $_GET['codigo'] ) || !isset( $_GET['mensagem'] )  ) {  
    return;  
}

//Checking WP Nonce
check_admin_referer( 'pedido-nao-recebido', 'mpms2nonce' );

(...)

I tried using php header function instead of wp_redirect, but the same happened (ampersand). I tried also esc_url, esc_url_raw, urlencode...with no success.

Strange thing...wp_redirect (or header) only works for me without wp_nonce_url. Should I get rid of the latter? Any other solution?

Thanks in advance.

phpwordpressredirect


Solution 1:[1]

You can use html_entity_decode() to convert & back to &

Solution 2:[2]

The string is being url encoded somewhere along the way

you can decode it with urldecode

wp_redirect(urldecode($nonce_redirect_url));

Solution 3:[3]

I hope this still helps someone:

 // This will return the url with & 
 // pedido-nao-recebido/?mpms2pagarme=retorno&codigo=nao200&mensagem=oui&registrado=no&pedido-nao-recebido=noncevaluehere
    
    echo add_query_arg( 'pedido-nao-recebido', wp_create_nonce( 'mpms2nonce' ), $redirect_url );

Taken from the comment below: https://developer.wordpress.org/reference/functions/wp_nonce_url/#comment-1927

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 contrid
Solution 2 andrew
Solution 3 user2449529

Related Questions