X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/58f607a1de715c9bca69340a4d6fb9e1b9c2bed2..a01a150d87a096c70b6ec80332b7ce89c943eefe:/wp-includes/formatting.php

diff --git a/wp-includes/formatting.php b/wp-includes/formatting.php
index 58c826f9..3d203e6f 100644
--- a/wp-includes/formatting.php
+++ b/wp-includes/formatting.php
@@ -2236,7 +2236,8 @@ function esc_url( $url, $protocols = null, $_context = 'display' ) {
 
 	// Replace ampersands and single quotes only when displaying.
 	if ( 'display' == $_context ) {
-		$url = preg_replace('/&([^#])(?![a-z]{2,8};)/', '&$1', $url);
+		$url = wp_kses_normalize_entities( $url );
+		$url = str_replace( '&', '&', $url );
 		$url = str_replace( "'", ''', $url );
 	}