From 5f9b52df35bd2405ce204f4a22a40d3e6a5225c6 Mon Sep 17 00:00:00 2001
From: John Blackbourn <johnbillion@git.wordpress.org>
Date: Sun, 23 Jul 2017 01:05:08 +0000
Subject: [PATCH] Login and Registration: Correctly encode the redirect
 location URL when it's passed as a query parameter to the lost password URL.

Props adhun

Fixes #40728


git-svn-id: https://develop.svn.wordpress.org/trunk@41121 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-includes/general-template.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/wp-includes/general-template.php b/src/wp-includes/general-template.php
index 026d190108..087f47ad2a 100644
--- a/src/wp-includes/general-template.php
+++ b/src/wp-includes/general-template.php
@@ -492,7 +492,7 @@ function wp_login_form( $args = array() ) {
 function wp_lostpassword_url( $redirect = '' ) {
 	$args = array( 'action' => 'lostpassword' );
 	if ( !empty($redirect) ) {
-		$args['redirect_to'] = $redirect;
+		$args['redirect_to'] = urlencode( $redirect );
 	}
 
 	$lostpassword_url = add_query_arg( $args, network_site_url('wp-login.php', 'login') );