Clean up Donor search results URLs

[kevinwhoffman]

Issue Overview

When searching for Donors, the search results URLs contain _wpnonce and _wp_http_referer query args. These args should be removed prior to redirection.

Example URL for Search Results from Donor Reports Tab

http://give.dev/wp-admin/edit.php?_wpnonce=577d19d542&_wp_http_referer=%2Fwp-admin%2Fedit.php%3Fpost_type%3Dgive_forms%26page%3Dgive-reports%26tab%3Ddonors&s=test&paged=1&post_type=give_forms&page=give-reports&tab=donors

Expected Behavior

The search results URL should not contain _wpnonce and _wp_http_referer query args.

Current Behavior

_wpnonce and _wp_http_referer query args are present in search results URLs. The _wp_http_referer query arg compounds in length with each successive search.

Possible Solution

I looked into how WP core handles nonce fields during a search query, and I found that those arguments are removed in edit.php prior to redirecting to search results. Here are the relevant lines: https://github.com/WordPress/WordPress/blob/master/wp-admin/edit.php#L175-L178

I tried placing that same code at the top of reports.php:

if ( ! empty($_REQUEST['_wp_http_referer']) ) {
     wp_redirect( remove_query_arg( array('_wp_http_referer', '_wpnonce'), wp_unslash($_SERVER['REQUEST_URI']) ) );
     exit;
}

However, that code results in Fatal error: Uncaught Error: Call to undefined function wp_redirect().

We should determine if the nonce field is even serving a purpose here, or alternatively find a way to remove the query args from the URL.

Steps to Reproduce (for bugs)

1. Visit Reports > Donors tab in Give 1.8.0.
2. Submit a search query in the top-right corner.
3. Note the query _wpnonce and _wp_http_referer query args in the URL.
4. Submit another search query an notice the _wp_http_referer compounds in length.

Todos

• Determine if the nonce field serves a purpose in this context. @DevinWalker

[ravinderk]

@DevinWalker I found that we have the same issue on donor page and donor tab under report page.