Plugin Conflict – URL uses ISO Latin-1 instead of '&' character

I’m having a conflict between two non-WPMUDEV plugins. I was hoping someone could point me in the right direction. Here are the plugins:

– Tips & Tricks HQ’s eStore

– iThemes Security

When iThemes Security is activated, it changes the eStore’s checkout URL from:



Any suggestions on how to solve this would be greatly appreciated I will contact the developers, but it will take them a long time. I thought there might be a quick answer here.



  • Jude
    • DEV MAN

    Hi there @chris

    The easiest way around would be to url encode the first url (or function generating it) so iThemes does not pick up that character

    Alternately just manually replace & with %26 and hope the % is not picked up by iThemes :smiley:



  • Chris
    • The Bug Hunter

    Hi Jude,

    Thanks for your suggestions. I tried url encode and %26 … encoding actually produced %26 in the URL. Maybe I did it incorrectly as both failed. It must be & for string to work. Otherwise, the plugin returns an error.

    Here is the code that is getting altered. I have highlighted the line with the & that is getting converted. I’ve tried to insert ‘&’ via a variable, but that didn’t work.

    function wp_pg_submit_to_pppro()


    $wp_pg_bundle_config = WP_Payment_Gateway_Bundle_Config::getInstance();

    $url = $wp_pg_bundle_config->getValue(‘wp_pg_form_processing_url’:wink:;


    echo ‘You did not specify a value in the “Form Processing Page URL” field of the Payment Gateway Bundle plugin settings menu. Please fill out that field.’;








    $redirect_page = $url.$separator.’wp_pg_gateway=pppro’;

    if(isset($_REQUEST) && $_REQUEST==’1′:wink:{

    $redirect_page = $redirect_page.’&is_eStore_co=1′; // LOOK IN THIS LINE HERE


    //Send to the order processing page



    Help please! :slight_smile: Could you provide an example of url encode for the code above?

  • Chris
    • The Bug Hunter

    This was a difficult problem that it seems many people have. No matter how many ways I changed the code, it was always filtered by WP when iThemes Security was turned on. It took several hours of searching to finally find an answer. It may be a bit hackish, according to the author, but I’ll happily take it for now and move on.

    Solution: Add the following code to functions.php

    add_filter('clean_url', 'so_handle_038', 99, 3);
    function so_handle_038($url, $original_url, $_context) {
    if (strstr($url, "yourdomain.come") !== false) {
    $url = str_replace("&", "&", $url); // or $url = $original_url

    return $url;


Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.