[buddypress-trac] [BuddyPress Trac] #6952: Cover image inline CSS should use esc_url_raw() instead of esc_url() to escape attachment path.

buddypress-trac noreply at wordpress.org
Wed Mar 9 14:58:06 UTC 2016


#6952: Cover image inline CSS should use esc_url_raw() instead of esc_url() to
escape attachment path.
---------------------------+---------------------
 Reporter:  DJPaul         |       Owner:  djpaul
     Type:  defect (bug)   |      Status:  closed
 Priority:  normal         |   Milestone:  2.5.1
Component:  API - Avatars  |     Version:
 Severity:  normal         |  Resolution:  fixed
 Keywords:                 |
---------------------------+---------------------
Changes (by djpaul):

 * owner:   => djpaul
 * status:  new => closed
 * resolution:   => fixed


Comment:

 In [changeset:"10643"]:
 {{{
 #!CommitTicketReference repository="" revision="10643"
 Attachments: when rendering inline CSS for cover images, use `esc_url_raw`
 to escape the image path.

 This prevents entities such as `&` being decoded into `&#038`, which can
 break image URLs that rely on querystring parameters for functionality.

 Fixes #6952
 }}}

--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/6952#comment:2>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac


More information about the buddypress-trac mailing list