[buddypress-trac] [BuddyPress Trac] #6952: Cover image inline CSS should use esc_url_raw() instead of esc_url() to escape attachment path.
buddypress-trac
noreply at wordpress.org
Wed Mar 9 14:58:06 UTC 2016
#6952: Cover image inline CSS should use esc_url_raw() instead of esc_url() to
escape attachment path.
---------------------------+---------------------
Reporter: DJPaul | Owner: djpaul
Type: defect (bug) | Status: closed
Priority: normal | Milestone: 2.5.1
Component: API - Avatars | Version:
Severity: normal | Resolution: fixed
Keywords: |
---------------------------+---------------------
Changes (by djpaul):
* owner: => djpaul
* status: new => closed
* resolution: => fixed
Comment:
In [changeset:"10643"]:
{{{
#!CommitTicketReference repository="" revision="10643"
Attachments: when rendering inline CSS for cover images, use `esc_url_raw`
to escape the image path.
This prevents entities such as `&` being decoded into `&`, which can
break image URLs that rely on querystring parameters for functionality.
Fixes #6952
}}}
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/6952#comment:2>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac
More information about the buddypress-trac
mailing list