[buddypress-trac] [BuddyPress Trac] #9312: Avatar AJAX responses use esc_url() instead of esc_url_raw(), breaking JavaScript URL handling
buddypress-trac
noreply at wordpress.org
Tue Dec 16 19:26:00 UTC 2025
#9312: Avatar AJAX responses use esc_url() instead of esc_url_raw(), breaking
JavaScript URL handling
--------------------------+----------------------------------
Reporter: GaryJ | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Under Consideration
Component: Core | Version:
Severity: normal | Resolution:
Keywords: needs-patch |
--------------------------+----------------------------------
Comment (by GaryJ):
Yes (screenshots of broken and fixed behaviour attached).
As you can see from the code examples, the AJAX-returned instant preview
image is originally 450px wide, with a defined crop size and crop origin,
which is then resized to be 150x150 per the default and expected layout.
Since the querystring encoding is incorrect, and the querystring is
ignored, the image shows up as the full 450x450 width (i.e. uncropped),
which means the instant preview breaks the layout.
When the querystring encoding is correct, the fresh upload neatly replaces
the existing 150x150px image.
This was experienced on a WordPress VIP site, which supports a system such
that images can be manipulated (and cached) on the fly (hence the sizing
being in the querystring args), but it would affect other hosts /
applications than do something similar.
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/9312#comment:3>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac
More information about the buddypress-trac
mailing list