[wp-trac] [WordPress Trac] #38987: Twenty Seventeen: Use of wrong function when escaping font url
WordPress Trac
noreply at wordpress.org
Tue Nov 29 23:09:11 UTC 2016
#38987: Twenty Seventeen: Use of wrong function when escaping font url
---------------------------+----------------------------
Reporter: davidakennedy | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 4.7
Component: Bundled Theme | Version: trunk
Severity: normal | Keywords: good-first-bug
Focuses: |
---------------------------+----------------------------
See: https://wordpress.slack.com/archives/core-themes/p1480445730000676
{{{
/**
* Register custom fonts.
*/
function twentyseventeen_fonts_url() {
$fonts_url = '';
/**
* Translators: If there are characters in your language that are not
* supported by Libre Franklin, translate this to 'off'. Do not
translate
* into your own language.
*/
$libre_franklin = _x( 'on', 'Libre Franklin font: on or off',
'twentyseventeen' );
if ( 'off' !== $libre_franklin ) {
$font_families = array();
$font_families[] = 'Libre
Franklin:300,300i,400,400i,600,600i,800,800i';
$query_args = array(
'family' => urlencode( implode( '|', $font_families ) ),
'subset' => urlencode( 'latin,latin-ext' ),
);
$fonts_url = add_query_arg( $query_args,
'https://fonts.googleapis.com/css' );
}
return esc_url_raw( $fonts_url );
}
}}}
`return esc_url_raw( $fonts_url );` should be `return esc_url( $fonts_url
);`
That function is more appropriate for the intended output here.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/38987>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list