[wp-trac] [WordPress Trac] #24417: get_the_post_format_url() should not escape data

WordPress Trac noreply at wordpress.org
Sat May 25 04:19:20 UTC 2013


#24417: get_the_post_format_url() should not escape data
--------------------------+------------------------------
 Reporter:  tollmanz      |       Owner:
     Type:  defect (bug)  |      Status:  new
 Priority:  normal        |   Milestone:  Awaiting Review
Component:  Post Formats  |     Version:  trunk
 Severity:  normal        |  Resolution:
 Keywords:                |
--------------------------+------------------------------

Comment (by tollmanz):

 The patch removes the use of `esc_url_raw()` in
 `get_the_post_format_url()`.

 `get_the_post_format_url()` is used once in Twenty Eleven, once in Twenty
 Thirteen, and once in WordPress core. In each instance, the data is
 escaped after the function is used. Removing the escaping within the
 function itself should not leave any data ultimately unescaped.

 Note that if my patch in #24416 is accepted, there may be an additional
 `esc_url_raw()` usage that would need to be removed.

--
Ticket URL: <http://core.trac.wordpress.org/ticket/24417#comment:1>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list