[wp-trac] [WordPress Trac] #14148: wp_get_attachment_url() is not url encoding
WordPress Trac
noreply at wordpress.org
Sun Apr 2 20:26:14 UTC 2017
#14148: wp_get_attachment_url() is not url encoding
-------------------------------------------------+-------------------------
Reporter: danorton | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Future
Component: Security | Release
Severity: major | Version: 3.0
Keywords: has-patch needs-testing dev- | Resolution:
feedback | Focuses:
-------------------------------------------------+-------------------------
Comment (by nevis2us):
Replying to [comment:8 Mte90]:
> The code in this years it's changed so the patch for `post.php` I
changed approach with an encoding after the generation of the url itself.
IMHO this is the right approach but php urlencode can't be used to encode
the whole url.
An equivalent of javascript encodeURI is needed here.
https://developer.mozilla.org/en-
US/docs/Web/JavaScript/Reference/Global_Objects/encodeURI.
eg
{{{
function encodeURI ($uri) {
$revert = array (
// reserved characters
"%3B" => ";", "%2C" => ",", "%2F" => "/", "%3F" => "?",
"%3A" => ":",
"%40" => "@", "%26" => "&", "%3D" => "=", "%2B" => "+",
"%24" => "$",
// unescaped characters
"%2D" => "-", "%5F" => "_", "%2E" => ".", "%21" => "!",
"%7E" => "~",
"%2A" => "*", "%27" => "'", "%28" => "(", "%29" => ")",
// number sign
"%23" => "#"
);
return strtr (rawurlencode ($uri), $revert);
}
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/14148#comment:9>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list