[wp-trac] [WordPress Trac] #14148: wp_get_attachment_url() is not url encoding

WordPress Trac noreply at wordpress.org
Fri Oct 12 14:18:01 UTC 2018

#14148: wp_get_attachment_url() is not url encoding
 Reporter:  danorton                             |       Owner:  (none)
     Type:  defect (bug)                         |      Status:  new
 Priority:  normal                               |   Milestone:  Future
                                                 |  Release
Component:  Security                             |     Version:  3.0
 Severity:  major                                |  Resolution:
 Keywords:  has-patch needs-testing dev-         |     Focuses:
  feedback needs-unit-tests needs-refresh        |

Comment (by nevis2us):

 This patch assumes only base names may contain characters which need to be
 encoded. What about directory names? This may not be the case with
 wordpress attachments but why reinvent the wheel? There's a (client-side)
 standard function which can be safely applied to the whole URI and spare
 the trouble of handling URI components separately.

 BTW there's a number of similar issues in functions like
 image_get_intermediate_size and image_downsize.

Ticket URL: <https://core.trac.wordpress.org/ticket/14148#comment:18>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list