[wp-trac] [WordPress Trac] #14148: wp_get_attachment_url() is not url encoding
WordPress Trac
noreply at wordpress.org
Fri Oct 12 14:18:01 UTC 2018
#14148: wp_get_attachment_url() is not url encoding
-------------------------------------------------+-------------------------
Reporter: danorton | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Future
| Release
Component: Security | Version: 3.0
Severity: major | Resolution:
Keywords: has-patch needs-testing dev- | Focuses:
feedback needs-unit-tests needs-refresh |
-------------------------------------------------+-------------------------
Comment (by nevis2us):
This patch assumes only base names may contain characters which need to be
encoded. What about directory names? This may not be the case with
wordpress attachments but why reinvent the wheel? There's a (client-side)
standard function which can be safely applied to the whole URI and spare
the trouble of handling URI components separately.
BTW there's a number of similar issues in functions like
image_get_intermediate_size and image_downsize.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/14148#comment:18>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list