[wp-trac] [WordPress Trac] #14148: wp_get_attachment_url() is not url encoding

WordPress Trac noreply at wordpress.org
Sat Oct 13 16:01:56 UTC 2018

#14148: wp_get_attachment_url() is not url encoding
 Reporter:  danorton                             |       Owner:  (none)
     Type:  defect (bug)                         |      Status:  new
 Priority:  normal                               |   Milestone:  Future
                                                 |  Release
Component:  Security                             |     Version:  3.0
 Severity:  major                                |  Resolution:
 Keywords:  has-patch needs-testing dev-         |     Focuses:
  feedback needs-unit-tests needs-refresh        |

Comment (by nevis2us):

 Replying to [comment:20 Mte90]:
 > Cna you share the code of your custom plugin?
 > So we can understand better how to handle it.

 Sure, I can share the relevant parts of the code:

 add_filter("wp_get_attachment_url", "<namespace>_wp_get_attachment_url",
 90, 2);

 function <namespace>_wp_get_attachment_url($url, $post_id)      {
         return encodeURI($url);

 The code for encodeURI() can be found in comment:9 above.

 This is what a plugin dev can use if he needs this bug fixed ASAP before
 the relevant patches make it to the core. But fixing this and similar
 issues in the core or in a filter may break existing 3rd party code. I
 don't use 3rd party plugins on my sites so it works for me.

 > Cna you share also an image already existing with the issues on the

 If I got you right:

 The function wp_get_attachment_url() doesn't return a valid URL if the
 filename contains UTF-8 characters.


 ||attachment filename||.../wp-
 ||wp_get_attachment_url() returns||.../wp-
 ||valid URL||.../wp-

Ticket URL: <https://core.trac.wordpress.org/ticket/14148#comment:21>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list