[wp-trac] [WordPress Trac] #10859: esc_url() does not escape and renders other functions buggy.
WordPress Trac
wp-trac at lists.automattic.com
Sat Sep 26 13:02:46 UTC 2009
#10859: esc_url() does not escape and renders other functions buggy.
--------------------------+-------------------------------------------------
Reporter: hakre | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Unassigned
Component: General | Version: 2.8.4
Severity: normal | Keywords:
--------------------------+-------------------------------------------------
As written in the summary: get_image_send_to_editor() uses (as many other
functions) the function esc_url() to escape (at least that is what the
name suggests) and URI. But the function name is misleading. Because of
the (no-) implementation of any kind of escaping in esc_url() but using
clean_url() instead which filters out various characters by undocumented
principles this deletes complete valid URIs instead of encoding them.
Example URL: {{{http://192.168.2.106/wordpress-trunk/wp-
content/uploads/2009/09/Auto-na-dálkové-ovládání.jpg}}} is "escaped" into
an empty string {{{string '' (length=0)}}} when used in esc_url().
This is a Blog with an output encoding set to UTF-8.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/10859>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list