[wp-trac] [WordPress Trac] #14148: wp_get_attachment_url() is not url encoding
WordPress Trac
wp-trac at lists.automattic.com
Wed Jun 30 00:02:26 UTC 2010
#14148: wp_get_attachment_url() is not url encoding
--------------------------+-------------------------------------------------
Reporter: danorton | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 3.0
Severity: major | Keywords: url, query
--------------------------+-------------------------------------------------
A fairly fundamental flaw, the function
[http://codex.wordpress.org/Function_Reference/wp_get_attachment_url
wp_get_attachment_url()] doesn't return a valid URL if the filename
contains unescaped URL characters.
I'm not sure, but this might be a security issue, as the current version
can generate URLs that don't match the filename, but instead passes query
parameters back to the server.
The attached patch for Version 3.0 file fixes this in wp-includes/post.php
--
Ticket URL: <http://core.trac.wordpress.org/ticket/14148>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list