[wp-trac] [WordPress Trac] #25057: MS function get_blogaddress_by_domain returns output escaped by esc_url() - should be esc_url_raw()
WordPress Trac
noreply at wordpress.org
Fri Aug 16 19:21:19 UTC 2013
#25057: MS function get_blogaddress_by_domain returns output escaped by esc_url() -
should be esc_url_raw()
--------------------------+-----------------------------
Reporter: tlovett1 | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Multisite | Version:
Severity: normal | Keywords: has-patch
--------------------------+-----------------------------
Title is pretty self-explanatory. get_blogaddress_by_domain() runs
esc_url() on it's output. get_blogaddress_by_domain() is only called once
in core:
In site-info.php:
{{{
$blog_address = get_blogaddress_by_domain( $_POST['blog']['domain'],
$_POST['blog']['path'] );
if ( get_option( 'siteurl' ) != $blog_address )
update_option( 'siteurl', $blog_address );
}}}
Since get_blogaddress_by_domain() is saved straight to the options table,
it should be using the correct sanitization function, esc_url_raw().
--
Ticket URL: <http://core.trac.wordpress.org/ticket/25057>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list