[wp-trac] [WordPress Trac] #26803: get_bloginfo() doesn't sanitize URLs, even when $filter is 'display'
WordPress Trac
noreply at wordpress.org
Mon Jan 20 04:51:52 UTC 2014
#26803: get_bloginfo() doesn't sanitize URLs, even when $filter is 'display'
--------------------------+------------------------------
Reporter: jdgrimes | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Formatting | Version: 1.5.1.1
Severity: normal | Resolution:
Keywords: 2nd-opinion |
--------------------------+------------------------------
Changes (by nacin):
* keywords: => 2nd-opinion
* component: General => Formatting
Comment:
I'd be concerned with breaking something, as esc_url() is for preparing a
URL for use in an attribute. The URL may not be used in that way. At most
we'd do esc_url_raw() but these functions don't exactly return user input.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/26803#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list