[wp-trac] [WordPress Trac] #39669: Appearance/Menu, Custom Link: bad URL value sanitation
WordPress Trac
noreply at wordpress.org
Tue Jun 6 04:01:38 UTC 2017
#39669: Appearance/Menu, Custom Link: bad URL value sanitation
--------------------------+----------------------
Reporter: TRILOS | Owner:
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: Menus | Version: 4.7.4
Severity: normal | Resolution: wontfix
Keywords: | Focuses:
--------------------------+----------------------
Changes (by welcher):
* keywords: needs-testing =>
* status: new => closed
* version: 4.7.2 => 4.7.4
* resolution: => wontfix
* milestone: Awaiting Review =>
Comment:
@TRILOS thank you for submitting this and welcome!
Please keep in mind that many of the people who contribute to WordPress
Core do so both for free and in their spare time. We can't always get to
tickets as quickly as we would like :)
This feels like this is an edge case and I am unsure of the practical use
here. If the intention is to link to an asset on the server, then that can
be accomplished by uploading said asset to the media library and using the
link provided in the Custom Menu item. Is there a use-case that cannot be
addressed by using an absolute url?
My biggest concern here is security. We'd need to bypass the `esc_url`
call in the Walker class to allow these types of URLs that is in place to
make sure the URL is safe.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/39669#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list