[wp-trac] [WordPress Trac] #41349: Media Library insert from URL doesn't give a message when a URL fails check

WordPress Trac noreply at wordpress.org
Wed Jun 25 14:23:12 UTC 2025 

#41349: Media Library insert from URL doesn't give a message when a URL fails check
-------------------------------------+------------------------------
 Reporter:  karmatosed               |       Owner:  (none)
     Type:  defect (bug)             |      Status:  new
 Priority:  normal                   |   Milestone:  Awaiting Review
Component:  Media                    |     Version:
 Severity:  normal                   |  Resolution:
 Keywords:  ux-feedback needs-patch  |     Focuses:
-------------------------------------+------------------------------
Changes (by callumbw95):

 * keywords:  ux-feedback => ux-feedback needs-patch


Comment:

 Hi @karmatosed,

 I have taken a look at this in the current state of WordPress, and whilst
 the steps to do this have changed within the block editor I can still
 replicate this issue today. As of such I have put in a bug report of the
 steps I took, which are very similar to your own.

 == Bug Report
 === Description
 When adding an image to a page / post within the block editor there is no
 validation on the submitted url when inserting the image from a url. As of
 such this leads to broken image elements on the front end.

 === Environment
 - WordPress: 6.9-alpha-60093-src
 - PHP: 8.4.7
 - Server: nginx/1.27.5
 - Database: mysqli (Server: 8.0.40 / Client: mysqlnd 8.4.7)
 - Browser: Chrome 137.0.0.0
 - OS: macOS
 - Theme: Twenty Seventeen 3.9
 - MU Plugins: None activated
 - Plugins:
   * Test Reports 1.2.0

 === Steps to Reproduce
 1. Create a new post.
 2. Add in the image block to the page content.
 3. Click insert from url
 4. Enter an incorrect url, e.g. https://test
 x. 🐞 Bug occurs.

 === Expected Results
 1.  ✅ Entering an incorrect/malformed url should flag up an error.

 === Actual Results
 1.  ❌ The url was accepted and past that no checks where performed to see
 if the url was actually correct. These checks could be in the form of
 regex to confirm the url is formatted correctly, or a mime check on the
 returned data from fetching the url.

 === Additional Notes
 Whilst there technically isn't much of an issue to the front end user, it
 does make sense to add a level of validation here so the user is aware of
 the issue sooner rather than later. If they do put in a malformed image
 url they will be able to see this very quickly within the editor / on the
 page, as the image will not display correctly, but we should be informing
 them at the point of entry, as opposed to later down the line.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/41349#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list