Skip to:
Content

BuddyPress.org

Changeset 10644


Ignore:
Timestamp:
03/09/2016 02:58:35 PM (5 years ago)
Author:
djpaul
Message:

Attachments: when rendering inline CSS for cover images, use esc_url_raw to escape the image path.

This prevents entities such as & being decoded into &#038, which can break image URLs that rely on querystring parameters for functionality.

Fixes #6952 (2.5 branch)

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/2.5/src/bp-core/bp-core-cssjs.php

    r10613 r10644  
    438438
    439439        $inline_css = call_user_func_array( $params['callback'], array( array(
    440             'cover_image' => esc_url( $cover_image ),
     440            'cover_image' => esc_url_raw( $cover_image ),
    441441            'component'   => sanitize_key( $cover_image_object['component'] ),
    442442            'object_id'   => (int) $cover_image_object['object']->id,
Note: See TracChangeset for help on using the changeset viewer.