Skip to:
Content

BuddyPress.org

Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#6952 closed defect (bug) (fixed)

Cover image inline CSS should use esc_url_raw() instead of esc_url() to escape attachment path.

Reported by: DJPaul Owned by: djpaul
Milestone: 2.5.1 Priority: normal
Severity: normal Version:
Component: Media Keywords:
Cc:

Description

The & character in a chained set of query parameters was being escaped. I discovered this while implementing support for a Photon-like service.

Change History (4)

#1 @DJPaul
4 years ago

  • Milestone changed from Awaiting Review to 2.5.1

#2 @djpaul
4 years ago

  • Owner set to djpaul
  • Resolution set to fixed
  • Status changed from new to closed

In 10643:

Attachments: when rendering inline CSS for cover images, use esc_url_raw to escape the image path.

This prevents entities such as & being decoded into &#038, which can break image URLs that rely on querystring parameters for functionality.

Fixes #6952

#3 @djpaul
4 years ago

In 10644:

Attachments: when rendering inline CSS for cover images, use esc_url_raw to escape the image path.

This prevents entities such as & being decoded into &#038, which can break image URLs that rely on querystring parameters for functionality.

Fixes #6952 (2.5 branch)

#4 @DJPaul
4 years ago

  • Component changed from API - Avatars to Media
Note: See TracTickets for help on using tickets.