id,summary,reporter,owner,description,type,status,priority,milestone,component,version,severity,resolution,keywords,cc
10859,esc_url() does not escape and renders other functions buggy.,hakre,,"As written in the summary: get_image_send_to_editor() uses (as many other functions) the function esc_url() to escape (at least that is what the name suggests) and URI. But the function name is misleading. Because of the (no-) implementation of any kind of escaping in esc_url() but using clean_url() instead which filters out various characters by undocumented principles this deletes complete valid URIs instead of encoding them.

Example URL: {{{http://192.168.2.106/wordpress-trunk/wp-content/uploads/2009/09/Auto-na-dálkové-ovládání.jpg}}} is ""escaped"" into an empty string {{{string '' (length=0)}}} when used in esc_url().

This is a Blog with an output encoding set to UTF-8.

",defect (bug),closed,normal,2.9,General,2.8.4,major,fixed,,