id,summary,reporter,owner,description,type,status,priority,milestone,component,version,severity,resolution,keywords,cc
14148,wp_get_attachment_url() is not url encoding,danorton,,"A fairly fundamental flaw, the function [http://codex.wordpress.org/Function_Reference/wp_get_attachment_url wp_get_attachment_url()] doesn't return a valid URL if the filename contains unescaped URL characters.

I'm not sure, but this might be a security issue, as the current version can generate URLs that don't match the filename, but instead passes query parameters back to the server.

The attached patch for Version 3.0 file fixes this in wp-includes/post.php
",defect (bug),new,normal,Future Release,Security,3.0,major,,has-patch needs-testing,otterish@…