Opened 2 years ago
Last modified 2 years ago
#16408 new defect (bug)
get_bloginfo('template_url') is not returning valid URLs.
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Priority: | normal | Milestone: | Awaiting Review |
| Component: | General | Version: | 3.0.3 |
| Severity: | normal | Keywords: | |
| Cc: |
Description
There seems to be a general consensus on the #wordpress IRC channel that URLs cannot contain spaces. I agree with this, and I'm almost sure the entire internet community would to. Based on this axiom, get_bloginfo('template_url') should return URLs with spaces properly encoded, otherwise, it's not returning a valid URL, hence it's not returning a URL at all. I'm guessing that get_bloginfo('template_url') is suppose to return a URL, so this must mean that it's not currently (as of version 3.0.3) doing what it's suppose to.
As for what a properly encoded space character in a URL would be, I'm not exactly sure. I know it's either %20 or +, but I wont make the decision as to which of these it is.
If you by any chance believe that URLs *should* contain spaces, then that's another problem related to wp_enqueue_script. wp_enqueue_script removes spaces from it's URL. Again, if you think URLs should contain spaces, then wp_enqueue_script should include them.
Either way you think about it, get_bloginfo (including bloginfo) or wp_enqueue_script contains a defect. You may argue that you should not use spaces in your directory/file names to begin with, but this argument is irrelevant.
Thank you. I would appreciate this issue not being overlooked. :)
Change History (4)
- Keywords close added; spaces url template_url removed
Also, this would create a massive backwards-compatibility headache for all the people who expect get_bloginfo() to not do any escaping.
- Keywords close removed
get_bloginfo() has a $context param, bloginfo() sets this to display, non-display contexts are not filtered..
All non-url output from bloginfo() is esc_html()'d (as well as texturized), URL's are passed through a bloginfo_url filter, however, there doesn't appear to be anything attached.
comment:4
markjaquith — 2 years ago
The benefit of a simple space-to-plus filter is that it wouldn't be susceptible to accidental double-encoding.
So, what you're suggesting in other words is that get_bloginfo() call esc_url() internally.
The counter-argument to that is that usually you append something to that URL, so if you then call esc_url() yourself, you would end up with an incorrect, double-encoded, URL.