Opened 10 months ago

Closed 9 months ago

Last modified 8 months ago

#21433 closed defect (bug) (fixed)

Escaping background-image url bug in custom-header.php.

Reported by: smart1k Owned by: ryan
Priority: normal Milestone: 3.5
Component: Appearance Version: 3.4.1
Severity: normal Keywords: has-patch
Cc:

Description

esc_url ( header_image() ) - header_image() must be with prefix get_ to be escaped.

Attachments (2)

custom-header.php (192 bytes) - added by smart1k 10 months ago.
21433.patch (794 bytes) - added by kawauso 10 months ago.

Download all attachments as: .zip

Change History (5)

smart1k10 months ago

kawauso10 months ago

comment:1   SergeyBiryukov10 months ago

  • Milestone changed from Awaiting Review to 3.5

Also handled in #21130.

comment:2   ryan9 months ago

  • Owner set to ryan
  • Resolution set to fixed
  • Status changed from new to closed

In [21508]:

Fix display issues in the custom header screen when height is not specified. Use get_header_image() instead of header_image() so that esc_url() can do its job. Props JarretC, SergeyBiryukov, georgestephanis. fixes #21130 #21433

comment:13   SergeyBiryukov8 months ago

#21923 was marked as a duplicate.

Note: See TracTickets for help on using tickets.