Changeset 17994 for trunk/wp-includes/theme.php

Timestamp:

05/22/2011 11:19:42 PM (15 years ago)

Author:

ryan

Message:

Sanitize guid on save and display. Sanitize mime type on save. Don't allow changing mime type via edit form handlers. Protect hidden meta.

File:

• trunk/wp-includes/theme.php (modified) (2 diffs)

trunk/wp-includes/theme.php

@@ -1441 +1441 @@
         $url = str_replace( 'https://', 'http://', $url );
 
-    return $url;
+    return esc_url_raw( $url );
 }
 
@@ -1526 +1526 @@
 
     foreach ( (array) $headers as $header ) {
-        $url = $header->guid;
+        $url = esc_url_raw( $header->guid );
         $header = basename($url);
         $header_images[$header] = array();