WordPress.org

Make WordPress Core

Changeset 23633


Ignore:
Timestamp:
03/07/13 05:30:00 (14 months ago)
Author:
SergeyBiryukov
Message:

Always escape the URL echoed by header_image(). fixes #23664.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/theme.php

    r23467 r23633  
    982982 
    983983/** 
    984  * Display header image path. 
     984 * Display header image URL. 
    985985 * 
    986986 * @since 2.1.0 
    987987 */ 
    988988function header_image() { 
    989     echo get_header_image(); 
     989    echo esc_url( get_header_image() ); 
    990990} 
    991991 
Note: See TracChangeset for help on using the changeset viewer.