WordPress.org

Make WordPress Core

Opened 10 years ago

Closed 7 years ago

Last modified 7 years ago

#16408 closed defect (bug) (wontfix)

get_bloginfo('template_url') is not returning valid URLs.

Reported by: figaroo Owned by:
Milestone: Priority: normal
Severity: normal Version: 3.0.3
Component: General Keywords:
Focuses: Cc:

Description

There seems to be a general consensus on the #wordpress IRC channel that URLs cannot contain spaces. I agree with this, and I'm almost sure the entire internet community would to. Based on this axiom, get_bloginfo('template_url') should return URLs with spaces properly encoded, otherwise, it's not returning a valid URL, hence it's not returning a URL at all. I'm guessing that get_bloginfo('template_url') is suppose to return a URL, so this must mean that it's not currently (as of version 3.0.3) doing what it's suppose to.

As for what a properly encoded space character in a URL would be, I'm not exactly sure. I know it's either %20 or +, but I wont make the decision as to which of these it is.

If you by any chance believe that URLs *should* contain spaces, then that's another problem related to wp_enqueue_script. wp_enqueue_script removes spaces from it's URL. Again, if you think URLs should contain spaces, then wp_enqueue_script should include them.

Either way you think about it, get_bloginfo (including bloginfo) or wp_enqueue_script contains a defect. You may argue that you should not use spaces in your directory/file names to begin with, but this argument is irrelevant.

Thank you. I would appreciate this issue not being overlooked. :)

Change History (6)

#1 @scribu
10 years ago

So, what you're suggesting in other words is that get_bloginfo() call esc_url() internally.

The counter-argument to that is that usually you append something to that URL, so if you then call esc_url() yourself, you would end up with an incorrect, double-encoded, URL.

#2 @scribu
10 years ago

  • Keywords close added; spaces url template_url removed

Also, this would create a massive backwards-compatibility headache for all the people who expect get_bloginfo() to not do any escaping.

#3 @dd32
10 years ago

  • Keywords close removed

get_bloginfo() has a $context param, bloginfo() sets this to display, non-display contexts are not filtered..

All non-url output from bloginfo() is esc_html()'d (as well as texturized), URL's are passed through a bloginfo_url filter, however, there doesn't appear to be anything attached.

#4 @markjaquith
10 years ago

The benefit of a simple space-to-plus filter is that it wouldn't be susceptible to accidental double-encoding.

#5 @c3mdigital
7 years ago

  • Resolution set to wontfix
  • Status changed from new to closed

urls should be escaped on output to prevent double-encoding.

#6 @markoheijnen
7 years ago

  • Milestone Awaiting Review deleted

Clearing out the milestones for closed tickets on Awaiting Review

Note: See TracTickets for help on using tickets.