WordPress.org

Make WordPress Core

Opened 7 years ago

Closed 7 years ago

Last modified 7 years ago

#21433 closed defect (bug) (fixed)

Escaping background-image url bug in custom-header.php.

Reported by: smart1k Owned by: ryan
Milestone: 3.5 Priority: normal
Severity: normal Version: 3.4.1
Component: Customize Keywords: has-patch
Focuses: Cc:

Description

esc_url ( header_image() ) - header_image() must be with prefix get_ to be escaped.

Attachments (2)

custom-header.php (192 bytes) - added by smart1k 7 years ago.
21433.patch (794 bytes) - added by kawauso 7 years ago.

Download all attachments as: .zip

Change History (5)

@smart1k
7 years ago

@kawauso
7 years ago

#1 @SergeyBiryukov
7 years ago

  • Milestone changed from Awaiting Review to 3.5

Also handled in #21130.

#2 @ryan
7 years ago

  • Owner set to ryan
  • Resolution set to fixed
  • Status changed from new to closed

In [21508]:

Fix display issues in the custom header screen when height is not specified. Use get_header_image() instead of header_image() so that esc_url() can do its job. Props JarretC, SergeyBiryukov, georgestephanis. fixes #21130 #21433

#13 @SergeyBiryukov
7 years ago

#21923 was marked as a duplicate.

Note: See TracTickets for help on using tickets.