Make WordPress Core

Opened 12 years ago

Closed 12 years ago

Last modified 11 years ago

#21433 closed defect (bug) (fixed)

Escaping background-image url bug in custom-header.php.

Reported by: smart1k's profile smart1k Owned by: ryan's profile ryan
Milestone: 3.5 Priority: normal
Severity: normal Version: 3.4.1
Component: Customize Keywords: has-patch
Focuses: Cc:

Description

esc_url ( header_image() ) - header_image() must be with prefix get_ to be escaped.

Attachments (2)

custom-header.php (192 bytes) - added by smart1k 12 years ago.
21433.patch (794 bytes) - added by kawauso 12 years ago.

Download all attachments as: .zip

Change History (5)

@kawauso
12 years ago

#1 @SergeyBiryukov
12 years ago

  • Milestone changed from Awaiting Review to 3.5

Also handled in #21130.

#2 @ryan
12 years ago

  • Owner set to ryan
  • Resolution set to fixed
  • Status changed from new to closed

In [21508]:

Fix display issues in the custom header screen when height is not specified. Use get_header_image() instead of header_image() so that esc_url() can do its job. Props JarretC, SergeyBiryukov, georgestephanis. fixes #21130 #21433

#13 @SergeyBiryukov
11 years ago

#21923 was marked as a duplicate.

Note: See TracTickets for help on using tickets.