Make WordPress Core

Opened 21 months ago

Closed 20 months ago

Last modified 19 months ago

#21433 closed defect (bug) (fixed)

Escaping background-image url bug in custom-header.php.

Reported by: smart1k Owned by: ryan
Milestone: 3.5 Priority: normal
Severity: normal Version: 3.4.1
Component: Appearance Keywords: has-patch
Focuses: Cc:


esc_url ( header_image() ) - header_image() must be with prefix get_ to be escaped.

Attachments (2)

custom-header.php (192 bytes) - added by smart1k 21 months ago.
21433.patch (794 bytes) - added by kawauso 21 months ago.

Download all attachments as: .zip

Change History (5)

smart1k21 months ago

kawauso21 months ago

comment:1 SergeyBiryukov21 months ago

  • Milestone changed from Awaiting Review to 3.5

Also handled in #21130.

comment:2 ryan20 months ago

  • Owner set to ryan
  • Resolution set to fixed
  • Status changed from new to closed

In [21508]:

Fix display issues in the custom header screen when height is not specified. Use get_header_image() instead of header_image() so that esc_url() can do its job. Props JarretC, SergeyBiryukov, georgestephanis. fixes #21130 #21433

comment:13 SergeyBiryukov19 months ago

#21923 was marked as a duplicate.

Note: See TracTickets for help on using tickets.