WordPress.org

Make WordPress Core

#21923 closed defect (bug) (duplicate)

Bug with esc_url() and header_image() in custom-header.php

Reported by: v-media Owned by:
Milestone: Priority: normal
Severity: minor Version: 3.4.2
Component: Appearance Keywords:
Focuses: Cc:

Description

Just found this in custom-header.php, line 514:

... background-image:url(<?php esc_url ( header_image() ) ?>) ...

This will not work as expected, because header_image() echo's a link and returns nothing.

The issue can be fixed by the following:

... background-image:url(<?php echo esc_url ( get_header_image() ) ?>) ...

p.s. Further investigation shows that header_image() echo's a link without any escaping, while get_header_image() escapes the url for DB usage. I'm not sure if echo'ing previously escaped-for-db link is a desired behavior.

Change History (1)

comment:1 SergeyBiryukov19 months ago

  • Component changed from General to Appearance
  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed

Duplicate of #21433, fixed in [21508].

Note: See TracTickets for help on using tickets.