WordPress.org

Make WordPress Core

Opened 2 years ago

Closed 2 years ago

#21973 closed defect (bug) (worksforme)

2 bugs in wp_enqueue_style

Reported by: thomask Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: General Keywords:
Focuses: Cc:

Description (last modified by SergeyBiryukov)

Current twenty twelve theme uses wp_enqueue_style for loading google fonts and it points to two bugs in wp_enqueue_style

  1. it does not allow to add address without protocol. It is perfectly valid to use e.g. //fonts.googleapis.com/css?family=Open+Sans:400italic,700italic,400,700" and it would load http when you are running it from http server or https if you are using https. If you put this to wp_enqueue_style, it deletes one "/" from the begining and then it try to load it from 'yourserver.tld/fonts.googleapis.com/'
  1. it has very funny and hard to notice bug for developers - when you are using with user logged on, it works OK. But when you are looking at the web logged off, it cut everything behind the ? char, so it will try to load http(s)://fonts.googleapis.com/css and so in this case finishes with 404

P.S.: i set it as a blocker, because future default theme twenty twelve uses this as default (what is wrong btw., see #21972)

Change History (7)

comment:1 @SergeyBiryukov2 years ago

  • Description modified (diff)

comment:2 @nacin2 years ago

  1. Protocol-relative URLs are allowed in trunk. [21166] However, Twenty Twelve in trunk does not use a protocol-relative URL: http://core.trac.wordpress.org/browser/trunk/wp-content/themes/twentytwelve/functions.php?rev=21929#L118. This is for compatibility with 3.4.
  1. I can't reproduce this in 3.4 or trunk.

comment:3 @nacin2 years ago

#21972 was marked as a duplicate.

comment:5 @SergeyBiryukov2 years ago

I can't reproduce point 1 exactly as described, but I've found a related issue.

This doesn't work:

wp_enqueue_style( 'twentytwelve-fonts', "//fonts.googleapis.com/css?family=Open+Sans:400italic,700italic,400,700", array(), null );

The colon is the culprit. wp_kses_bad_protocol() reduces the URL to:

400italic,700italic,400,700

So esc_url() returns an empty string:
http://core.trac.wordpress.org/browser/tags/3.4.2/wp-includes/formatting.php#L2572

comment:6 @SergeyBiryukov2 years ago

Created #21974 for the issue from comment:5.

comment:7 @SergeyBiryukov2 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to worksforme
  • Severity changed from blocker to normal
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.