Opened 12 years ago
Closed 12 years ago
#21973 closed defect (bug) (worksforme)
2 bugs in wp_enqueue_style
Reported by: | thomask | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | |
Component: | General | Keywords: | |
Focuses: | Cc: |
Description (last modified by )
Current twenty twelve theme uses wp_enqueue_style for loading google fonts and it points to two bugs in wp_enqueue_style
- it does not allow to add address without protocol. It is perfectly valid to use e.g.
//fonts.googleapis.com/css?family=Open+Sans:400italic,700italic,400,700
" and it would load http when you are running it from http server or https if you are using https. If you put this to wp_enqueue_style, it deletes one "/" from the begining and then it try to load it from 'yourserver.tld/fonts.googleapis.com/'
- it has very funny and hard to notice bug for developers - when you are using with user logged on, it works OK. But when you are looking at the web logged off, it cut everything behind the ? char, so it will try to load
http(s)://fonts.googleapis.com/css
and so in this case finishes with 404
P.S.: i set it as a blocker, because future default theme twenty twelve uses this as default (what is wrong btw., see #21972)
Change History (7)
#2
@
12 years ago
- Protocol-relative URLs are allowed in trunk. [21166] However, Twenty Twelve in trunk does not use a protocol-relative URL: http://core.trac.wordpress.org/browser/trunk/wp-content/themes/twentytwelve/functions.php?rev=21929#L118. This is for compatibility with 3.4.
- I can't reproduce this in 3.4 or trunk.
#4
@
12 years ago
Oh thank you for testing this, it was a bug in a plugin, i have reported it to its author
http://wordpress.org/support/topic/plugin-better-wp-security-better-wp-security-is-breaking-wp_enqueue_style-function?replies=1#post-3192650
#5
@
12 years ago
I can't reproduce point 1 exactly as described, but I've found a related issue.
This doesn't work:
wp_enqueue_style( 'twentytwelve-fonts', "//fonts.googleapis.com/css?family=Open+Sans:400italic,700italic,400,700", array(), null );
The colon is the culprit. wp_kses_bad_protocol()
reduces the URL to:
400italic,700italic,400,700
So esc_url()
returns an empty string:
http://core.trac.wordpress.org/browser/tags/3.4.2/wp-includes/formatting.php#L2572